1. Welcome to DNTrade. If you want to find out about the latest domain name industry news or talk, share, learn, buy, sell, trade or develop domain names - then you've come to the right place. It's a diverse and active community, with domain investors, web developers and online marketers - and it's free! Click here to join now.
    Dismiss Notice

My site is getting constantly hacked. Any Idea's

Discussion in 'Web Development' started by geodomains, Dec 19, 2010.

  1. geodomains

    geodomains Membership: VIP

    Joined:
    Aug 18, 2008
    Messages:
    838
    Likes Received:
    99
    auDA Member:
    Yes
    Hi Everyone,
    I have a website www.moretonisland.com.au that is getting constantly hacked and has even been listed on a hacking forum for would be hackers to have a go.

    I've had the website for 5 years and is the number 1 website for Moreton Island on Google.

    My web developer has done some recent upgrades to the site to help stop it, and we thought it was all okay for a while, but they are back again.

    Even loading a sickening porn video on my contact us page.:mad:

    I've just emailed my web developer again to fix the site, but this is getting so frustrating.

    The site brings in about $10k a year and I am worried I'll lose my listings if this keeps happening.

    Any idea's guys, all ears?

    Don
     
  2. Shaun

    Shaun Membership: Community

    Joined:
    Aug 18, 2009
    Messages:
    544
    Likes Received:
    0
    Could you move to SSL? Not sure how or what but we do that on a couple of our sites where we ask for personal details.
     
  3. WG2010

    WG2010 Archived Member

    Joined:
    Jun 4, 2010
    Messages:
    355
    Likes Received:
    0
    Make sure your web developer has everything up to date as these are SQL injection attacks. Pretty simple to do, just need a browser. If you're running older versions, there is usually a way you can slowly get the information out of the tables (login names, passwords etc).
     
  4. Luke

    Luke Membership: Community

    Joined:
    Dec 18, 2010
    Messages:
    148
    Likes Received:
    0
    Hey mate, as another person has already mentioned, your website is most likely being attacked from SQL injections. This basically means MySQL database queries are being inserted directly into your online forms, and they're able to delete or 'drop' everything from your databases. Protection from SQL injection involves disallowing these queries from being submitted from the front end/interface.

    You have some brilliant domains, I'm extremely jealous haha. If you're interested in turning the heat up with an awesome design and cms - I would enjoy helping out. :)
     
  5. geodomains

    geodomains Membership: VIP

    Joined:
    Aug 18, 2008
    Messages:
    838
    Likes Received:
    99
    auDA Member:
    Yes
    Thanks for the reply's guys and PM's of idea's, I will certainly discuss these with my web guy to stop these attacks, will keep you posted.

    Don
     
  6. FirstPageResults

    FirstPageResults Membership: VIP

    Joined:
    May 26, 2009
    Messages:
    1,906
    Likes Received:
    105
    auDA Member:
    Yes
    Your web developer needs to validate/sanitise the $_GET variables for invalid requests before using them in sql queries.

    This is not hard to do.. and I'd be doing it before someone other than a script kiddy finds it, and injects some malware causing your site to be flagged as dangerous.
     
  7. djuqa

    djuqa Membership: Trader

    Joined:
    Dec 20, 2009
    Messages:
    758
    Likes Received:
    2
  8. davids

    davids Membership: VIP

    Joined:
    Feb 12, 2010
    Messages:
    149
    Likes Received:
    13
    Pretty much as FirstPageResults said, get him to make sure all of the $_GET/$_POST/$_SERVER variables are having proper data entered. If your web developer can't fix it, I'll gladly take a look at it for you, should be an extremely easy fix.
     
  9. geodomains

    geodomains Membership: VIP

    Joined:
    Aug 18, 2008
    Messages:
    838
    Likes Received:
    99
    auDA Member:
    Yes
    This is what I love about this forum, great tips and everyone wants to help. A big thank you to everyone again :)

    Don
     
  10. davids

    davids Membership: VIP

    Joined:
    Feb 12, 2010
    Messages:
    149
    Likes Received:
    13
    I also noticed that on any SQL error on the site, it'll display the query that returned the error. That makes it extremely easy for anyone who wants to do any SQL Injection on your site. I'd get your developer to never show any of those errors in depth unless in some sort of debug mode.
     
