My site has been used for Phishing

MarkJeater

Help please,

I have a website that someone has been able to hack and install phishing pages!

I need to set the security to make this impossible. Looking back in the logs I found this code snippet:

"GET /index.php?page=latestnews//conlib/prepend.php3?cfg[path][contenido]=../../../../../../../../../../../../..//proc/self/environ%0000 HTTP/1.1" 200 6578 "-" "<?eval(base64_decode('</p>

After the page=latestnews there is a reference to conlib/prepend?cfg[path][contendido] which appears to install a page on the root directory from which they seem to be able to install phishing sites.

I have several sites on a dedicated FastHosts server but only 1 is being attacked?

Has anyone come across this and can recommend what to do?

Thanks

Mark

marc

That looks like an sql injection...

parametrize your queries

Regards

MarkJeater

Hi marc,

I've been through the database and it doesn't appear to be a sql injection.

More like an attack through Contenido CMS which we are not using but maybe installed as standard by FastHosts.

But, I can't find out how to disable this?

My main goal is to be able to tell FastHosts that the site cannot be attacked in this way again.

Thanks

marc

Well, it's not an *sql* injection but it's an *injection* after all. You php code allows any paramter and the prove is :"../../../../../../../../../../../../.."

Your security problem is there

Regards

woboyle

1. Don't allow any input beyond specific formats.
2. For database I/O, DO NOT USE SQL in your forms - use stored procedures that do not take arguments as partial sql strings, but are only data passed in bound variables.
3. For all other input data, validate EVERYTHING.

It's not impossible to secure a web site from hacking, but it takes time and effort. If you don't want to invest in security, you will continue to be insecure.