Hi, Maybe you left a session open on the server and it was hijacked.
http://www.sitepoint.com/blogs/2004/03/03/notes-on-php-session-security/ Are you limiting special characters from your login form fields? Sincerely, Mike -- Mike Brandonisio * Web Hosting Tech One Illustration * Internet Marketing tel (630) 759-9283 * e-Commerce [EMAIL PROTECTED] * http://www.jikometrix.net JIKOmetrix - Reliable web hosting On Mar 10, 2006, at 2:04 AM, [EMAIL PROTECTED] wrote: > hmmm, > > Someone has managed to hack into my website administration.... that I > wrote :-( > > * My user & pass are stored in mysql > * The login page checks that both login $_POSTS match the Mysql Data > & then sets 3 sessions[] > .... one with my username, one to say "loggedin=yes" & the 3rd with > my access level. eg admin > * The login page is secure and so is every subsequent page. > * All 3 login sessions are checked on each page & if any fail your > booted. > > So, any ideas how they got in? What are the potential PHP exploits > for this type of login system? > Maybe they got hold of my login? > hmm, maybe - but the IP I see for them is on the other side of the > globe & my computer is pretty secure. > > Any suggestions? > > Thanks all, > Riquez > > > Community email addresses: > Post message: [email protected] > Subscribe: [EMAIL PROTECTED] > Unsubscribe: [EMAIL PROTECTED] > List owner: [EMAIL PROTECTED] > > Shortcut URL to this page: > http://groups.yahoo.com/group/php-list > Yahoo! Groups Links > > > > > > > > Community email addresses: Post message: [email protected] Subscribe: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] List owner: [EMAIL PROTECTED] Shortcut URL to this page: http://groups.yahoo.com/group/php-list Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/php-list/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