  11. johno69

    johno69 Membership: VIP

    Joined:
    Nov 29, 2008
    Messages:
    2,663
    Likes Received:
    422
    auDA Member:
    Yes
  12. Bacon Farmer

    Bacon Farmer Membership: VIP

    Joined:
    Jan 21, 2009
    Messages:
    906
    Likes Received:
    540
  13. davids

    davids Membership: VIP

    Joined:
    Feb 12, 2010
    Messages:
    149
    Likes Received:
    13
    I wouldn't bother with that, a simple intval() or preg_replace() on the variables will stop the problem from happening at all, it's only a really quick fix, too.

    Something like this before you plug the number into a query:
    PHP:
    $productID intval$_GET['id'] );
    Or this (leaving decimals):
    PHP:
    $productID preg_replace"/[^0-9\.\-]/",""$_GET['id'] );
    From a quick glance, possibly still more, pages that are vulnerable are:
    products.php
    product.php
    links.php
     
  14. geodomains

    geodomains Membership: VIP

    Joined:
    Aug 18, 2008
    Messages:
    838
    Likes Received:
    99
    auDA Member:
    Yes
    Hi Guys,
    I've forward the link of the thread to Jason and yes he is going to implement one of the suggestions to stop the attacks.

    Been a learning experience for both of us.

    Cheers
    Don
     
  15. Rhythm

    Rhythm Membership: VIP

    Joined:
    Sep 25, 2008
    Messages:
    1,162
    Likes Received:
    118
    So what would be a good secure setup configuration?

    Are wordpress installs susceptible to this sort of attack?
     
  16. FirstPageResults

    FirstPageResults Membership: VIP

    Joined:
    May 26, 2009
    Messages:
    1,906
    Likes Received:
    105
    auDA Member:
    Yes
    Should be OK providing you keep your installs up to date. Otherwise bots/scripts can scan your site for known vulnerabilities
     
  17. Luke

    Luke Membership: Community

    Joined:
    Dec 18, 2010
    Messages:
    148
    Likes Received:
    0
    Wordpress and other popular scripts are generally safe because alot of time has gone into deveopment, and they're continually improved on through updates. I would avoid using old or smaller/niche scripts developed quickly by beginner programmers.

    It's always a good idea to read the list of security features if possible.
     
  18. davids

    davids Membership: VIP

    Joined:
    Feb 12, 2010
    Messages:
    149
    Likes Received:
    13
    Most of the big/well-known ones like Wordpress, Joomla, etc. should all be fine as you keep them up to date. It's more-so custom scripts written by people newer to scripting where you'll run into the vulnerabilities.

    You can test these yourself by doing the following;
    Say the url is: [noparse]http://www.examplesite.com/example.php?id=10[/noparse]

    If the ID is expected to be a number, try putting letters, or an apostrophe or other random characters like so:
    [noparse]http://www.examplesite.com/example.php?id=[/noparse]10'blah

    If doing that doesn't break it or spit back an error, that page is most likely secure.

    If anyone is running a custom script and isn't sure if it's safe from basic SQL injections, feel free to send me a PM and I'll do a quick once-over of it for you.
     
  19. coreyg

    coreyg Membership: Community

    Joined:
    Aug 27, 2009
    Messages:
    334
    Likes Received:
    0
    Have you considered turning off the "Login" on the main menu?

    Cheers
    Corey
     
  20. geodomains

    geodomains Membership: VIP

    Joined:
    Aug 18, 2008
    Messages:
    838
    Likes Received:
    99
    auDA Member:
    Yes
    Update:
    Fingers crossed now its all fixed, I had someone go over whole site and look for possible entry points and 100's of line's of code have been changed. Used some hacker software as well and says is now not vulnerable. But yes most of the suggestions where very good and again thank you. :)

    Don