[HELP]Get incorrect password

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    [HELP]Get incorrect password

    Plz anyone help me someone hack my site as a all members get incorrect password and he changed all users browser and password. How can i stop it? I m using mobilezonez script.
    Thanx in advance.
    Last edited by bigboss; 06.08.11, 06:31.
    LoveForum.BiZ

    #2
    sounds like a missing $_GET['passowrd']; more than like globals have been turned off

    Comment


      #3
      How can he remove form my script?
      LoveForum.BiZ

      Comment


        #4
        hacker didnt .... server owners probably did as its a security risk

        (not remove it) but set register global off

        Comment


          #5
          No bro. I faced hacker came in my site and he changed all users browser same like his browser mozilla. And also user facing incerret password after hacker came in my site.
          LoveForum.BiZ

          Comment


            #6
            Hahaha nice0ne

            Comment


              #7
              If you cant help then dont post useless.
              LoveForum.BiZ

              Comment


                #8
                Plz help me anyone wapmaster how can i secure from hacker change all user password? Plz help me argent.
                LoveForum.BiZ

                Comment


                  #9
                  dnt u ava backup?

                  Comment


                    #10
                    I had backup but some users i lost. So plz anyone tell me how to secure it?
                    LoveForum.BiZ

                    Comment


                      #11
                      Originally posted by bigboss View Post
                      I had backup but some users i lost. So plz anyone tell me how to secure it?

                      what script are you using. if you are using the popular "lavalair" or "wapdesire" then you need to rename your sql table names [eg] browser, perm, password, location etc. because the hacker is using SQL Injection to alter your database table. you need to check every user browser string. the hacker can easily change his browser to query such as 'perm='4'# this will update every users Perm to "4" same way the hacker can alter the browsers and password of every user: 'pass='Md5hash'# that query will change everyone password in your database to whatever md5hash the hackers uses..........

                      Comment


                        #12
                        use mysql_real_escape_string() to protect from injecting!

                        Comment


                          #13
                          I am agree with anthony

                          Comment


                            #14
                            If i will rename of browser and pass in every php and database then hacker cant change again?
                            LoveForum.BiZ

                            Comment


                              #15
                              Originally posted by bigboss View Post
                              If i will rename of browser and pass in every php and database then hacker cant change again?

                              remember nothing is 100% hack proof, so Yes if you rename your sql tables and values to a name only unique to you then this will increase the security of your script. as the hacker will have a hard time Guessing the Names of the tables and values

                              PS: You can also Add this line in your .htaccess file: php_flag display_errors off
                              Last edited by Anthony; 07.08.11, 16:07.

                              Comment

                              Working...
                              X