Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 12 of 12
  1. #1
    New to the CF scene
    Join Date
    May 2008
    Posts
    5
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Exploit Please Help

    Hello, my website has been getting hacked repeatedly for the last week or so no matter what i do. So i have a simple website that a friend made for me. I looked in the code and found a include statement i went to google and found this.

    http://www.theserverpages.com/articl...Explained.html

    So basically, i am asking if the code on my website is vulnerable to this attack.
    Code:
    <?
     include("bottom.php");
    ?>
    Code:
     $top = "1";
     include("top.php");

  • #2
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,151
    Thanks
    2
    Thanked 335 Times in 327 Posts
    Like you were told in the other forum where you posted that question. The two include() statements you posted cannot include raw remote code and execute it on your server. The files they are including is hard-coded and does not come from a variable that can be set by someone outside of your code.

    The second piece of code is not even using the $top variable (if it was and if register globals are on, then yes someone could specify a remote file and raw php code could be included and executed on your server.)
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.

  • Users who have thanked CFMaBiSmAd for this post:

    marsh0 (05-11-2008)

  • #3
    New to the CF scene
    Join Date
    May 2008
    Posts
    5
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Thanks, just wanted a second opinion its kind of a important topic.

  • #4
    Regular Coder
    Join Date
    May 2008
    Location
    Ohio
    Posts
    231
    Thanks
    3
    Thanked 21 Times in 21 Posts
    Why don't you post more code from the website? Edit out any info that would make it obvious what your website url is - especially if you say it's open to attacks.

    I'm sure that with the number of experts here, we'll be able to find it in a hot second. Look for code containing $_GET or $_POST - those are the most commonly exploited.

  • Users who have thanked derzok for this post:

    marsh0 (05-11-2008)

  • #5
    New to the CF scene
    Join Date
    May 2008
    Posts
    5
    Thanks
    2
    Thanked 0 Times in 0 Posts
    You can take a look at the whole site its juts going to take hacked in a few days anyway.

    www.freemmorpgmaker.com i would appreciate any help i can get.

  • #6
    Master Coder
    Join Date
    Dec 2007
    Posts
    6,682
    Thanks
    436
    Thanked 890 Times in 879 Posts
    Quote Originally Posted by marsh0 View Post
    You can take a look at the whole site its juts going to take hacked in a few days anyway.

    www.freemmorpgmaker.com i would appreciate any help i can get.
    you run a game engine and a svn server and probably a lot of soft you need on same machine. Why did you think that php part is guilty( I don't say that is not because I can't know that). A cracker must find a way to gain access and that could be anywhere. You must give more relevant details about what's happend, why did you think that is a attack and not a bug/problem/mistake/something else, what did you know, what did you suppose it is, and so on.

    PS: Keep in mind that is a public forums with public access.

    regards

  • #7
    New to the CF scene
    Join Date
    May 2008
    Posts
    5
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by oesxyl View Post
    you run a game engine and a svn server and probably a lot of soft you need on same machine. Why did you think that php part is guilty( I don't say that is not because I can't know that). A cracker must find a way to gain access and that could be anywhere. You must give more relevant details about what's happend, why did you think that is a attack and not a bug/problem/mistake/something else, what did you know, what did you suppose it is, and so on.

    PS: Keep in mind that is a public forums with public access.

    regards
    Yea your right its properly just a bug that made my site delete itself and get a giant image saying hacked by level 69 on it.

  • #8
    Regular Coder FWDrew's Avatar
    Join Date
    Apr 2008
    Location
    Missouri
    Posts
    380
    Thanks
    38
    Thanked 45 Times in 43 Posts
    Quote Originally Posted by marsh0 View Post
    Yea your right its properly just a bug that made my site delete itself and get a giant image saying hacked by level 69 on it.
    He asked you why you thought it was an attack and not a bug, no need for the sarcasm when people are trying to help you.

    And BTW, might not be the smartest decision to post the URL of a site that is known to be very exploitable or that your having security issues with, invites the "bad guys" right on in. Oesxyl tried to point this out to you...you were too busy being sarcastic.

  • #9
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    We would need to see the php for your site before its parsed to let you know if its exploitable.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #10
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,647
    Thanks
    2
    Thanked 406 Times in 398 Posts
    Couple of tips..
    • Look through your code for queries using unescaped user input.
    • Change your passwords(hosting account, mysql, script).
    • Check your permissions.
    • Look over your various settings for things that might have been changed(forgotten password e-mail for instance).

  • #11
    New to the CF scene
    Join Date
    May 2008
    Posts
    5
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Inigoesdr View Post
    Couple of tips..
    • Look through your code for queries using unescaped user input.
    • Change your passwords(hosting account, mysql, script).
    • Check your permissions.
    • Look over your various settings for things that might have been changed(forgotten password e-mail for instance).
    Thanks for the last one thats really good advice.


    Also i dont care if poeple no the site is exploitable its getting hacked every day already. Doesn't make much of a difference. I also removed everything from the site but the main files so i want to see if its still there. I was in a bad mood last night so sorry for the dumb comments.

  • #12
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    The problem may or may not be PHP. You should comb through the log files, and/or start logging a few critical processes to see if that leads you anywhere productive.

    Best Regards,

    level 69



  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •