Re: [PHP] HELP SQL INJECTION

2009-07-11 Thread Ashley Sheridan
On Saturday 11 July 2009 01:17:28 Zareef Ahmed wrote:
 Hi,

  First of all change your FTP password and stop storing your password in
 your FTP client.
 This type of attacks are very common with the people who use insecure FTP
 client.

 My previous experience with your kind of problem tell me that chances of a
 FTP attack are really higher in the pattern of your case.

 Zareef Ahmed

 On Sat, Jul 11, 2009 at 3:50 AM, Daniel Brown danbr...@php.net wrote:
  On Fri, Jul 10, 2009 at 18:11, Chris Paynechris_pa...@danmangames.com
 
  wrote:
   Sorry I post at the top because i'm legally blind and it's easier but
   i'll try to post at the bottom :-)
  
   This is the main site on my server:
  
   http://www.oxyge.net
  
   I just took out the offending code at the end of the index page to get
   it back up and running.
 
  Check the /blog/ as well.  Parse error.
 
  --
  /Daniel P. Brown
  daniel.br...@parasane.net || danbr...@php.net
  http://www.parasane.net/ || http://www.pilotpig.net/
  Check out our great hosting and dedicated server deals at
  http://twitter.com/pilotpig
 
  --
  PHP General Mailing List (http://www.php.net/)
  To unsubscribe, visit: http://www.php.net/unsub.php

Another way that they hackers get in in the first place is by exploiting a 
vulnerability in software you have on the server. Have you installed 
something pre-built, like a forum, blog, etc? Sometimes, these have holes, 
which can be an open door if left unpatched.

-- 
Thanks,
Ash
http://www.ashleysheridan.co.uk

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] HELP SQL INJECTION

2009-07-10 Thread Daniel Brown
On Fri, Jul 10, 2009 at 15:48, Chris Paynechris_pa...@danmangames.com wrote:
 Hi everyone,

 My server appears to be the victim of a chinese hack-attack and I
 believe they managed to change pages via SQL Injection, do any of you
 have any ideas how to lock down my forms so MySQL cannot be used from
 my forms?

First and foremost:

http://php.net/mysql_real_escape_string

-- 
/Daniel P. Brown
daniel.br...@parasane.net || danbr...@php.net
http://www.parasane.net/ || http://www.pilotpig.net/
Check out our great hosting and dedicated server deals at
http://twitter.com/pilotpig

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] HELP SQL INJECTION

2009-07-10 Thread Eddie Drapkin
On Fri, Jul 10, 2009 at 3:50 PM, Daniel Browndanbr...@php.net wrote:
 On Fri, Jul 10, 2009 at 15:48, Chris Paynechris_pa...@danmangames.com wrote:
 Hi everyone,

 My server appears to be the victim of a chinese hack-attack and I
 believe they managed to change pages via SQL Injection, do any of you
 have any ideas how to lock down my forms so MySQL cannot be used from
 my forms?

    First and foremost:

        http://php.net/mysql_real_escape_string

 --
 /Daniel P. Brown
 daniel.br...@parasane.net || danbr...@php.net
 http://www.parasane.net/ || http://www.pilotpig.net/
 Check out our great hosting and dedicated server deals at
 http://twitter.com/pilotpig

 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php



You, sir, are an email list ninja.  Not ten seconds before I hit Send,
Gmail tells me you ninja'd my response!

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] HELP SQL INJECTION

2009-07-10 Thread Govinda


On Jul 10, 2009, at 1:50 PM, Daniel Brown wrote:

On Fri, Jul 10, 2009 at 15:48, Chris  
Paynechris_pa...@danmangames.com wrote:

Hi everyone,

My server appears to be the victim of a chinese hack-attack and I
believe they managed to change pages via SQL Injection, do any of you
have any ideas how to lock down my forms so MySQL cannot be used from
my forms?


   First and foremost:

   http://php.net/mysql_real_escape_string


I am total newbie here, but I can say I would recommend getting a good  
PHP book or at least reading some articles on preventing XSS attacks  
(if I said that right)  and also SQL injection.


for inserting data in to your db, use placeholders.

for printing data coming from the db, use htmlentities()

for retrieving data from your db via form/user input, use  
mysql_real_escape_string and strtr() to escape SQL wildcards (%) and  
the _ char.


If I mis-guide the OP, please correct me!


Govinda
govinda.webdnat...@gmail.com



Re: [PHP] HELP SQL INJECTION

2009-07-10 Thread Chris Payne
Hi everyone,

Hmmm i'm not sure it is an SQL Injection now, done a lot more checking
and it is inserting code at the end of every index.htm index.html
default.html and index.php pages on my site.

Ooooh what fun :-)

Chris

On Fri, Jul 10, 2009 at 2:22 PM, Govindagovinda.webdnat...@gmail.com wrote:

 On Jul 10, 2009, at 1:50 PM, Daniel Brown wrote:

 On Fri, Jul 10, 2009 at 15:48, Chris Paynechris_pa...@danmangames.com
 wrote:

 Hi everyone,

 My server appears to be the victim of a chinese hack-attack and I
 believe they managed to change pages via SQL Injection, do any of you
 have any ideas how to lock down my forms so MySQL cannot be used from
 my forms?

