www.webdeveloper.com
Results 1 to 3 of 3

Thread: php decode hacked my site

  1. #1
    Join Date
    Sep 2008
    Posts
    206

    php decode hacked my site

    i found a problem on my site and when i compare the files on the server with my local files i found that every page (*.js or *.php) has this line on it
    <?php /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKC
    or a javascript line


    so i knew that my site has been hacked..
    so
    1 - i want to know how to prevent anyone to hack my site?
    i made on every textfield or textarea on posting or getting it the htmlspecialcharacter($_POST['name'])

    is this true? and can it help me?

    2- how did anyone hack my site??

    3- how i can know what does this code mean???

    thanks in advance and have a nice day

  2. #2
    Join Date
    Jun 2008
    Location
    Europe
    Posts
    1,096
    What is the code in its entirety... post it in a code box. We can decode it.

    You can try yourself here:
    http://www.motobit.com/util/base64-decoder-encoder.asp

    If your site is wordpress and you downloaded a theme from a rogue site like worpressthemesbase.com (the first entry on the first Google SERP - still, even after I complained and turned these fiends in to Google...)

    IF it is Wordpress, these rogue themes install a hyperlink in your footer and it's designed to be invisible if you are logged in.
    It also makes changes to your wp-includes/general-template.php file.

    If this is what happened to you, it's an easy fix.
    1.) Upgrade to Wordpress 2.8.4
    2.) Delete all rogue themes and don't try to fix them.
    3.) Replace the file: wp-includes/general-template.php

    That's it if this was your problem.

    Post more information and/or your solution if you found one or if this was the solution.

  3. #3
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,176
    Quote Originally Posted by donatello View Post
    What is the code in its entirety... post it in a code box. We can decode it....
    While it might be interesting to do so, knowing what the inserted code is does not really help you prevent it from being inserted into your site again, other than, I suppose, using any info in it as something to search on to find out if there's a specific security hole.

    As far as preventing:

    Only use 3rd-party code that you trust, and make sure you use the latest versions.

    Use strong passwords on your web host: login, FTP, and database. If you share them with anyone for some reason, change them as soon as that someone no longer needs them. Since you've been hacked, be sure to change all of them now.

    Ensure all directories/files that do not have to have write permission for anyone other than the owner only allow writing by the owner. This is mainly important for shared hosts.

    If this is an "important" site to you and you are on a shared host, consider moving to a dedicated host or at least a virtual dedicated host.

    Get yourself a copy of Essential PHP Security by Shiflett and read it a couple times (it's short).
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles