0

Hi experts,

My website (PHP+mysql+javascript) khabarfast.com hacked 4 times from unknown hackers.
Need suggestion for get rid of hacking.

4
Contributors
4
Replies
30
Views
4 Years
Discussion Span
Last Post by sahil.bhatia.18
0

As diafol has mentioned, we would need to see some code, specifically things like login scripts and content management scripts.

The most likely area for attack could be through improperly validated PHP scripts, and JavaScript XSS scripting.

0

I suspect you are not validating and cleansing your form input, and this has left it open to SQLInjection

0

Hi,
I added some code..Please tell me some suggestions??

<?php
session_start();
if(!isset($_SESSION['username']))
    header('Location:index.php');

if(isset($_POST['save']))   
{
include('../db.php');
$newstitle=mysql_real_escape_string($_POST['newstitle']);
$newsdes=mysql_real_escape_string($_POST['newsdesc']);

error_reporting(0);
define ("MAX_SIZE","4000");
function getExtension($str) 
{
     $i = strrpos($str,".");
     if (!$i) { return ""; }
     $l = strlen($str) - $i;
     $ext = substr($str,$i+1,$l);
     return $ext;
}
$errors=0;
$change="";
$abc="";

$errors2=0;
$change2="";
$abc3="";

$errors3=0;
$change3="";
$abc3="";

if($_SERVER["REQUEST_METHOD"] == "POST")
 {
    $image =$_FILES["file"]["name"];
    $uploadedfile = $_FILES['file']['tmp_name'];

    $image2 =$_FILES["file2"]["name"];
    $uploadedfile2 = $_FILES['file2']['tmp_name'];

    $image3 =$_FILES["file3"]["name"];
    $uploadedfile3 = $_FILES['file3']['tmp_name'];

    if($image) 
    {
        $filename = stripslashes($_FILES['file']['name']);
        $extension = getExtension($filename);
        $extension = strtolower($extension);

        if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) 
        {
            $change='<div class="msgdiv">Unknown Image extension </div> ';
            $errors=1;
        }
        else
        {
        $size=filesize($_FILES['file']['tmp_name']);
        if ($size > MAX_SIZE*1024)
            {
                $change='<div class="msgdiv">You have exceeded the size limit!</div> ';
                $errors=1;
            }
            if($extension=="jpg" || $extension=="jpeg" )
            {
                $uploadedfile = $_FILES['file']['tmp_name'];
                $src = imagecreatefromjpeg($uploadedfile);
            }
            else if($extension=="png")
            {
                $uploadedfile = $_FILES['file']['tmp_name'];
                $src = imagecreatefrompng($uploadedfile);
            }
            else 
                $src = imagecreatefromgif($uploadedfile);


        list($width,$height)=getimagesize($uploadedfile);

        $newwidth=600;
        $newheight=($height/$width)*$newwidth;
        $tmp=imagecreatetruecolor($newwidth,$newheight);

        $newwidth1=190;
        $newheight1=130;

        $tmp1=imagecreatetruecolor($newwidth1,$newheight1);
        imagecopyresampled($tmp,$src,0,0,0,0,$newwidth,$newheight,$width,$height);
        imagecopyresampled($tmp1,$src,0,0,0,0,$newwidth1,$newheight1,$width,$height);

        $image_name=time().'_1.'.$extension;
        $filename = "../newsimages/".$image_name;   
        $filename1 = "../thumbs/t_".$image_name;

//      $filename = "upload/".time(). $_FILES['file']['name'];
//      $filename1 = "thumbs/".time(). $_FILES['file']['name'];

        imagejpeg($tmp,$filename,190);
        imagejpeg($tmp1,$filename1,130);
        imagedestroy($src);
        imagedestroy($tmp);
        imagedestroy($tmp1);
        }
    }   

    if($image2) 
    {
        $filename2 = stripslashes($_FILES['file2']['name']);
        $extension2 = getExtension($filename2);
        $extension2 = strtolower($extension2);

        if (($extension2 != "jpg") && ($extension2 != "jpeg") && ($extension2 != "png") && ($extension2 != "gif")) 
        {
            $change2='<div class="msgdiv">Unknown Image extension </div> ';
            $errors2=1;
        }
        else
        {
        $size2=filesize($_FILES['file2']['tmp_name']);
        if ($size2 > MAX_SIZE*1024)
            {
                $change2='<div class="msgdiv">You have exceeded the size limit!</div> ';
                $errors2=1;
            }
            if($extension2=="jpg" || $extension2=="jpeg" )
            {
                $uploadedfile2 = $_FILES['file2']['tmp_name'];
                $src2 = imagecreatefromjpeg($uploadedfile2);
            }
            else if($extension2=="png")
            {
                $uploadedfile2 = $_FILES['file2']['tmp_name'];
                $src2 = imagecreatefrompng($uploadedfile2);
            }
            else 
                $src2 = imagecreatefromgif($uploadedfile2);


        list($width2,$height2)=getimagesize($uploadedfile2);

