Hi experts,

My website (PHP+mysql+javascript) khabarfast.com hacked 4 times from unknown hackers.
Need suggestion for get rid of hacking.

Member Avatar
diafol

Without seeing your code, it's difficult to say.

As diafol has mentioned, we would need to see some code, specifically things like login scripts and content management scripts.

The most likely area for attack could be through improperly validated PHP scripts, and JavaScript XSS scripting.

I suspect you are not validating and cleansing your form input, and this has left it open to SQLInjection

Hi,
I added some code..Please tell me some suggestions??

<?php
session_start();
if(!isset($_SESSION['username']))
    header('Location:index.php');

if(isset($_POST['save']))   
{
include('../db.php');
$newstitle=mysql_real_escape_string($_POST['newstitle']);
$newsdes=mysql_real_escape_string($_POST['newsdesc']);

error_reporting(0);
define ("MAX_SIZE","4000");
function getExtension($str) 
{
     $i = strrpos($str,".");
     if (!$i) { return ""; }
     $l = strlen($str) - $i;
     $ext = substr($str,$i+1,$l);
     return $ext;
}
$errors=0;
$change="";
$abc="";

$errors2=0;
$change2="";
$abc3="";

$errors3=0;
$change3="";
$abc3="";

if($_SERVER["REQUEST_METHOD"] == "POST")
 {
    $image =$_FILES["file"]["name"];
    $uploadedfile = $_FILES['file']['tmp_name'];

    $image2 =$_FILES["file2"]["name"];
    $uploadedfile2 = $_FILES['file2']['tmp_name'];

    $image3 =$_FILES["file3"]["name"];
    $uploadedfile3 = $_FILES['file3']['tmp_name'];

    if($image) 
    {
        $filename = stripslashes($_FILES['file']['name']);
        $extension = getExtension($filename);
        $extension = strtolower($extension);

        if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) 
        {
            $change='<div class="msgdiv">Unknown Image extension </div> ';
            $errors=1;
        }
        else
        {
        $size=filesize($_FILES['file']['tmp_name']);
        if ($size > MAX_SIZE*1024)
            {
                $change='<div class="msgdiv">You have exceeded the size limit!</div> ';
                $errors=1;
            }
            if($extension=="jpg" || $extension=="jpeg" )
            {
                $uploadedfile = $_FILES['file']['tmp_name'];
                $src = imagecreatefromjpeg($uploadedfile);
            }
            else if($extension=="png")
            {
                $uploadedfile = $_FILES['file']['tmp_name'];
                $src = imagecreatefrompng($uploadedfile);
            }
            else 
                $src = imagecreatefromgif($uploadedfile);


        list($width,$height)=getimagesize($uploadedfile);

        $newwidth=600;
        $newheight=($height/$width)*$newwidth;
        $tmp=imagecreatetruecolor($newwidth,$newheight);

        $newwidth1=190;
        $newheight1=130;

        $tmp1=imagecreatetruecolor($newwidth1,$newheight1);
        imagecopyresampled($tmp,$src,0,0,0,0,$newwidth,$newheight,$width,$height);
        imagecopyresampled($tmp1,$src,0,0,0,0,$newwidth1,$newheight1,$width,$height);

        $image_name=time().'_1.'.$extension;
        $filename = "../newsimages/".$image_name;   
        $filename1 = "../thumbs/t_".$image_name;

//      $filename = "upload/".time(). $_FILES['file']['name'];
//      $filename1 = "thumbs/".time(). $_FILES['file']['name'];

        imagejpeg($tmp,$filename,190);
        imagejpeg($tmp1,$filename1,130);
        imagedestroy($src);
        imagedestroy($tmp);
        imagedestroy($tmp1);
        }
    }   

    if($image2) 
    {
        $filename2 = stripslashes($_FILES['file2']['name']);
        $extension2 = getExtension($filename2);
        $extension2 = strtolower($extension2);

        if (($extension2 != "jpg") && ($extension2 != "jpeg") && ($extension2 != "png") && ($extension2 != "gif")) 
        {
            $change2='<div class="msgdiv">Unknown Image extension </div> ';
            $errors2=1;
        }
        else
        {
        $size2=filesize($_FILES['file2']['tmp_name']);
        if ($size2 > MAX_SIZE*1024)
            {
                $change2='<div class="msgdiv">You have exceeded the size limit!</div> ';
                $errors2=1;
            }
            if($extension2=="jpg" || $extension2=="jpeg" )
            {
                $uploadedfile2 = $_FILES['file2']['tmp_name'];
                $src2 = imagecreatefromjpeg($uploadedfile2);
            }
            else if($extension2=="png")
            {
                $uploadedfile2 = $_FILES['file2']['tmp_name'];
                $src2 = imagecreatefrompng($uploadedfile2);
            }
            else 
                $src2 = imagecreatefromgif($uploadedfile2);


        list($width2,$height2)=getimagesize($uploadedfile2);

        $newwidth2=600;
        $newheight2=($height2/$width2)*$newwidth2;
        $tmp2=imagecreatetruecolor($newwidth2,$newheight2);

        $newwidth12=190;
        $newheight12=130;

        $tmp12=imagecreatetruecolor($newwidth12,$newheight12);
        imagecopyresampled($tmp2,$src2,0,0,0,0,$newwidth2,$newheight2,$width2,$height2);
        imagecopyresampled($tmp12,$src2,0,0,0,0,$newwidth12,$newheight12,$width2,$height2);

        $image_name2=time().'_2.'.$extension2;
        $filename2 = "../newsimages/".$image_name2; 
        $filename12 = "../thumbs/t_".$image_name2;

//      $filename = "upload/".time(). $_FILES['file']['name'];
//      $filename1 = "thumbs/".time(). $_FILES['file']['name'];

        imagejpeg($tmp2,$filename2,190);
        imagejpeg($tmp12,$filename12,130);
        imagedestroy($src2);
        imagedestroy($tmp2);
        imagedestroy($tmp12);
        }

    }

    if($image3) 
    {
        $filename3 = stripslashes($_FILES['file3']['name']);
        $extension3 = getExtension($filename3);
        $extension3 = strtolower($extension3);

        if (($extension3 != "jpg") && ($extension3 != "jpeg") && ($extension3 != "png") && ($extension3 != "gif")) 
        {
            $change3='<div class="msgdiv">Unknown Image extension </div> ';
            $errors3=1;
        }
        else
        {
        $size3=filesize($_FILES['file3']['tmp_name']);
        if ($size3 > MAX_SIZE*1024)
            {
                $change3='<div class="msgdiv">You have exceeded the size limit!</div> ';
                $errors3=1;
            }
            if($extension3=="jpg" || $extension3=="jpeg" )
            {
                $uploadedfile3 = $_FILES['file3']['tmp_name'];
                $src3 = imagecreatefromjpeg($uploadedfile3);
            }
            else if($extension3=="png")
            {
                $uploadedfile3 = $_FILES['file3']['tmp_name'];
                $src3 = imagecreatefrompng($uploadedfile3);
            }
            else 
                $src3 = imagecreatefromgif($uploadedfile3);


        list($width3,$height3)=getimagesize($uploadedfile3);

        $newwidth3=600;
        $newheight3=($height3/$width3)*$newwidth3;
        $tmp3=imagecreatetruecolor($newwidth3,$newheight3);


        $newwidth13=190;
        $newheight13=130;

        $tmp13=imagecreatetruecolor($newwidth13,$newheight13);
        imagecopyresampled($tmp3,$src3,0,0,0,0,$newwidth3,$newheight3,$width3,$height3);
        imagecopyresampled($tmp13,$src3,0,0,0,0,$newwidth13,$newheight13,$width3,$height3);

        $image_name3=time().'_3.'.$extension3;
        $filename3 = "../newsimages/".$image_name3; 
        $filename13 = "../thumbs/t_".$image_name3;

//      $filename = "upload/".time(). $_FILES['file']['name'];
//      $filename1 = "thumbs/".time(). $_FILES['file']['name'];

        imagejpeg($tmp3,$filename3,190);
        imagejpeg($tmp13,$filename13,130);
        imagedestroy($src3);
        imagedestroy($tmp3);
        imagedestroy($tmp13);
        }
    }
}   


if(mysql_query("insert into svn_bignews (newsheadline, newsdesc, status, setasdefault, thumb1, thumb2, thumb3, image1, image2, image3) 
                values ( '$newstitle', '$newsdes', '1', '1', '$filename1', '$filename12', '$filename13', '$filename', '$filename2', '$filename3')"))
    header('Location:add-big-news.php?msg=News Posted successfully !!'); 
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Admin Panel</title>
<script type="text/javascript">
function validate(theform)
{

