Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Being Hacked

Status
Not open for further replies.
daNewfie

daNewfie

Programmer
Oct 14, 2004
258
CA
For the past few days it seems someone has been hacking my site...

A few days ago there were several tables missing from my sql server..I replaced the tables and data..now the tables are intact but all the data in them has been changed to 404, or 403, or 405...

What are some ways I can try to chtch the bugger doing this and prevent it from happening again....

Thanks for you help...
 
Sort by date Sort by votes
1) Is this on a shared server? If so, do you manage the server?

2) Do you have any phpBB installs on the server that have not been patched? (Any at all on the server, not just your account)

If it's a shared server and you don't manage it, contact your host with full details and they should help you pinpoint the problem, whether it is their end or yours.

Hope this helps

Wullie

Fresh Look - Quality Coldfusion Hosting

The pessimist complains about the wind. The optimist expects it to change. The leader adjusts the sails. - John Maxwell
 
Upvote 0 Downvote
This site is hotsed on my friends server where he host this business site....and I do not manage the server..

as far as phpBB...it is possible but I am not 100% sure....
 
Upvote 0 Downvote
It's hard to say with just the info provided, but there have been a few very serious security exploits recently with phpBB boards and it is possible someone is using this to gain access to the server.

Depending the on server setup, this can give someone access server-wide, not just the account with the board in it. It is normally a worm that spreads through this and the changes made sound different from what this worm does but it could be that someone is manually doing this or it could be a new varient of the worm.

It is possible that this is what is being used to gain access but you would really need to check with the person who manages the server to be sure.

Hope this helps

Wullie

Fresh Look - Quality Coldfusion Hosting

The pessimist complains about the wind. The optimist expects it to change. The leader adjusts the sails. - John Maxwell
 
Upvote 0 Downvote
PHP in general just had a major security exploit (middle of December).. It confused for a phpbb bug because it strikes phpbb so hard. So many sites use phpbb that when you figure out how to exploit one, you can exploit tons more.. And its a simple app to install so many webpage designers have installed it and never looked at another bracket of php. They install the php they need and the forums then they wander off and forget about it.

I was just informed of this bug before I read this post earlier today.

There is a patch available and the article did say that exploiting the bug proves to be very difficult, but if you can pull it off, you can crack open a server, so to speak. It uses cookies a php's Serialize function and cookies.. It wasn't very detailed but I guess you can program into php's cookies and then get the code to execute the cookie's contents.

The worse part is that while many discoveries are theories, this one has been proven. It took them two days after the announcement of the exploit to produce working code.

ALFII.com
---------------------
If this post answered or helped to answer your question, please reply with such so that forum members with a similar question will know to use this advice.
 
Upvote 0 Downvote
Have you protected your code against SQL Injections? It is possible for someone to mess with your database by passing info in url strings.

This gives some suggestions on how to secure your site against SQL Injections:
Here's a link from Macromedia about enhancing security against SQL Injections:
This article may help explain SQL Injections a little better:


Hope This Helps!

Ecobb
Beer Consumption Analyst

"My work is a game, a very serious game." - M.C. Escher
 
Upvote 0 Downvote
Using CFQueryParam in your queries is one step that will help against SQL injection.
 
Upvote 0 Downvote
If there are forms on your site, and you're not explicitly validating every single field, you're leaving your site wide open.



 
Upvote 0 Downvote
Just a few of the fields are validated...

We switched from coldfusion and sql to asp and access just to test some stuff.....the hacker came back and toasted the site was a guy called "kbyte
 
Upvote 0 Downvote
I know him. That's "Mbyte's" little brother.

A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools.
-Douglas Adams (1952-2001)
 
Upvote 0 Downvote
I am also gonna incorporate sql triggers in the database...
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

zickler
  • Locked
  • Question
menu bar being impeded by flash file in Explorer but not in Firefox
Replies
0
Views
58
zickler
zickler
Blueman2
  • Locked
  • Question
Div being pushed to right in IE
Replies
0
Views
16
Blueman2
Blueman2
CMcC
  • Locked
  • Question
attached style sheet not being applied correctly 1
Replies
4
Views
46
CMcC
CMcC
mjrh
  • Locked
  • Question
When dragging images, how to stop being repostioned
Replies
1
Views
9
lebisol
lebisol
zmountainman
  • Locked
  • Question
extra spaces between text not being recognized 1
Replies
6
Views
55
wiser3
wiser3

Part and Inventory Search

Sponsor

Back
Top