        $newwidth2=600;
        $newheight2=($height2/$width2)*$newwidth2;
        $tmp2=imagecreatetruecolor($newwidth2,$newheight2);

        $newwidth12=190;
        $newheight12=130;

        $tmp12=imagecreatetruecolor($newwidth12,$newheight12);
        imagecopyresampled($tmp2,$src2,0,0,0,0,$newwidth2,$newheight2,$width2,$height2);
        imagecopyresampled($tmp12,$src2,0,0,0,0,$newwidth12,$newheight12,$width2,$height2);

        $image_name2=time().'_2.'.$extension2;
        $filename2 = "../newsimages/".$image_name2; 
        $filename12 = "../thumbs/t_".$image_name2;

//      $filename = "upload/".time(). $_FILES['file']['name'];
//      $filename1 = "thumbs/".time(). $_FILES['file']['name'];

        imagejpeg($tmp2,$filename2,190);
        imagejpeg($tmp12,$filename12,130);
        imagedestroy($src2);
        imagedestroy($tmp2);
        imagedestroy($tmp12);
        }

    }

    if($image3) 
    {
        $filename3 = stripslashes($_FILES['file3']['name']);
        $extension3 = getExtension($filename3);
        $extension3 = strtolower($extension3);

        if (($extension3 != "jpg") && ($extension3 != "jpeg") && ($extension3 != "png") && ($extension3 != "gif")) 
        {
            $change3='<div class="msgdiv">Unknown Image extension </div> ';
            $errors3=1;
        }
        else
        {
        $size3=filesize($_FILES['file3']['tmp_name']);
        if ($size3 > MAX_SIZE*1024)
            {
                $change3='<div class="msgdiv">You have exceeded the size limit!</div> ';
                $errors3=1;
            }
            if($extension3=="jpg" || $extension3=="jpeg" )
            {
                $uploadedfile3 = $_FILES['file3']['tmp_name'];
                $src3 = imagecreatefromjpeg($uploadedfile3);
            }
            else if($extension3=="png")
            {
                $uploadedfile3 = $_FILES['file3']['tmp_name'];
                $src3 = imagecreatefrompng($uploadedfile3);
            }
            else 
                $src3 = imagecreatefromgif($uploadedfile3);


        list($width3,$height3)=getimagesize($uploadedfile3);

        $newwidth3=600;
        $newheight3=($height3/$width3)*$newwidth3;
        $tmp3=imagecreatetruecolor($newwidth3,$newheight3);


        $newwidth13=190;
        $newheight13=130;

        $tmp13=imagecreatetruecolor($newwidth13,$newheight13);
        imagecopyresampled($tmp3,$src3,0,0,0,0,$newwidth3,$newheight3,$width3,$height3);
        imagecopyresampled($tmp13,$src3,0,0,0,0,$newwidth13,$newheight13,$width3,$height3);

        $image_name3=time().'_3.'.$extension3;
        $filename3 = "../newsimages/".$image_name3; 
        $filename13 = "../thumbs/t_".$image_name3;

//      $filename = "upload/".time(). $_FILES['file']['name'];
//      $filename1 = "thumbs/".time(). $_FILES['file']['name'];

        imagejpeg($tmp3,$filename3,190);
        imagejpeg($tmp13,$filename13,130);
        imagedestroy($src3);
        imagedestroy($tmp3);
        imagedestroy($tmp13);
        }
    }
}   


if(mysql_query("insert into svn_bignews (newsheadline, newsdesc, status, setasdefault, thumb1, thumb2, thumb3, image1, image2, image3) 
                values ( '$newstitle', '$newsdes', '1', '1', '$filename1', '$filename12', '$filename13', '$filename', '$filename2', '$filename3')"))
    header('Location:add-big-news.php?msg=News Posted successfully !!'); 
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Admin Panel</title>
<script type="text/javascript">
function validate(theform)
{

