Ok this guy still found a way into my site. I have no idea how he is getting in, like where the point of entry is. This is an annoyance. I am going to have to look over all of my code. It would help if I knew how hackers break into stuff to know how he is breaking in . You think you would be willing to help me fix this problem, like maybe look at a few files? Its really crappily done, its my early work and I was not getting paid, but I do not want to completely redo it, so I was just hopeing to find the holes without having to recode it all. I thought he was putting some malitious stuff into my data base, but now I am not sure, he could be brute forceing my login form or something because I revampt the registration from so you cant put in html, but there are no new entries, I deleted the old ones changed passes, but he is still using some of the other accounts. I might move to a cookie based login to eliminate a session problem. Got any tips for how to make a login form secure? Like disableing html is good for a registration form because the data can be redisplayed, but on a login form the data is not redisplayed, its just matched with the db. I am using mssql server btw, so he is not simply downloading an access mdb and looking at the contents.
It looks like there was something like
' or 1=1 --
as a session id, which I do not understand.
I tried ' or 1=1 -- on my login form and it let me right in, very eye opening. I am going to replace some normal characters on that form, this is disturbing.