Can you hack it?

bbparis · June 20, 2010, 9:46pm

Hello,

To test my php script ( add your link ), I put it one a website, and some of you remember that when I began learning php, I was sharing with you here my experience, and some e-friends here tried many times to hack the script, to test it in the goal to make it better.

Anyway, I left the script online to let friends and visitors add their links, BUT, from 2 weeks, I discovered that someone hacked my script, and than Google blocks the access to visit the website, anyway, I moved the website now to another server, but I don’t know how the hacker can do that?? so I’m asking you to try to hack my script, to test it and to let me know if I should do something to protect it better… the link is :

http://www.beginfromhere.com/php/addyourlink/

Don’t worry about google message, I moved today to a new server and asked google to recheck again the website.

thanks in advance for you all.

bbparis · June 20, 2010, 10:57pm

thanks for your help

TheRedDevil · June 20, 2010, 11:02pm

If you want to check the script for XSS vulnerability this is a good place to start: http://ha.ckers.org/xss.html

In addition, do you connect to the FTP over SSH/SSL or do you use a normal connection to port 21? If, you might want to change that as in that case all traffic/information is transferred in clear text, so anyone in between you and the server can listen in and capture the information.

bbparis · June 20, 2010, 10:04pm

hemmm how it’s possible to hack my ftp ?? I old hosting was sharing, so I think sharing is more protect than a dedicated normally, non ??

bbparis · June 20, 2010, 9:55pm

ah wait, I think I can get a sample

rpkamp · June 20, 2010, 10:01pm

To me it seems they hacked the FTP server and altered you code. I don’t really see how they could have your script to alter itself. Especially when the script isn’t writable by the web process (which it shouldn’t be).

bbparis · June 20, 2010, 9:58pm

something like the one in this image

e_2512 · June 20, 2010, 9:54pm

is it xss ?

bbparis · June 20, 2010, 9:54pm

yes I forget, concerning database, nothing happens… I was really happy to discover that

bbparis · June 20, 2010, 9:53pm

In fact, they added a code to php files, something like a long script that you can’t understand, like a long code includes letters and numbers.

rpkamp · June 20, 2010, 9:48pm

How was it hacked exactly? What was the effect of the hack? Did they hack the database, or the filesystem?

StarLion · June 20, 2010, 10:33pm

any system that accepts connections is vulnerable to remote attack.
‘protection’ is good, but it’s never perfect. ever.

bbparis · June 20, 2010, 10:17pm

thanks for the information, but can you explain me more, or give me a link to read more about that ?

A question, a lunix dedicated server with plesk 9, should has a Norton antivirus to protect it ?

StarLion · June 20, 2010, 10:10pm

looking at that code, my first impulse is to say - is an indication to the script to read -XX as &#XX;

Topic		Replies	Views
How are my sites getting hacked? Server Config security	10	2258	October 22, 2014
Security issues PHP	21	1166	October 8, 2014
Can Someone Help With PHP Being Exploited? PHP security	7	1558	July 28, 2018
Website has been hacked Server Config security	6	726	February 16, 2011
fx29 shell script Server Config security	8	1645	January 8, 2013

Can you hack it?

Related topics