hi

today i found out that our site is hacaked by pakcyberpyrates.They somehow edited my index.php and placed thier content.When i searched the net, thier are many site hacked by them for example SNIP. At present i have updated the index.php.
Friends i need ur help to solve this problem. i need to know what are thing i can to do protect the site.

regards
rajan

Are you using a CMS? Can you check the logs of your website? Which version of PHP are you using? Are you in a shared hosting or dedicated? What they did? Just defacement? Let us know, bye.

they probably used a mysql injection. clean up your php code. those guys aren't hackers, they're little script kiddies who manipulated your code. they didn't brute force their way in.

your site was hacked because of your own code.

@rajan,

Make sure all of your form processors throughout your site is either $_POST or $_GET, and NOT $_REQUEST for any uploader script. You may want to check and make sure allow_url_include is not set to ON. If you set this to ON, because of any scrapers or any parser script requiring it, use cURL then feed the cURL output to the parser.

I really don't want to show example how its done, because it will give idea to curious people on hacking, and the next thing we know we ended up with 100 more hacking wannabees.

The second probable cause might have been coming from the sites you have visited lately and the use of filezilla ftp program. The deal here is the trojan grabs Application Data\FileZilla\sitemanager.xml file and then use whatever ftp credentials can be found in there to access your site. I helped many people 2 years ago who were victimized by this method.


The third and the most common mistakes is the form input filtering. Most upload script were written and deployed unguarded..for example, some of them don't even have any file extensions filtering mechanism, which allows the uploader to upload any files they want that includes php files that can be executed once the suspected hackers knows the location of uploaded files. Hackers can easily browse your form source codes, and then attempt to do a few remote uploads from their server.. they would try to upload php files or any executable files they can think of.

One last thing but not very common is allowing members to upload avatar or image files without proper extension checks..this can also lead to member signing up and then eventually uploading their malicious script. Another less common is the SWF and flash hacking which is done by advance programmers who are just having fun. Most people will do this in an iframe embed codes similar to some affiliates banner links.

commented: Useful comments about security breaches. +5

I've just done a google on your site, and it looks like other pages have been defaced by different people ... :( not good!

Member Avatar for diafol

I recently changed an user's frontpage (non-maliciously) as said member insisted on using eval(). This allowed me to print out his filesystem, print their contents so I could target pages to change with certain file_* functions. If you have any of these constructs lock them down. This can be particularly dangerous when you store your mysql connection details in a file. The hacker now has access to your DB - bye bye data.

Veedeoo pretty much covers everything else.

Hey ,

You Can Change Your FTP ( File Transfer Protocol ) Username & Password From Your Control Panel.. And Also Change Your control Pannel Passwords Also.. Mr / Ms veedeoo told you as well .

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.