how have you disabled shell scripts ? that might be a hole
-
-
suphp.. If the h0le? They must kn0w the table name t0 inject.. I've change it.. But it still happened.. Is it php s0urce can view?? I think they view my c0nfig file and run aut0mated sql injecti0n..
Added after 2 minutes:
h0w t0 encrypt dbname, dbpass n dbuser in my c0nfig?? I think this 0nly way..Last edited by ewanz; 06.09.10, 16:28.our lfe is simple words....
http://mygenkz.net
ewanz06@yahoo.com
PHP Code:$output="i am NOoob....";
$newfile="ewanz.txt";
$file = fopen ($newfile, "w");
fwrite($file, $output);
fclose ($file);
Comment
-
yes if an php source viewer is uploaded to your site then they can see your database password....
i noticed also in a previous topic that you had malicious warez on your site .... if there still there they can be accessing your data via encrypted files in these
Added after 4 minutes:
you cant encrypt it .... as it can be easily decrypted by looking at your sites....
also just because you have changed your table names and fields a hacker can easily crash your sql to get new table names etc....
so far you havent shown you have any protection on your site.
You keep saying you have got it .... but its obviously not good security
if you showed your security methods we might be able to help you secure them better
but without them this is a dead end topic. as everyone apart from you is working blind to try and help you...Last edited by something else; 06.09.10, 19:28.Comment
-
can i pm u s0mething else? I have s0mething t0 say privacy..
Added after 29 minutes:
yes, i had malware in my r00t before.. But bef0re i g0t malware in r00t..it already happened.. Ive upl0ad shell t00 t0 test my r00t.. It cant run as executeable... How can they upl0ad the php s0urce viewer and i d0nt have 0pen upl0ader t00 in my script f0r any type 0f execute files.. Is it shell can run fr0m image type?? S0 confuse n0w...Last edited by ewanz; 07.09.10, 02:09.our lfe is simple words....
http://mygenkz.net
ewanz06@yahoo.com
PHP Code:$output="i am NOoob....";
$newfile="ewanz.txt";
$file = fopen ($newfile, "w");
fwrite($file, $output);
fclose ($file);
Comment
-
well if ur site is vurnerable to injection then you cant stop heppening it again n again till you know how its happening.. can you tell.. is it lavalair or something else on what u r the VICTIM?Comment
-
dude try this
1. Dont make your root (main user) connectible by anyhost (%) bcuz if its hacked it has permission of all db's
2. For single db make single user to access it and make pass something hard like mix alpha numeric and symbols asdf1234!@#12as so it wont be guessable i didnt try abt alt + number like alt+3 = ♥ if it wrked in sql user pass then 100% he cant get this chara in sql injectionComment
Comment