By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,506 Members | 1,881 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,506 IT Pros & Developers. It's quick & easy.

How could have my sites been hacked?

P: 1
Hi there - I've been designing websites for a few years... but I'm self taught so I'm sure there's a lot of stuff I've missed out on. I design my sites from scratch and usually install a basic content manager I developed in PHP. I password protect the content manager in an Admin folder using the cPanel function to password protect folders. Over Christmas, about six of my sites were hacked by some people called Tn-Sn!per and Scorpia Boy with some message about Palestine. Some of the sites just had the index page hijacked, but others had phishing scams and new folders installed. What would I be doing wrong to invite this? Are they getting through the cms login somehow? (the cms is just a bunch of links to update content in the database but none of that has been touched) The websites are mainly with the same host, although one or two of them are different. The hosting passwords are fairly secure, but I suppose the admin passwords are easier to get through. Is this the problem do you think? Or could my code be vulnerable somehow? I don't use CGI scripts of Javascript - just PHP and mysql queries. Thanks in advance for any assistance. I've attached a screenshot of one of the hacked pages.
Attached Images
File Type: jpg hack.jpg (52.2 KB, 464 views)
Jan 16 '11 #1
Share this Question
Share on Google+
3 Replies

Expert 100+
P: 1,584
Your host could have been hacked due to vulnerabilities on their side. This might be the case if all of your site is with one host. If you have multiple hosts, then the bet is on a huge flaw in your app.

We can't really tell you how they hacked your site without a code review of your entire application. This forum is not a medium for that.

Popular hacking techniques are:
1. SQL Injection
2. Cross Site Scripting
3. Plain text passwords in network traffic (packet sniffing). Are you using SSL?
4. Session/Cookie hacking.

Plain answer: Educate yourself.

"act like a hacker" towards your own sites.

Jan 17 '11 #2

P: 9
Your webpage server MIGHT be down as due to FIREBUGS you could also disable FIREBUGS in your page to just search for firebugs.

If there are any enquiry this SHOULD be sent to my via-email at: <email removed>
Nov 10 '11 #3

P: 1
hi hhh im scorpia boy im vry proud that me and tn sn!per hack our six sites so be proud
Feb 3 '12 #4

Post your reply

Sign in to post your reply or Sign up for a free account.