defeated Posted March 20, 2008 Share Posted March 20, 2008 Hi, Just to make you aware, Somebody tried to hack my site after posting here. It is possible that they found my site randomly but it seems unlikely. Here is their ip address in case any of you want to add them to your banned list for your site or do anything else you like to them: 89.241.231.178 He/she tried to access my db by injecting a form on my site. Thanks to the bit of security I did have they were unsuccessful. We did however have about 3,500 emails this morning. I have sorted that by adding a CAPTCHA to the form. BEWARE!!!! Ian. Quote Link to comment Share on other sites More sharing options...
neylitalo Posted March 20, 2008 Share Posted March 20, 2008 Unfortunately, this is a side effect of any publicity. If enough people know about your site, you are going to get some attackers. As you've just discovered, the best route is to just implement as much security as you can, and take it as it comes along. Thank you for not placing blame on PHP Freaks, as I've seen happen in similar situations elsewhere, and it's good to know that you were able to solve the problem quickly. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted March 20, 2008 Share Posted March 20, 2008 Security and testing are actually the most important tasks in coding. Just getting something to work does not mean it is complete and ready to be put out into public use. And it is probably worth repeating - you cannot trust any external data. You must validate all external data before using it in any way. Quote Link to comment Share on other sites More sharing options...
revraz Posted March 24, 2008 Share Posted March 24, 2008 Well you did post it here http://www.phpfreaks.com/forums/index.php/topic,187586.0.html Quote Link to comment Share on other sites More sharing options...
serverman Posted March 26, 2008 Share Posted March 26, 2008 i think thats a proxy adress ... http://www.networksolutions.com/whois/results.jsp?ip=89.241.231.178 else there this company in Amsterdam NL is trying to hack you Quote Link to comment Share on other sites More sharing options...
chrisuk Posted March 31, 2008 Share Posted March 31, 2008 how did you know someone tried to use injection? Quote Link to comment Share on other sites More sharing options...
defeated Posted April 1, 2008 Author Share Posted April 1, 2008 I knew it was an injection attempt because they tried to change some of the details in one of my forms. My form automatically e-mails several people in my company depending on which job is applied for and also sends a copy to the sender so I was able to see the code they tried to use in those emails. It was all escaped, but basically they tried to interupt some sql queries to gain access to the db. Quote Link to comment Share on other sites More sharing options...
shank888 Posted April 6, 2008 Share Posted April 6, 2008 lol my site got the shit kicked outta it. but... I was aware I had tons and tons of security errors and didn't fix them. I guess we learnt our lesson Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.