1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Website Security Expert / Hacker?

Discussion in 'Black Hat SEO' started by LilWayne, Oct 30, 2009.

  1. LilWayne

    LilWayne BANNED BANNED

    Joined:
    Aug 20, 2009
    Messages:
    34
    Likes Received:
    12
    I have launched a new website and I keep having my database wiped, edited, etc

    Im pretty sure its sql injection or something else Ive secured pretty much every area I could find that I though was vulnerable but I do need a real security expert or even a hacker to maybe look over my website and tell me my problem areas.


    PM me if you can help please!
     
  2. spenzo

    spenzo Senior Member

    Joined:
    Oct 20, 2009
    Messages:
    967
    Likes Received:
    553
    u can use alias in the query to prevent sql injection :)
     
  3. LilWayne

    LilWayne BANNED BANNED

    Joined:
    Aug 20, 2009
    Messages:
    34
    Likes Received:
    12
    do you have an example?
     
  4. fatboy

    fatboy Elite Member

    Joined:
    Aug 13, 2008
    Messages:
    1,618
    Likes Received:
    3,227
    Occupation:
    Retired
    Location:
    Old Peoples Home
    do you have log files?
     
  5. LilWayne

    LilWayne BANNED BANNED

    Joined:
    Aug 20, 2009
    Messages:
    34
    Likes Received:
    12
    Nah whats there to log anyways? They are injecting probably from a field they didnt access my control panel.
     
  6. fatboy

    fatboy Elite Member

    Joined:
    Aug 13, 2008
    Messages:
    1,618
    Likes Received:
    3,227
    Occupation:
    Retired
    Location:
    Old Peoples Home
    In the access log - if they are script kiddies they might not of cleared the logs. If its a SQL POST request you should see the injection code they are putting into your fields.

    Is this your code or someone elses you are using?
     
  7. LilWayne

    LilWayne BANNED BANNED

    Joined:
    Aug 20, 2009
    Messages:
    34
    Likes Received:
    12
    Mine.. im going to recode a lot and secure every bit and add some logging for people who try to exploit. :)
     
  8. fatboy

    fatboy Elite Member

    Joined:
    Aug 13, 2008
    Messages:
    1,618
    Likes Received:
    3,227
    Occupation:
    Retired
    Location:
    Old Peoples Home
    Well if you have any access log feel free to fire it over, along with rough times your DB gets wiped and I can take a look.

    Just remember - all input from users is evil, clean all input, then clean it again - then still don't trust it :)
     
  9. tentyler

    tentyler Junior Member

    Joined:
    Jun 28, 2008
    Messages:
    122
    Likes Received:
    17
    I'd def check your server for rootkits if they keep doing it. Even if you have cleared all the holes if they installed a rootkit the first time they will still have access to basically your entire site.
     
  10. LilWayne

    LilWayne BANNED BANNED

    Joined:
    Aug 20, 2009
    Messages:
    34
    Likes Received:
    12

    What would it look like?

    Where would I look?
     
  11. tentyler

    tentyler Junior Member

    Joined:
    Jun 28, 2008
    Messages:
    122
    Likes Received:
    17
    oh man some are a bitch to find. If you know how to work unix check the logs on your su account as this is often used. Other than that many are specific to the specific software you are running on your server. How they work is use different exploits in order to gain administrative access. You would generally see this access in your logs if it was an amateur hacker. A better one will clean up after himself.

    I would recommend using a rootkit scanner quite a few out there just download from a reputable site so you don't get another backdoor to your server haha. If that doesn't work then use any data you can find to search for it manually. If after all that you still can't find and just give up then you can always transfer your domain to a different server and reinstall everything there making sure to patch up all security flaws.

    for a basic overview of what a rootkit is go to http://en.wikipedia.org/wiki/Rootkit