Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Hosting websites
- Thread starter rkferri
- Start date
Are only your sites being hacked or all web sites hosted on this hosting company? If it's only your site then switching hosting companies might not be the answer. Reviewing your code and using better coding practices might help.
Have you asked the hosting company to look at the log files and investigate? When you say "getting hacked", what does that entail? Are they deleting records by query injection (easlity fixable by updating your code); are they deleting files (try changing the password); are they redirecting your pages to an illicit site?
____________________________________
Just Imagine.
Have you asked the hosting company to look at the log files and investigate? When you say "getting hacked", what does that entail? Are they deleting records by query injection (easlity fixable by updating your code); are they deleting files (try changing the password); are they redirecting your pages to an illicit site?
____________________________________
Just Imagine.
- Thread starter
- #3
One of my sites they were really hacking. It's a funeral home website and the guestbook I wrote is what they were hacking. Which I knew might possibly happen since the guestbook is out there for anyone to sign. They were putting in viagra links and other stuff under peoples names. The other thing they were doing is when I went into the admin section where the obituaries are added when I clicked on the link to view all guestbook items it took me to another website. They also put code at the top of all my websites on the home page. Every home page had "Echo, Echo, Echo" at the top. It's like they changed my home page. I'm worried about the obituaries section getting hacked next on my funeral home website. I have a login section but how can I make it more secure. Any idea's would be greatly appreciated. Any idea's on how to secure my code on any pages would be appreciated.
Well, the first thing you should do is notify your hosting company. Let them look through logs and see if they find any suspicious activity (ie dB security being comprimised).
Second is in the thread Sarky78 posted. By using <cfqueryparam> tags in your <Cfquery>'s you can prevent query injections (that's when someone can pass additional sql code via the browser to be executed).
One of your problem seems to be someone passing 'advertising' in the guesbook section. You can implement a word scrubber, similar to what I use on my site under 'Contact Us'. What I do there is if I find a particular word in the input fields I prevent that post from being sent.
This is how I do that (this can one of the many diff solutions you can use):
____________________________________
Just Imagine.
Second is in the thread Sarky78 posted. By using <cfqueryparam> tags in your <Cfquery>'s you can prevent query injections (that's when someone can pass additional sql code via the browser to be executed).
One of your problem seems to be someone passing 'advertising' in the guesbook section. You can implement a word scrubber, similar to what I use on my site under 'Contact Us'. What I do there is if I find a particular word in the input fields I prevent that post from being sent.
This is how I do that (this can one of the many diff solutions you can use):
Code:
<!--- CHECK TO MAKE SURE USER DID NOT ENTER ANY ILLICIT WORDS --->
<cfset bad_words = "badword1,badword2,badword3,badword4,badword5,etc">
<cfif ListFindNoCase(bad_words,'#FORM.Field1#')>
<!--- IF BADWORDS DETECTED, IGNORE POST --->
<cfelse>
<!-- IF NO BADWORDS DETECTED, INSERT POST --->
<cfquery name="" datasource="" username="" password="">
</cfquery>
</cfif>____________________________________
Just Imagine.
Were there any developments to your issue?
____________________________________
Just Imagine.
____________________________________
Just Imagine.
imstillatwork
IS-IT--Management
sounds like a lake of form validation to me? Not a hosting issue
Kevin
Phase 1: Read the CFML Reference
Phase 2: ???
Phase 3: Profit!
Kevin
Phase 1: Read the CFML Reference
Phase 2: ???
Phase 3: Profit!
For anyone who comes upon this thread later, I currently use Support is phenomenal, you get tons of space for your money, and they have re-seller accounts. Never had a problem with them.
P.S. Their site needs some CSS work.. it's not the fanciest one I've seen.. don't let it fool you. 
And no, I am in no way affiliated with the company, I just use them for my re-seller account and thought I'd let anyone who's looking for CF hosting know about them.
And no, I am in no way affiliated with the company, I just use them for my re-seller account and thought I'd let anyone who's looking for CF hosting know about them.I've used the following companies for myself and my clients...
(great compnay; fantastic support 24/7 by email, phone, and chat)
(very good support but by email only; great option for small businesses or personal sites that are strapped for cash)
____________________________________
Just Imagine.
(great compnay; fantastic support 24/7 by email, phone, and chat)
(very good support but by email only; great option for small businesses or personal sites that are strapped for cash)
____________________________________
Just Imagine.
imstillatwork
IS-IT--Management
I've used hostmysite.com for virtual servers and they are fast and great service.
I use crystaltech still for shared hosting.
can't go wrong with either depends on what you need.
Kevin
Phase 1: Read the CFML Reference
Phase 2: ???
Phase 3: Profit!
I use crystaltech still for shared hosting.
can't go wrong with either depends on what you need.
Kevin
Phase 1: Read the CFML Reference
Phase 2: ???
Phase 3: Profit!
- Status
Similar threads
- Locked
- Question