   First and foremost:

       http://php.net/mysql_real_escape_string

 I am total newbie here, but I can say I would recommend getting a good PHP
 book or at least reading some articles on preventing XSS attacks (if I said
 that right)  and also SQL injection.

 for inserting data in to your db, use placeholders.

 for printing data coming from the db, use htmlentities()

 for retrieving data from your db via form/user input, use
 mysql_real_escape_string and strtr() to escape SQL wildcards (%) and the _
 char.

 If I mis-guide the OP, please correct me!

 
 Govinda
 govinda.webdnat...@gmail.com



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] HELP SQL INJECTION

2009-07-10 Thread Daniel Brown
On Fri, Jul 10, 2009 at 17:37, Chris Paynechris_pa...@danmangames.com wrote:
 Hi everyone,

 Hmmm i'm not sure it is an SQL Injection now, done a lot more checking
 and it is inserting code at the end of every index.htm index.html
 default.html and index.php pages on my site.

 Ooooh what fun :-)

Wouldn't happen to be in Chinese, would it?  It sounds quite
reminiscent of the regular JavaScript and XSS stuff.

-- 
/Daniel P. Brown
daniel.br...@parasane.net || danbr...@php.net
http://www.parasane.net/ || http://www.pilotpig.net/
Check out our great hosting and dedicated server deals at
http://twitter.com/pilotpig

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] HELP SQL INJECTION

2009-07-10 Thread Chris Payne
Hi,

Yes their IP is from Russia by Chinese in origin.

How can this be prevented?

Thank you all SO much for your help, it is very appreciated.

Chris

On Fri, Jul 10, 2009 at 2:40 PM, Daniel Browndanbr...@php.net wrote:
 On Fri, Jul 10, 2009 at 17:37, Chris Paynechris_pa...@danmangames.com wrote:
 Hi everyone,

 Hmmm i'm not sure it is an SQL Injection now, done a lot more checking
 and it is inserting code at the end of every index.htm index.html
 default.html and index.php pages on my site.

 Ooooh what fun :-)

    Wouldn't happen to be in Chinese, would it?  It sounds quite
 reminiscent of the regular JavaScript and XSS stuff.

 --
 /Daniel P. Brown
 daniel.br...@parasane.net || danbr...@php.net
 http://www.parasane.net/ || http://www.pilotpig.net/
 Check out our great hosting and dedicated server deals at
 http://twitter.com/pilotpig


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] HELP SQL INJECTION

2009-07-10 Thread Daniel Brown
On Fri, Jul 10, 2009 at 17:48, Chris Paynechris_pa...@danmangames.com wrote:
 Hi,

 Yes their IP is from Russia by Chinese in origin.

 How can this be prevented?

 Thank you all SO much for your help, it is very appreciated.

So would be your move to bottom-posting (with nods to the jihad
that was the longest thread of the list so far this month) as per the
mailing list rules.  ;-P

What's the URL to your site, if you feel comfortable in providing it here?

-- 
/Daniel P. Brown
daniel.br...@parasane.net || danbr...@php.net
http://www.parasane.net/ || http://www.pilotpig.net/
Check out our great hosting and dedicated server deals at
http://twitter.com/pilotpig

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] HELP SQL INJECTION

2009-07-10 Thread Chris Payne
 Thank you all SO much for your help, it is very appreciated.

    So would be your move to bottom-posting (with nods to the jihad
 that was the longest thread of the list so far this month) as per the
 mailing list rules.  ;-P

    What's the URL to your site, if you feel comfortable in providing it here?

Sorry I post at the top because i'm legally blind and it's easier but
i'll try to post at the bottom :-)

This is the main site on my server:

http://www.oxyge.net

I just took out the offending code at the end of the index page to get
it back up and running.

Chris

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] HELP SQL INJECTION

2009-07-10 Thread Daniel Brown
On Fri, Jul 10, 2009 at 18:11, Chris Paynechris_pa...@danmangames.com wrote:

 Sorry I post at the top because i'm legally blind and it's easier but
 i'll try to post at the bottom :-)

 This is the main site on my server:

 http://www.oxyge.net

 I just took out the offending code at the end of the index page to get
 it back up and running.

Check the /blog/ as well.  Parse error.

-- 
/Daniel P. Brown
daniel.br...@parasane.net || danbr...@php.net
http://www.parasane.net/ || http://www.pilotpig.net/
Check out our great hosting and dedicated server deals at
http://twitter.com/pilotpig

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] HELP SQL INJECTION

2009-07-10 Thread Zareef Ahmed
Hi,

 First of all change your FTP password and stop storing your password in
your FTP client.
This type of attacks are very common with the people who use insecure FTP
client.

My previous experience with your kind of problem tell me that chances of a
FTP attack are really higher in the pattern of your case.

Zareef Ahmed



On Sat, Jul 11, 2009 at 3:50 AM, Daniel Brown danbr...@php.net wrote:

 On Fri, Jul 10, 2009 at 18:11, Chris Paynechris_pa...@danmangames.com
 wrote:
 
  Sorry I post at the top because i'm legally blind and it's easier but
  i'll try to post at the bottom :-)
 
  This is the main site on my server:
 
  http://www.oxyge.net
 
  I just took out the offending code at the end of the index page to get
  it back up and running.

 Check the /blog/ as well.  Parse error.

 --
 /Daniel P. Brown
 daniel.br...@parasane.net || danbr...@php.net
 http://www.parasane.net/ || http://www.pilotpig.net/
 Check out our great hosting and dedicated server deals at
 http://twitter.com/pilotpig

 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php




-- 
Zareef Ahmed :: A PHP Developer in India ( Delhi )
Homepage :: http://www.zareef.net