Hey all! My website was hacked! www.theimagebase.com was hacked, i dont know how long ago, i just went to it today. pretty annoying huh? In case i put the site up like now (which i will) heres a SS of the page: http://img361.imageshack.us/my.php?image=sp3220060717115009hw1.gif This kinda sucks, but it wasnt getting much traffic anyways. And i think it happened today as i got a click for today from it on adsense.
If your website was HTML then it's hard to hack using browser.. so check ur PC may be you have trojan in pc or may be your server was hacked from some where else...
Itll be the php upload feature you have on your site. One of my sites got hacked 3 times using the upload feature. They seem to upload this file manager php file and then get access to your files via that. First time I found out I was so shocked that it was that easy to hack sites if not properly secure... Doesnt really matter for me tho - my site that got hacked is pretty crappy
HEhe yea i just loked through and fixed my site. This is what i saw: http://www.theimagebase.com/viewer.php?id=977SP32-20060717-122357.gif and this is the php file: http://theimagebase.com/viewer.php?id=2977SP32-20060717-122346.gif look at bandwidth usage for last 3 days here: http://theimagebase.com/viewer.php?id=8195SP32-20060717-120403.gif yea i talked to that hotmail account and the guy talked some weird arabic crap.
Thats exactly the same program that the guy used to hack my site. Seriously I have no idea why they even bother - that's such low level crap!!! It requires no skill!!!! Not to mention the fact its fkin annoying... Good you got your site fixed
You run a image upload site. there is a php file manager program which provides access to your site directory. someone tried to do it with one of my image Hosting site. Check your upload folder if permissions are set to 777 change it 666 so they cant execute the file in that folder. if it works then okay, other wise you have prevent script execution in that folder by your server settings.
Getting hacked can be a GOOD thing! Besides teaching you about a flaw in your site it also brings backlinks and traffic. I had a tiny linkbait site I put up with a funny flash movie that got hacked. I caught it pretty quick because I was working on it. So when the hackers submitted it to all the defaced sites they normally do to show off I fixed it and got all that traffic. Because the flash movie was funny they linked to it and told their friends
To make sure that your Apache config (if you use apache) has something like: <Directory /path/to/upload/folder> AllowOverride none AddType text/plain .html .htm .shtml php_admin_flag engine off </Directory>
There are still enough security holes in that site for another break-in to happen, i'd suggest grabbing a book like "Essential PHP Security" and getting up to scratch. 1) None of your content is protected http://www.theimagebase.com/userimages/ 2) No checking is done on quite a few POST/GET variables, here is the most harmless example: http://www.theimagebase.com/viewer.php?id=anythinggoeshereevenhtmlorjavascript
Uhmmm I think that would only apply if he had global variables turned on through httpd.conf or .htaccess don't you think? Otherwise PHP doesnt parse ?= variable assignements through url input.