    if(theform.newscat.value=="")
    {
        alert('Please select News Category !!');
        theform.newscat.focus();
        return false;
    }
    return true;
}
</script>
<style>
a { font:normal 12px Verdana; text-decoration:none; }
a:hover { font:normal 12px Verdana; text-decoration:underline; }
</style>
</head>
<body>
    <table align="center" width="1024px;" cellpadding="0" cellspacing="0" style="border:#CCCCCC 1px solid;" >
        <tr>
            <td style="font:normal 12px Verdana; background:#CCCCCC; vertical-align:middle; padding:2px 0 2px 2px;" colspan="2">
            <table cellpadding="0" cellspacing="0" width="100%">
                <tr>
                    <td style="width:25%"><b>Welcome : </b><?php echo $_SESSION['username'];  ?></td>
                    <td style="width:33%; text-align:center; font-weight:bold; color:red"><?php if(isset($_REQUEST['msg'])) echo $_REQUEST['msg']; ?></td>
                    <td style="width:25%; text-align:right;"><a href="logout.php" style="text-decoration:none;">Logout</a></td>
                </tr>
            </table>
            </td>
        </tr>
        <tr>
            <td style="vertical-align:top;">
                <?php include('module-menu.html');  ?>
            </td>
            <td style="vertical-align:top; width:100%; border-left:#CCCCCC 1px solid;">
                <form method="post" name="myform" onsubmit="return validate(this)" enctype="multipart/form-data">
                <table align="left">
                    <tr>
                        <td style="font:normal 12px Verdana; vertical-align:middle; padding:2px 0 2px 8px;">News Title</td>
                        <td><input type="text" name="newstitle" id="newstitle" style="width:500px;" value="<?php echo $_POST['newstitle']; ?>" /></td>
                    </tr>
                    <tr>
                        <td style="font:normal 12px Verdana; vertical-align:middle; padding:2px 0 2px 8px; vertical-align:top;">News Desc</td>
                        <td><textarea name="newsdesc" id="newsdesc" cols="80" rows="10"><?php echo $_POST['newsdesc']; ?></textarea></td>
                    </tr>
                    <tr>
                        <td style="font:normal 12px Verdana; vertical-align:middle; padding:2px 0 2px 8px; vertical-align:top;">Upload Image 1</td>
                        <td><input type="file" name="file" /></td>
                    </tr>
                    <tr>
                        <td style="font:normal 12px Verdana; vertical-align:middle; padding:2px 0 2px 8px; vertical-align:top;">Upload Image 2</td>
                        <td><input type="file" name="file2" /></td>
                    </tr>

                    <tr>
                        <td style="font:normal 12px Verdana; vertical-align:middle; padding:2px 0 2px 8px; vertical-align:top;">Upload Image 3</td>
                        <td><input type="file" name="file3" /></td>
                    </tr>
                    <tr>
                        <td style="font:normal 12px Verdana; vertical-align:middle; padding:2px 0 2px 8px; vertical-align:top;">News Category</td>
                        <td>
                            <select name="newscat">
                                <option value="">-- Select Category--</option>
                                <option value="svn_entertainmentnews" <?php if($_POST['newscat']=='svn_entertainmentnews') echo "selected"; ?>>
                                Entertainment News</option>
                                <option value="svn_sportsnews" <?php if($_POST['newscat']=='svn_sportsnews') echo "selected"; ?>>
                                Sports News</option>
                                <option value="svn_politicsnews" <?php if($_POST['newscat']=='svn_politicsnews') echo "selected"; ?>>
                                Politics News</option>
                                <option value="svn_crimenews" <?php if($_POST['newscat']=='svn_crimenews') echo "selected"; ?>>
                                Crime News</option>
                            </select>
                        </td>
                    </tr>
                    <tr>
                        <td style="font:normal 12px Verdana; vertical-align:middle; padding:2px 0 2px 8px; vertical-align:top;">Status</td>
                        <td>
                            <select name="status">
                                <option value="1">Active</option>
                                <option value="0">Inactive</option>
                            </select>
                        </td>
                    </tr>
                    <tr>
                        <td></td>
                        <td><input type="submit" value="Save" name="save" /></td>
                    </tr>
                </table>
                </form>
            </td>
        </tr>
    </table>
</body>
</html>
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.