script added to files automatically
Erroneous redirection script was added in to the PHP files on the server..
1st time, the script was:
i modified the files, removed them, changed all my passwords, including FTP.
but again the second time, script was added automatically to files. this time it was,
when i checked out on net, i found out that these are sites related to SQL-injection attack.
please help me out. y is this happeneng and how to prevent it...
Sounds like you have a form that is not doing any validation. Do you have content being pulled from a database?
Does any page on your site do an include() or require() based on a URL or form value? If so, if you do not properly validate/filter that value, it's relatively easy to make the page include a remote file that could do all sorts of things, such as injecting links into all of your pages. (This is one reason that many hosts disable the allow_url_fopen PHP option.)
"Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
~ Terry Pratchett in Nation
well, i do have to get data from the dabase. but i checked the database for any erroneous injections but did not find anything fishy..
regarding includes, i have used includes but that is for my functions wit a file on my own server..havn't used require() though..
thanx for your replies friends..i wish my problem is solved as soon as possible..waiting for further replies
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)