What's new

My site is getting constantly hacked. Any Idea's

geodomains

Top Contributor
Hi Everyone,
I have a website www.moretonisland.com.au that is getting constantly hacked and has even been listed on a hacking forum for would be hackers to have a go.

I've had the website for 5 years and is the number 1 website for Moreton Island on Google.

My web developer has done some recent upgrades to the site to help stop it, and we thought it was all okay for a while, but they are back again.

Even loading a sickening porn video on my contact us page.:mad:

I've just emailed my web developer again to fix the site, but this is getting so frustrating.

The site brings in about $10k a year and I am worried I'll lose my listings if this keeps happening.

Any idea's guys, all ears?

Don
 

Shaun

Top Contributor
Could you move to SSL? Not sure how or what but we do that on a couple of our sites where we ask for personal details.
 

WG2010

Archived Member
Make sure your web developer has everything up to date as these are SQL injection attacks. Pretty simple to do, just need a browser. If you're running older versions, there is usually a way you can slowly get the information out of the tables (login names, passwords etc).
 

Luke

Top Contributor
Hey mate, as another person has already mentioned, your website is most likely being attacked from SQL injections. This basically means MySQL database queries are being inserted directly into your online forms, and they're able to delete or 'drop' everything from your databases. Protection from SQL injection involves disallowing these queries from being submitted from the front end/interface.

You have some brilliant domains, I'm extremely jealous haha. If you're interested in turning the heat up with an awesome design and cms - I would enjoy helping out. :)
 

geodomains

Top Contributor
Thanks for the reply's guys and PM's of idea's, I will certainly discuss these with my web guy to stop these attacks, will keep you posted.

Don
 

FirstPageResults

Top Contributor
Your web developer needs to validate/sanitise the $_GET variables for invalid requests before using them in sql queries.

This is not hard to do.. and I'd be doing it before someone other than a script kiddy finds it, and injects some malware causing your site to be flagged as dangerous.
 

davids

Top Contributor
Pretty much as FirstPageResults said, get him to make sure all of the $_GET/$_POST/$_SERVER variables are having proper data entered. If your web developer can't fix it, I'll gladly take a look at it for you, should be an extremely easy fix.
 

geodomains

Top Contributor
This is what I love about this forum, great tips and everyone wants to help. A big thank you to everyone again :)

Don
 

davids

Top Contributor
I also noticed that on any SQL error on the site, it'll display the query that returned the error. That makes it extremely easy for anyone who wants to do any SQL Injection on your site. I'd get your developer to never show any of those errors in depth unless in some sort of debug mode.
 

davids

Top Contributor
As a short term extreme solution I'd consider banning all non Aussie IP's.

Add a bit of code from here:

http://www.countryipblocks.net/country-blocks/

to your .htaccess file.

PS Google might not like it.

I wouldn't bother with that, a simple intval() or preg_replace() on the variables will stop the problem from happening at all, it's only a really quick fix, too.

Something like this before you plug the number into a query:
PHP:
$productID = intval( $_GET['id'] );

Or this (leaving decimals):
PHP:
$productID = preg_replace( "/[^0-9\.\-]/","", $_GET['id'] );

From a quick glance, possibly still more, pages that are vulnerable are:
products.php
product.php
links.php
 

geodomains

Top Contributor
Hi Guys,
I've forward the link of the thread to Jason and yes he is going to implement one of the suggestions to stop the attacks.

Been a learning experience for both of us.

Cheers
Don
 

Rhythm

Top Contributor
So what would be a good secure setup configuration?

Are wordpress installs susceptible to this sort of attack?
 

Luke

Top Contributor
Wordpress and other popular scripts are generally safe because alot of time has gone into deveopment, and they're continually improved on through updates. I would avoid using old or smaller/niche scripts developed quickly by beginner programmers.

It's always a good idea to read the list of security features if possible.
 

davids

Top Contributor
So what would be a good secure setup configuration?

Are wordpress installs susceptible to this sort of attack?

Most of the big/well-known ones like Wordpress, Joomla, etc. should all be fine as you keep them up to date. It's more-so custom scripts written by people newer to scripting where you'll run into the vulnerabilities.

You can test these yourself by doing the following;
Say the url is: [noparse]http://www.examplesite.com/example.php?id=10[/noparse]

If the ID is expected to be a number, try putting letters, or an apostrophe or other random characters like so:
[noparse]http://www.examplesite.com/example.php?id=[/noparse]10'blah

If doing that doesn't break it or spit back an error, that page is most likely secure.

If anyone is running a custom script and isn't sure if it's safe from basic SQL injections, feel free to send me a PM and I'll do a quick once-over of it for you.
 

geodomains

Top Contributor
Update:
Fingers crossed now its all fixed, I had someone go over whole site and look for possible entry points and 100's of line's of code have been changed. Used some hacker software as well and says is now not vulnerable. But yes most of the suggestions where very good and again thank you. :)

Don
 

Community sponsors

Domain Parking Manager

AddMe Reputation Management

Digital Marketing Experts

Catch Expired Domains

Web Hosting

Members online

No members online now.

Forum statistics

Threads
11,106
Messages
92,078
Members
2,394
Latest member
Spacemo
Top