03102006 0623 GMT-6 Did you be sure to strip out any html characters? Did you use a strong password? Im not sure how they would but, you might try using the nocache to dump data after usage.
Wade [EMAIL PROTECTED] wrote: >hmmm, > >Someone has managed to hack into my website administration.... that I >wrote :-( > >* My user & pass are stored in mysql >* The login page checks that both login $_POSTS match the Mysql Data >& then sets 3 sessions[] >.... one with my username, one to say "loggedin=yes" & the 3rd with >my access level. eg admin >* The login page is secure and so is every subsequent page. >* All 3 login sessions are checked on each page & if any fail your >booted. > >So, any ideas how they got in? What are the potential PHP exploits >for this type of login system? >Maybe they got hold of my login? >hmm, maybe - but the IP I see for them is on the other side of the >globe & my computer is pretty secure. > >Any suggestions? > >Thanks all, >Riquez > > >Community email addresses: > Post message: [email protected] > Subscribe: [EMAIL PROTECTED] > Unsubscribe: [EMAIL PROTECTED] > List owner: [EMAIL PROTECTED] > >Shortcut URL to this page: > http://groups.yahoo.com/group/php-list >Yahoo! Groups Links > > > > > > > > > > Community email addresses: Post message: [email protected] Subscribe: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] List owner: [EMAIL PROTECTED] Shortcut URL to this page: http://groups.yahoo.com/group/php-list Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/php-list/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
