Jump to content

Archived

This topic is now archived and is closed to further replies.

perezf

Question on how i got hacked

Recommended Posts

hello my website got hacked >:( and i was told they did this using a post in php
they wrote a file to my server directory they added an index.html to it
how was that possible and how can i stop it
i was told it was a php script

Share this post


Link to post
Share on other sites
Can we get a live preview of your website to take a better look?

Share this post


Link to post
Share on other sites
its not in hacked state anymore
but http://2fr3sh.com

Share this post


Link to post
Share on other sites
There would be many different ways of doing this. You yourself are using php on your server I assume? Are you using switches with include statements per chance? If so, are you validating your includes beforehand?

Share this post


Link to post
Share on other sites
yes i am using switches and what do u mean when you ask if i am validating my includes

Share this post


Link to post
Share on other sites
http://www.2fr3sh.com/index.php?page=Pricing

Perhaps they hacked you after seeing this page and the rates


j/k...Anyways, was this through a form? What chmod do you have for the folder thy hack? Most likely, it's someone who's familar with the structure of your website.

Share this post


Link to post
Share on other sites
yes and i havent check the folder settings i should check that give me a sec

Share this post


Link to post
Share on other sites
all the write options are disabled to the folders and do y0u think the rates are to high

Share this post


Link to post
Share on other sites
you are going to have to post the code that has your form, as well as the script that processes it, if that's a seperate script, if you want anybody to give you any kind of real answer.

and also, your thread seems to have devolved into a website critique worthy thread. stay on topic or this will be moved there.

Share this post


Link to post
Share on other sites
I see the problam your using the $_GET statement on all pages are you?

and bye the way in essance getting hacked is a terrorable thing but is also a very common thing in computer programming the best way to acheve good results is to valadate all infromation and beetend your the hacker and try and hack your own php codes then add harsh condition to slow the hacking down.

it is really hard to stop hacking on any websight the hacker will always get in but try adding lots of valadations.

good luck.

if so the correct conditein is to valadate the $_GET coditeion like so.

the proper coreect link format.
[code]
<?
echo"< a href='index.php?page=home'>Go to home page</a>";
?>
[/code]

a $_GET with a url condition if page=="home" got there else dont.
[code]
<?php
if($_GET['page']=="home"){
header("location: index.php");
exit;
}
?>
[/code]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.