Hi ,

Somebody send an IM to my yahoo ID and print my database connect FILE ! ( and some other page ) ( he told me that I can run your php pages from two pages 1 mybb script ( that I fixed it ) and 1 php page in your site script )
and warn me that I will do something thats not good for you .
I want to know , How I can find this bug and fix it ?

Please help me , my site has a big script and I write it myself . and has 30,000 daily visit , I don't Want to lose it !

Thanks
I am Waiting for your answer

Probably XSS attack? You put XSS Filters to your site? If not:
Check for solutions here ha.ckers.org or it's ha.cker.org

if you gave him your database info, who knows what he did with it.
I can't understand exactly what is wrong with your site or how to help you fix it. Are you running php?
What type of error are you getting, how do you know its broken?

No , I don't , Can You explain more about XSS attack and XSS filters ?

Yes PHP .

I don't get any error , But I think I do something wrong in my code that this hacker can find it and use it to run PHP files and get source of my files !!!

Anything that I can find this security issue ?
Please help me
Thanks

dig through your logs and see what pages the hacker has been visiting. just look for weird looking entries and then check that page for security holes...

LOG ?
I can't find it , Any other idea ?

LOG ?
I can't find it , Any other idea ?

Your apache log will contain this information. If you are note familiar with where it is located, ask the hosting provider. If you have a lot of traffic, it will take a while to look at each line of this log as it can be quite large. You can probably start off by searching for references to the two files you mentioned he saw / had access to.

This issue is significant, be it XSS ( http://en.wikipedia.org/wiki/Cross-site_scripting ) or SQL injection ( http://en.wikipedia.org/wiki/SQL_injection ) and should be addressed with the utmost of urgency.

Hope that helps.

-Bing

Thanks , I have a question .
I connect to database with xxxxxx.php , with this code :

<?
/* Connecting, selecting database */
$XXXX = mysql_connect("****", "****", "****");
mysql_select_db("****");
?>

How some one can read the source of file !? He IM this page source for me , ( and some other pages ) , I am sure that he don't have access to ftp and cpanel of my site , and he say that I find a bug in your script and I execute PHP pages and find it source !

I don't know , Where I can find that bug . Can any one help me , or this happened for any one yet ?!

You can find the person who is accessing your system by adding tracking system
Add tracking system of goggle ,so that u can know which pages is accessed more time
If one page is accessed my same system many times check the ip address and try to connect person or else put security functions on that pages so that you can protect your site from misuses.

What is the CHMOD of the mysql connect file? Make sure it is not writable.