Jump to content

PHP site hacked

widget

By widget
in PHP Coding Help

 Share

Recommended Posts

widget Member

widget

Posted
Posted

I have a site at work that keeps being hacked. All they mainly manage to do it change the title attribute.

Could someone please enlighten me as to how the hackers are getting in and what I can do to stop them.

 

Here is the php code that pulls the meta data

<? 

  if (!empty($_GET)) {
    $page = $_GET['p'];
  }
  else {
    $page = 'home';
  }

  $file = 'meta/' . $page . '.txt';

  if(is_file($file))
    {
      include($file);
    }
    else  {
      include('home.txt'); 
    }

?>

 

 

 

Here is the php code to determine the page.

 

<?
     if (!empty($_GET)) {
   			$page = $_GET['p'];
		 }
	 else {
   			$page = 'home';
		 }
	 if ($page == "studentloginpage") {
	 	$file = 'studentloginpage.php'; 
	 }
	 else {
		 $file = $page.'.htm'; 
	 }
	if(is_file($file))
	  {
	    include($file);
	  }
	else
	  {
	 	include('home.htm'); 
	  }?>

 

Here is the php code that determines the page banner

 

 <div id="pageBanner"> <img src="images/<? if (($page == "home") || ($page == "home2") || ($page == "solutions") || ($page == "product") || ($page == "testimonials") || ($page == "gettingStarted") || ($page == "aboutus") || ($page == "contact")){
	echo $page;
}
else {
	echo "generic";
}?>Banner.jpg" <?php echo $page ?> page banner" class="banner"></img> 
  </div>
  <div id="content"><?
     if (!empty($_GET)) {
   			$page = $_GET['p'];
		 }
	 else {
   			$page = 'home';
		 }
	 if ($page == "studentloginpage") {
	 	$file = 'studentloginpage.php'; 
	 }
	 else {
		 $file = $page.'.htm'; 
	 }
	if(is_file($file))
	  {
	    include($file);
	  }
	else
	  {
	 	include('home.htm'); 
	  }?>

Link to comment
https://forums.phpfreaks.com/topic/88277-php-site-hacked/
Share on other sites
kratsg Regular Member

kratsg

Posted
Posted

Your main problem derives from this piece of coding:

  if (!empty($_GET)) {
    $page = $_GET['p'];
  }
  else {
    $page = 'home';
  }

 

The security flaw is that you have a false sense of security. You're only checking to see if the $_GET was null, (doesn't say anything about $_GET['p'] being null, just that the array of $_GET is null...) This means if $_GET['something_else'] was defined, $page would be set to null in actuality. What I would do is create an array of possible values you'd expect for $page, use an if(in_array()) to check to make sure it's valid, and die if it's not.

 

The obvious reason for the security flaw is that you are including whatever the user says, so they can probably use some interesting hack to bypass it and change something with the title.

Link to comment
https://forums.phpfreaks.com/topic/88277-php-site-hacked/#findComment-451770
Share on other sites
widget Member

widget

Posted
  • Author
Posted
Regarding changing the title, which part of the code are you talking about?  Where is the title set?  Is it the banner image?

 

The title comes from the meta tag include.

 

There is no meta data hard coded on any page. Including the index.php file.

 

After the site has been hacked the meta tag title has been hard coded into the index.php file but the included meta tag.txt file is untouched.

 

oh god I hope that all makes sense lol

 

Link to comment
https://forums.phpfreaks.com/topic/88277-php-site-hacked/#findComment-451781
Share on other sites
kratsg Regular Member

kratsg

Posted
Posted

Regarding changing the title, which part of the code are you talking about?  Where is the title set?  Is it the banner image?

 

The title comes from the meta tag include.

 

There is no meta data hard coded on any page. Including the index.php file.

 

After the site has been hacked the meta tag title has been hard coded into the index.php file but the included meta tag.txt file is untouched.

 

oh god I hope that all makes sense lol

 

 

That means direct FTP access, if I understand you correctly. The hackers manually change your file to include a new piece of coding (this meta tag)?

Link to comment
https://forums.phpfreaks.com/topic/88277-php-site-hacked/#findComment-451853
Share on other sites
btherl Member

btherl

Posted
Posted

So they are able to edit index.php?  But all they do is change a meta tag?  It seems like odd behaviour for a hacker.  Is it someone you know?

 

It doesn't necessarily require ftp access to do that.  There could be many ways it's done.

 

Can the potential hackers (probably a student I would guess) place files on the same server in some other location?  Perhaps uploading via ftp, or submitting via a form elsewhere?  If so, those files could be placed and then included by sending an appropriate $_GET['p'] argument.

 

If that's the case, you can fix it by making a list of allowed $_GET['p'] values.  This list can be stored in a separate file so you don't need to copy it everywhere.  Then you can have your script display the default page if anything you don't recognize is requested.

Link to comment
https://forums.phpfreaks.com/topic/88277-php-site-hacked/#findComment-451973
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.