It seems as though that those pesky tunisian hackers are targeting my sites. I think I found the vulnerability in one of my scripts, but have no idea how they found it to begin with. Any ideas?
Also, is there a script of some sort that I can upload to the website that shows vulnerabilities? It looks like the hackers are using something similar to figure out what/where to upload.
I don’t know if there is a script but you need to fix that ASAP. You don’t want your account getting screwed up.
of course kbosworth 
Already is fixed, but I want to see if there is a script that shows vulnerabilities and such.
as far as i know there is no such script
hackers check your website with simple things like
handling more than 256 char in url
html insertion attack
check for sql vulnerabilities.
creating load of session on your site etc
you can easily handle these things in your code.
This is something that you need to “see the code to know” as there could be security flaws at any point.
It’s best to check the code itself for exploitable parts or hire someone to do just that.
Is everything on your site custom made or are they all third party scripts?
You can compare your code against the best practices discussed in these articles:
RFI: PHP coding: How to prevent Remote File Inclusion (RFI)
SQL Injection: PHP coding: How to prevent SQL injection in MySQL
If that isn’t sufficient, there are companies that can scan your pages to test them for RFI, SQL injection, and other vulnerabilities. They mostly try to sell monthly scans as an ongoing service (hardly necessary in my opinion unless you are doing an awful lot of ongoing development and making changes all the time), but at least one of them will do a one-time scan for about $35, as I recall. That one is the WSSA scan at Beyond Security. I’m not affiliated with them and don’t have any experience with them, but that’s the one I’d try first if I ever need a service like that.
But really you can do it by manual inspection. It just takes time, a logical approach, and attention to detail.
As fas as hackers “finding” the vulnerabilities in your scripts, it’s usually more the case that they throw a million different exploit attempts randomly against a million different sites, and some of them succeed.
Check your .HTACCESS maybe it is not properly configured. Setting it properly can help prevent hackers.