My web site running by PHP hacked by Turk

I have no idea how this turk could hack my website ,

My site was developed using PHP and MySQL

However i already restored few websites, any sharing could prevent this from happening in near future

Really appreciate it

 

There's no way to determine that without seeing your website.

 

Most likely some (remote) file inclusion vulnerability or SQL injection vulnerability.

 

search for wiki of the topics mentioned by keyaa and search through your code for these vulnerabilities

 

Thanks for info

 

mostly sql injection vulnerability if your scripts are not ready made script like wordpress, drupal, or some other widely used script.

 

Look at Apache logs for a day your site have been hacked. If it was some code in URL like remote file include or SQL injection you'll determine it easily

 

I had a site hacked a few times by him. He belongs to a turkish website that treats hacking as a game and they gets points for the hack and how skilled it was. Hes pretty benign though, just changes .htaccess to point to his index.html file, but you should check your folders, he does drop 1 or 2 files somewhere on your site. I don't know what the files do, but nothing to your benefit i'm sure.

 

validate all your input type text areas and other inputs.
Do not allow any special characters to be input where not required