my site hacked (home page changed) plz advice

[isaac_cm]

recently I found my home page index.php give me syntax error and when I open it I found this code inside

 

<?php

error_reporting( E_ALL ^ E_NOTICE );

 

include_once('inc/smartyinit.php');

 

//check for install--------------------------------------------------------------------------

$stmt = new Statement("SELECT * FROM {$GLOBALS['fc_config']['db']['pref']}connections LIMIT 1");

$res  = $stmt->process();

if($res == null)

{

Header("Location: install.php"); 

die;

}

//-------------------------------------------------------------------------------------------

$data = array();

 

$data['version'] = $GLOBALS['fc_config']['version'];

$data['file_exists'] = file_exists('install.php') || file_exists('install_files');

 

$cms = $GLOBALS['fc_config']['cms'];

$cmsclass = strtolower(get_class($cms));

$data['is_cms'] = ($cmsclass == 'defaultcms') && (! isset($cms->constArr));

 

$data['languages'] = $GLOBALS['fc_config']['languages'];

$data['defaultLanguage'] = $GLOBALS['fc_config']['defaultLanguage'];

 

$data['is_statelesscms'] = ($cmsclass == 'statelesscms');

$data['adminPassword'] = $GLOBALS['fc_config']['adminPassword'];

$data['spyPassword'] = $GLOBALS['fc_config']['spyPassword'];

 

$smarty->assign('data', $data);

$smarty->display('index.tpl');

?>

 

plz advice how I protect my home page this is the second time I found my this page altered !!

 

thanks

[taith]

change the password to your ftp/filemanager... make longer/harder...

[isaac_cm]

r u sure it is only an ftp problem not a script problem ,

I use dreamweaver and I did the script my self no CMS used

 

I am online on skype "isaac.bekheet" if any one can help me now I would greatly appreciated

 

thanks alot

 

[taith]

ya... the only way to store stuff onto the server, is to connect, to the server...

[obsidian]

ya... the only way to store stuff onto the server, is to connect, to the server...

 

Not true... If the site is open to SQL injection, it is possible to write files to the server through the database as well. Once you have that kind of access, you can do lots of different things. Remember that SQL also has file access.

 

You'll need to make sure you're not vulnerable to SQL injection or XSS in addition to simply changing your passwords.

[isaac_cm]

thanks for fast reply

I only have one form for search in the home page and I use get method and pass the search keyword to the "product" page

 

is it done by using the search text box in the home page ?

 

no get method used for index.php page !!!!

 

thanks

[obsidian]

thanks for fast reply

I only have one form for search in the home page and I use get method and pass the search keyword to the "product" page

 

is it done by using the search text box in the home page ?

 

no get method used for index.php page !!!!

 

thanks

 

It doesn't matter where the injection can occur. Once a hacker has gained access to your server, they can get the full access of the user through which they gained the access in the first place. So, if you have even one location on your site that is vulnerable, it is very possible that they could then go in and modify only the files they wish.

 

If it happened once before, and you didn't get rid of your security hole, they simply had to wait until their access ended and go do it again.

[isaac_cm]

thanks

if you can plz provide more detail how to fix this problem fast

[obsidian]

thanks

if you can please provide more detail how to fix this problem fast

 

I don't know what the problem is yet. If you'll PM me a link to your site, I'll see if I can help you narrow down any areas where someone may gain access via XSS or SQL injection.