Site hacked

Forum Moderators: phranque

Message Too Old, No Replies

Site hacked

FromBelgium

4:47 pm on Oct 5, 2014 (gmt 0)

When searching in Google for my site I saw a warning "This site may be hacked". And indeed my site was been hacked. A lot of new files were created in an existing folder ("mail"). Only one existing index file was altered (with links these new files). I only have 1 dynamic page using below code to sanitize. Is this code OK? It is on a Windows server.

function Clean($varia) {
$varia=rtrim($varia);
$varia=ltrim($varia);
$varia=htmlentities($varia, ENT_QUOTES);
$varia=str_replace("\n","<br>",$varia);
if (get_magic_quotes_gpc()) {$varia = stripslashes($varia);}
return $varia;}
foreach($_POST as $name1 => $value){$_POST[$name1] = Clean($value);}
foreach($_GET as $name1 => $value){$_GET[$name1] = Clean($value);}

not2easy

4:57 pm on Oct 5, 2014 (gmt 0)

Sorry, I can't help you about the code or Windows server question - but there are tools to analyze and clean a hacked site at [support.google.com...] Google Support. That can help you get the notice removed from serps faster too.

bhukkel

6:23 pm on Oct 5, 2014 (gmt 0)

This code protects you from a XSS vulnerability but not against other vulnerabilities like SQL injection. You need to be more specific so for example if you expect an integer you need to check if it is an integer.

FromBelgium

7:47 pm on Oct 5, 2014 (gmt 0)

They put below script (I changed website and there were hundreds of links). Is it possible to place this script in the middle of a html file without having direct FTP access?

<script language="Javascript">document.write("<div style=\"height:1px;overflow:hidden;\">");</script>
<a href="http://www.example.com/mail/prada-outlet-207.html">プラダ 財布 メンズ 二つ折り</a>
<script language="Javascript">document.write("</div>");</script>

Site hacked

FromBelgium

not2easy

bhukkel

FromBelgium

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week