    if(theform.newscat.value=="")
    {
        alert('Please select News Category !!');
        theform.newscat.focus();
        return false;
    }
    return true;
}
</script>
<style>
a { font:normal 12px Verdana; text-decoration:none; }
a:hover { font:normal 12px Verdana; text-decoration:underline; }
</style>
</head>
<body>
    <table align="center" width="1024px;" cellpadding="0" cellspacing="0" style="border:#CCCCCC 1px solid;" >
        <tr>
            <td style="font:normal 12px Verdana; background:#CCCCCC; vertical-align:middle; padding:2px 0 2px 2px;" colspan="2">
            <table cellpadding="0" cellspacing="0" width="100%">
                <tr>
                    <td style="width:25%"><b>Welcome : </b><?php echo $_SESSION['username'];  ?></td>
                    <td style="width:33%; text-align:center; font-weight:bold; color:red"><?php if(isset($_REQUEST['msg'])) echo $_REQUEST['msg']; ?></td>
                    <td style="width:25%; text-align:right;"><a href="logout.php" style="text-decoration:none;">Logout</a></td>
                </tr>
            </table>
            </td>
        </tr>
        <tr>
            <td style="vertical-align:top;">
                <?php include('module-menu.html');  ?>
            </td>
            <td style="vertical-align:top; width:100%; border-left:#CCCCCC 1px solid;">
                <form method="post" name="myform" onsubmit="return validate(this)" enctype="multipart/form-data">
                <table align="left">
                    <tr>
                        <td style="font:normal 12px Verdana; vertical-align:middle; padding:2px 0 2px 8px;">News Title</td>
                        <td><input type="text" name="newstitle" id="newstitle" style="width:500px;" value="<?php echo $_POST['newstitle']; ?>" /></td>
                    </tr>
                    <tr>
                        <td style="font:normal 12px Verdana; vertical-align:middle; padding:2px 0 2px 8px; vertical-align:top;">News Desc</td>
                        <td><textarea name="newsdesc" id="newsdesc" cols="80" rows="10"><?php echo $_POST['newsdesc']; ?></textarea></td>
                    </tr>
                    <tr>
                        <td style="font:normal 12px Verdana; vertical-align:middle; padding:2px 0 2px 8px; vertical-align:top;">Upload Image 1</td>
                        <td><input type="file" name="file" /></td>
                    </tr>
                    <tr>
                        <td style="font:normal 12px Verdana; vertical-align:middle; padding:2px 0 2px 8px; vertical-align:top;">Upload Image 2</td>
                        <td><input type="file" name="file2" /></td>
                    </tr>

                    <tr>
                        <td style="font:normal 12px Verdana; vertical-align:middle; padding:2px 0 2px 8px; vertical-align:top;">Upload Image 3</td>
                        <td><input type="file" name="file3" /></td>
                    </tr>
                    <tr>
                        <td style="font:normal 12px Verdana; vertical-align:middle; padding:2px 0 2px 8px; vertical-align:top;">News Category</td>
                        <td>
                            <select name="newscat">
                                <option value="">-- Select Category--</option>
                                <option value="svn_entertainmentnews" <?php if($_POST['newscat']=='svn_entertainmentnews') echo "selected"; ?>>
                                Entertainment News</option>
                                <option value="svn_sportsnews" <?php if($_POST['newscat']=='svn_sportsnews') echo "selected"; ?>>
                                Sports News</option>
                                <option value="svn_politicsnews" <?php if($_POST['newscat']=='svn_politicsnews') echo "selected"; ?>>
                                Politics News</option>
                                <option value="svn_crimenews" <?php if($_POST['newscat']=='svn_crimenews') echo "selected"; ?>>
                                Crime News</option>
                            </select>
                        </td>
                    </tr>
                    <tr>
                        <td style="font:normal 12px Verdana; vertical-align:middle; padding:2px 0 2px 8px; vertical-align:top;">Status</td>
                        <td>
                            <select name="status">
                                <option value="1">Active</option>
                                <option value="0">Inactive</option>
                            </select>
                        </td>
                    </tr>
                    <tr>
                        <td></td>
                        <td><input type="submit" value="Save" name="save" /></td>
                    </tr>
                </table>
                </form>
            </td>
        </tr>
    </table>
</body>
</html>