General Discussions

**hendane** · 11-27-2007, 07:54 PM

My fellow webmaster, a turkish hacker has been messing our site. I keep on fixing our site but after a day or two they're back. I research on the internet but i couldn't find a precise solution. Please help.. I'm new to this webmaster job.

Here's the scenario:

Turkish hacker can only hacked two tables on my database, they changed the values and insert either a script or promotion of their site.

Please help me.. Thank you so much.

**Nathand** · 11-27-2007, 09:47 PM

Do you know how they're hacking your site? Do you have their IP's logged?

First, if you know their IP's block them. Secondly, you need to find out how they are hacking your site. Is it SQL injection, did they guess your password, etc..

**hendane** · 11-27-2007, 10:56 PM

@Nathan

I'm really kinda new on webmaster stuff sir. Where can i see the IP log?

**ForrestCroce** · 11-27-2007, 11:42 PM

Sounds like sql injection. I thought nobody used that anymore...? Figure out which page is being used to change the data in your tables, then lock it down to prevent injections. Or add some check constraints to the table to keep certain data out.

Your request log, with the IP addresses in it, could be in any number of places depending on what type of web server you're using, and how it's configured.

**hendane** · 11-28-2007, 12:12 AM

We're using CPanel and PHPmyadmin.

Yes i also think its an SQL injection, they insert html codes or scripts to promote or brag that they are the one who hacked our site.

Guys i really appreciate the quick replies and help i get from you co webmasters. Thank you so much.

**Learning Newbie** · 11-28-2007, 04:15 PM

Did you get the problem solved?

**ForrestCroce** · 11-29-2007, 01:43 AM

If it's sql injection, using stored procedures is a great line of defense, although you need mysql 5+ for this. But the fastest block you can implement is probably a check constraint on the table disallowing anything containing their url, or an insert trigger that would accomplish the same thing.

If you'd like, we can move this thread to the database forum, where you'll get expert advice regardless of what version of php you're using ... or the php or javascript forum where people can share code to examine user input to prevent this type of attack.

**hendane** · 12-02-2007, 07:35 PM

For now, my client agreed to temporarily shutdown our hacked site. Maybe after a month or two it will be live again with a new IP address. Hopefully we wont be hacked again, thank you so much for the quick replies sir.

**hendane** · 12-02-2007, 07:39 PM

Is there a way that the data on those 2 tables they were hacking can be block or they cannot overwrite? I'm really unsure if it's possible and I'm still new to these job. Thanks.

**ForrestCroce** · 12-02-2007, 09:29 PM

Absolutely. Databases have the concept of validation rules; just like you can prevent someone from storing 'three' in a numeric column, you can set up your own rules to make the table reject changes that would leave certain values. Look into check constraints.