Plz anyone help me someone hack my site as a all members get incorrect password and he changed all users browser and password. How can i stop it? I m using mobilezonez script.
Thanx in advance.
Thanx in advance.
-
-
sounds like a missing $_GET['passowrd']; more than like globals have been turned off -
-
hacker didnt .... server owners probably did as its a security risk
(not remove it) but set register global offComment
-
No bro. I faced hacker came in my site and he changed all users browser same like his browser mozilla. And also user facing incerret password after hacker came in my site.Comment
-
Hahaha nice0neComment
-
-
Plz help me anyone wapmaster how can i secure from hacker change all user password? Plz help me argent.Comment
-
-
-
Originally posted by bigboss View Post
what script are you using. if you are using the popular "lavalair" or "wapdesire" then you need to rename your sql table names [eg] browser, perm, password, location etc. because the hacker is using SQL Injection to alter your database table. you need to check every user browser string. the hacker can easily change his browser to query such as 'perm='4'# this will update every users Perm to "4" same way the hacker can alter the browsers and password of every user: 'pass='Md5hash'# that query will change everyone password in your database to whatever md5hash the hackers uses..........Comment
-
use mysql_real_escape_string() to protect from injecting!Comment
-
I am agree with anthonyComment
-
If i will rename of browser and pass in every php and database then hacker cant change again?Comment
-
Originally posted by bigboss View Post
remember nothing is 100% hack proof, so Yes if you rename your sql tables and values to a name only unique to you then this will increase the security of your script. as the hacker will have a hard time Guessing the Names of the tables and values
PS: You can also Add this line in your .htaccess file: php_flag display_errors offLast edited by Anthony; 07.08.11, 16:07.Comment
Comment