Website Security Expert / Hacker?

L

LilWayne

BANNED
Joined
Aug 20, 2009
Messages
34
Reaction score
12
I have launched a new website and I keep having my database wiped, edited, etc

Im pretty sure its sql injection or something else Ive secured pretty much every area I could find that I though was vulnerable but I do need a real security expert or even a hacker to maybe look over my website and tell me my problem areas.


PM me if you can help please!
 
Advertise on BHW
u can use alias in the query to prevent sql injection :)
 
Nah whats there to log anyways? They are injecting probably from a field they didnt access my control panel.
 
In the access log - if they are script kiddies they might not of cleared the logs. If its a SQL POST request you should see the injection code they are putting into your fields.

Is this your code or someone elses you are using?
 
fatboy said:
In the access log - if they are script kiddies they might not of cleared the logs. If its a SQL POST request you should see the injection code they are putting into your fields.

Is this your code or someone elses you are using?
Click to expand...

Mine.. im going to recode a lot and secure every bit and add some logging for people who try to exploit. :)
 
Well if you have any access log feel free to fire it over, along with rough times your DB gets wiped and I can take a look.

Just remember - all input from users is evil, clean all input, then clean it again - then still don't trust it :)
 
I'd def check your server for rootkits if they keep doing it. Even if you have cleared all the holes if they installed a rootkit the first time they will still have access to basically your entire site.
 
tentyler said:
I'd def check your server for rootkits if they keep doing it. Even if you have cleared all the holes if they installed a rootkit the first time they will still have access to basically your entire site.
Click to expand...


What would it look like?

Where would I look?
 
oh man some are a bitch to find. If you know how to work unix check the logs on your su account as this is often used. Other than that many are specific to the specific software you are running on your server. How they work is use different exploits in order to gain administrative access. You would generally see this access in your logs if it was an amateur hacker. A better one will clean up after himself.

I would recommend using a rootkit scanner quite a few out there just download from a reputable site so you don't get another backdoor to your server haha. If that doesn't work then use any data you can find to search for it manually. If after all that you still can't find and just give up then you can always transfer your domain to a different server and reinstall everything there making sure to patch up all security flaws.

for a basic overview of what a rootkit is go to http://en.wikipedia.org/wiki/Rootkit
 
Advertise on BHW
You must log in or register to reply here.
Sign up now!

Main Menu

Home Main Forum List Black Hat SEO White Hat SEO BHW Newbie Guide Blogging Black Hat Tools Social Networking Downloads

Marketplace

Account Selling Content / Copywriting Hosting Images, Logos & Videos Proxies For Sale SEO - Link building SEO - Packages Social Media Social Media - Panels Misc

Making Money

Affiliate Programs Hire a Freelancer Making Money Pay Per Click Site Flipping

BlackHatWorld

BHW Merch Forum Suggestions & Feedback Introductions Lounge Dispute Resolution

Other

Domain Name Forum IM Journeys Web Hosting Newsletter
Back
Top