• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

PHP Help

Drakkon

Drakkon

Diamond Member
I created a site using PHP and somehow it came under the radar of a hacking group. So far they havent done anything too malicious just taken down my index page and replaced it with one of their own. I cant figure out how they are getting in though and this is now the third time it has happend.

Heres what they do:
Replace my index.php page with their own modified index.htm page (just 1 line of text)
Upload 1-2 htm files that have the same line in them

I'm assuming it must be some sort of injection attack? I do session and POST/GET but every time i either parse them through an sprintf or match them to a specified variable.
I have the login times for logins on my server so i know they dont have the password - unless they are bypassing that somehow. any ideas would be greatly appreciated.
 
index.php is getting deleted and they're creating an index.htm?

what are the permissions set to on index.php?
 
yes index.php deleted...index.htm created

directory permission is set at 644, index.php set at 644
 
If it's not showing up in server logins, my guess would be that SOMEWHERE you're not sanitizing a user-input field or your sanitizing doesn't catch the exploit they're using.

How large-scale of a PHP project is your site? PM me the link and/or code (if possible) and I'll take a look to see if I can find where they might be getting in.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top