Your site has probably been victim of an SQL injection attack, possibly Asprox, but it could be a different one.
Asprox attacks vulnerable .ASP website pages by submitting SQL code to pages that are expecting legitimate user input. Other injection attacks target PHP pages such as yours. For example, here is one of your pages: .../searchresults.php?artistId=1076 My guess is that although the page expects legitimate numeric values for artistId, the code never checks to ensure that the input always IS legitimate numeric values. So it can let through SQL code which can cause the injection of malicious code or links into your database. The solution for this is to search or inspect (probably with phpMyAdmin) your database for malicious code or links that were injected into the tables, remove them, and then to revise the code on your .php pages (and any .asp ones, too) so they explicitly test for legitimacy of the input before running the database query. As an alternative, if you have a good backup copy of the database that you're sure doesn't have the malicious code in it, you could publish it fresh. But you still need to recode the .php (and maybe .asp) pages, or the site will just get hacked again. --~--~---------~--~----~------------~-------~--~----~ You received this message through the Google Groups "stopbadware" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/stopbadware?hl=en -~----------~----~----~----~------~----~------~--~---
