...

View Full Version : Exploit Please Help



marsh0
05-11-2008, 08:46 AM
Hello, my website has been getting hacked repeatedly for the last week or so no matter what i do. So i have a simple website that a friend made for me. I looked in the code and found a include statement i went to google and found this.

http://www.theserverpages.com/articles/webmasters/php/security/Code_Injection_Vulnerabilities_Explained.html

So basically, i am asking if the code on my website is vulnerable to this attack.


<?
include("bottom.php");
?>


$top = "1";
include("top.php");

CFMaBiSmAd
05-11-2008, 08:58 AM
Like you were told in the other forum where you posted that question. The two include() statements you posted cannot include raw remote code and execute it on your server. The files they are including is hard-coded and does not come from a variable that can be set by someone outside of your code.

The second piece of code is not even using the $top variable (if it was and if register globals are on, then yes someone could specify a remote file and raw php code could be included and executed on your server.)

marsh0
05-11-2008, 09:07 AM
Thanks, just wanted a second opinion its kind of a important topic.

derzok
05-11-2008, 04:06 PM
Why don't you post more code from the website? Edit out any info that would make it obvious what your website url is - especially if you say it's open to attacks.

I'm sure that with the number of experts here, we'll be able to find it in a hot second. Look for code containing $_GET or $_POST - those are the most commonly exploited.

marsh0
05-11-2008, 07:31 PM
You can take a look at the whole site its juts going to take hacked in a few days anyway.

www.freemmorpgmaker.com i would appreciate any help i can get.

oesxyl
05-11-2008, 08:10 PM
You can take a look at the whole site its juts going to take hacked in a few days anyway.

www.freemmorpgmaker.com i would appreciate any help i can get.
you run a game engine and a svn server and probably a lot of soft you need on same machine. Why did you think that php part is guilty( I don't say that is not because I can't know that). A cracker must find a way to gain access and that could be anywhere. You must give more relevant details about what's happend, why did you think that is a attack and not a bug/problem/mistake/something else, what did you know, what did you suppose it is, and so on.

PS: Keep in mind that is a public forums with public access.

regards

marsh0
05-11-2008, 09:38 PM
you run a game engine and a svn server and probably a lot of soft you need on same machine. Why did you think that php part is guilty( I don't say that is not because I can't know that). A cracker must find a way to gain access and that could be anywhere. You must give more relevant details about what's happend, why did you think that is a attack and not a bug/problem/mistake/something else, what did you know, what did you suppose it is, and so on.

PS: Keep in mind that is a public forums with public access.

regards

Yea your right its properly just a bug that made my site delete itself and get a giant image saying hacked by level 69 on it.

FWDrew
05-11-2008, 09:51 PM
Yea your right its properly just a bug that made my site delete itself and get a giant image saying hacked by level 69 on it.

He asked you why you thought it was an attack and not a bug, no need for the sarcasm when people are trying to help you.

And BTW, might not be the smartest decision to post the URL of a site that is known to be very exploitable or that your having security issues with, invites the "bad guys" right on in. Oesxyl tried to point this out to you...you were too busy being sarcastic. :thumbsup:

_Aerospace_Eng_
05-11-2008, 10:44 PM
We would need to see the php for your site before its parsed to let you know if its exploitable.

Inigoesdr
05-11-2008, 11:21 PM
Couple of tips..

Look through your code for queries using unescaped user input.
Change your passwords(hosting account, mysql, script).
Check your permissions.
Look over your various settings for things that might have been changed(forgotten password e-mail for instance).

marsh0
05-12-2008, 06:19 PM
Couple of tips..

Look through your code for queries using unescaped user input.
Change your passwords(hosting account, mysql, script).
Check your permissions.
Look over your various settings for things that might have been changed(forgotten password e-mail for instance).


Thanks for the last one thats really good advice.


Also i dont care if poeple no the site is exploitable its getting hacked every day already. Doesn't make much of a difference. I also removed everything from the site but the main files so i want to see if its still there. I was in a bad mood last night so sorry for the dumb comments.

Fumigator
05-12-2008, 10:18 PM
The problem may or may not be PHP. You should comb through the log files, and/or start logging a few critical processes to see if that leads you anywhere productive.

Best Regards,

level 69

http://digilander.libero.it/le.faccine/faccinea/angeli/statici/853.gif



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum