14 Replies - 1208 Views - Last Post: 07 July 2010 - 02:48 PM Rate Topic: -----

#1 oneal.michaels  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 4
  • View blog
  • Posts: 116
  • Joined: 25-June 10

I thought my website was secure...

Posted 06 July 2010 - 08:47 PM

I thought that i had my website where nobody could really hack into it, but i guess not because someone posted below one of my test posts... i think its kinda funny because i didnt realize it was there until i was just browsing through and making sure everything worked correctly..

would someone who is good at "hacking?" check out my site (lol) and see what im missing?

here is the post http://tradezilla.co.../4c17e46bb2fd2/ and here is my website http://tradezilla.co.cc


EDIT: btw if you havent noticed, my website is no where near being finished :)

This post has been edited by oneal.michaels: 06 July 2010 - 08:48 PM


Is This A Good Question/Topic? 0
  • +

Replies To: I thought my website was secure...

#2 Valek  Icon User is offline

  • The Real Skynet
  • member icon

Reputation: 542
  • View blog
  • Posts: 1,713
  • Joined: 08-November 08

Re: I thought my website was secure...

Posted 06 July 2010 - 08:56 PM

I don't see any 'hack attempts' on your site, and I won't be able to tell you whether or not it's secure against such things without any code, I'm afraid.

I did notice you have 'Test' full of what appears to be the same post made quite a large number of times in a very short period, under the name 'Admin'. Is that what you're referring to?
Was This Post Helpful? 0
  • +
  • -

#3 oneal.michaels  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 4
  • View blog
  • Posts: 116
  • Joined: 25-June 10

Re: I thought my website was secure...

Posted 06 July 2010 - 08:59 PM

No, i did that to test the paging, i an sql command from phpMyAdmin to do that :) but what i am refering to is this post http://tradezilla.co.../4c17e46bb2fd2/ which i find kind of amusing :)

This post has been edited by oneal.michaels: 06 July 2010 - 08:59 PM

Was This Post Helpful? 0
  • +
  • -

#4 Valek  Icon User is offline

  • The Real Skynet
  • member icon

Reputation: 542
  • View blog
  • Posts: 1,713
  • Joined: 08-November 08

Re: I thought my website was secure...

Posted 06 July 2010 - 09:00 PM

Ah, I see. Yeah, I'd have to see the code to determine where there's a vulnerability, I'm afraid.
Was This Post Helpful? 0
  • +
  • -

#5 no2pencil  Icon User is offline

  • Admiral Fancy Pants
  • member icon

Reputation: 5363
  • View blog
  • Posts: 27,325
  • Joined: 10-May 07

Re: I thought my website was secure...

Posted 06 July 2010 - 09:02 PM

Valek is correct.

Have a look over this tutorial, but there is no 'off switch'. The code will need to be reviewed to see how it was bypassed.
Was This Post Helpful? 0
  • +
  • -

#6 oneal.michaels  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 4
  • View blog
  • Posts: 116
  • Joined: 25-June 10

Re: I thought my website was secure...

Posted 06 July 2010 - 09:03 PM

Ohh, there are a lot of includes and pages in the site, i cant think of a way i could show you all of the code... I'll try to find myself a "hacker" buddy and see what kind of vulnerabilities they can find :)
Was This Post Helpful? 0
  • +
  • -

#7 Valek  Icon User is offline

  • The Real Skynet
  • member icon

Reputation: 542
  • View blog
  • Posts: 1,713
  • Joined: 08-November 08

Re: I thought my website was secure...

Posted 06 July 2010 - 09:14 PM

Well, if you won't post code, the best I can do is point you in the direction of a couple of articles to get you started.

SQL Injection
Cross-site Scripting (XSS) Attacks
Was This Post Helpful? 0
  • +
  • -

#8 oneal.michaels  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 4
  • View blog
  • Posts: 116
  • Joined: 25-June 10

Re: I thought my website was secure...

Posted 07 July 2010 - 07:43 AM

If you can think of a reasonable way to post code I will, but i don't think that just one page of code would be helpful and theres about 20 pages of code in the whole website, so i don't think i wanna post them all up here, that would be a little crazy-ish...
Was This Post Helpful? 0
  • +
  • -

#9 Dormilich  Icon User is offline

  • 痛覚残留
  • member icon

Reputation: 3550
  • View blog
  • Posts: 10,324
  • Joined: 08-June 10

Re: I thought my website was secure...

Posted 07 July 2010 - 08:04 AM

mail the code to Valek?
Was This Post Helpful? 0
  • +
  • -

#10 CTphpnwb  Icon User is online

  • D.I.C Lover
  • member icon

Reputation: 3030
  • Posts: 10,567
  • Joined: 08-August 08

Re: I thought my website was secure...

Posted 07 July 2010 - 08:46 AM

*
POPULAR

If you can't post the relevant code, then you've got more than security problems! No matter how large your site is, it should be organized in a way that the relevant code should be readily apparent to you, the person who wrote it!
Was This Post Helpful? 5
  • +
  • -

#11 oneal.michaels  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 4
  • View blog
  • Posts: 116
  • Joined: 25-June 10

Re: I thought my website was secure...

Posted 07 July 2010 - 02:26 PM

Yea i could put up the database related code, im just wondering where the injection would have come from, maybe a page with a textbox on it, or someone could possible make a post to my website from another server! hmm, thats a thought, is there a way to block posts from servers other than my own?
Was This Post Helpful? 0
  • +
  • -

#12 no2pencil  Icon User is offline

  • Admiral Fancy Pants
  • member icon

Reputation: 5363
  • View blog
  • Posts: 27,325
  • Joined: 10-May 07

Re: I thought my website was secure...

Posted 07 July 2010 - 02:33 PM

Automated bots...
Was This Post Helpful? 1
  • +
  • -

#13 oneal.michaels  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 4
  • View blog
  • Posts: 116
  • Joined: 25-June 10

Re: I thought my website was secure...

Posted 07 July 2010 - 02:39 PM

How would i do that?
Was This Post Helpful? 0
  • +
  • -

#14 skyhawk133  Icon User is offline

  • Head DIC Head
  • member icon

Reputation: 1876
  • View blog
  • Posts: 20,284
  • Joined: 17-March 01

Re: I thought my website was secure...

Posted 07 July 2010 - 02:44 PM

I would highly suggest installing mod_security and suhosin on your server, or asking your web host to do so. These are powerful applications that prevent a lot of the most common (and not so common) exploits from ever being executed.
Was This Post Helpful? 3
  • +
  • -

#15 oneal.michaels  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 4
  • View blog
  • Posts: 116
  • Joined: 25-June 10

Re: I thought my website was secure...

Posted 07 July 2010 - 02:48 PM

Im using a free host for the development stage... they wont do crap for me, they couldn't even set up home.php as a default page as they only allow index.php and defaul.php..
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1