I"m being hacked regularly

Hi all,

The site protection has never been an issue due to the main purpose of my
site: it's a community website and has nothing very important, just
informations.

Now the problem is that hackers don't only put my website regularly offline
but the worse thing is that they put spam script on my site and send
thousand spams from my account.

My site is build using $_GET["page"] so all my site has the same design
(index.php being the general design and including the forms from different
files).
The first attack was to put an URL in the page param so I had an attack like
www.example.com/index.php?page=www.siteofthehackertools....
The site of the hacker tool had a PHP script that was used to get
information on everything on my pages and also had a script to send emails.

Now I protect against this kind of param by checking them and they can't
access my site this way..

Now the pirate has installed a iroffer (an IRC server) directly on my
account.

So my questions are:
- how they do enter on my site ?
- where to find informations on protecting my website (PHP scripts) ?
- How the pirate can have access to my FTP account ? Or can he install an
IRC server directly from one of my scripts ?
- Also can be a problem of the hosting instead of mine ?

Please help, I'm tired to re-install my server every week.

Thanks

Re: I"m being hacked regularly

> Now the pirate has installed a iroffer (an IRC server) directly on my
> account.
>
> So my questions are:
> - how they do enter on my site ?
> - where to find informations on protecting my website (PHP scripts) ?
> - How the pirate can have access to my FTP account ? Or can he install an
> IRC server directly from one of my scripts ?
> - Also can be a problem of the hosting instead of mine ?
>
> Please help, I'm tired to re-install my server every week.

Well, first thing to help is to tell what OS you are using. In general,
never accept things from outside blindly. If the person hacking your
machine can monitor traffic, FTP passwords are easily caught. There are
enough secure alternatives. Look into them.

Also, go through the PHP settings and see what you do not need. If you
do not need PHP to contact other servers, you can disable it, the
functions that do and/or switch on "safe mode".

Disable error display, but log all errors and warnings. If the attacker
is trying thing, he himself will not see the weaknesses of your setup,
but you do.

Good luck,
--
Willem Bogaerts

Application smith
Kratz B.V.
http://www.kratz.nl/

Re: I"m being hacked regularly

On Dec 28, 7:42 am, "Bob Bedford" wrote:
> Hi all,
>
> The site protection has never been an issue due to the main purpose of my
> site: it's a community website and has nothing very important, just
> informations.
>
> Now the problem is that hackers don't only put my website regularly offline
> but the worse thing is that they put spam script on my site and send
> thousand spams from my account.
>
> My site is build using $_GET["page"] so all my site has the same design
> (index.php being the general design and including the forms from different
> files).
> The first attack was to put an URL in the page param so I had an attack likewww.example.com/index.php?page=www.siteofthehackertools. ...
> The site of the hacker tool had a PHP script that was used to get
> information on everything on my pages and also had a script to send emails.
>
> Now I protect against this kind of param by checking them and they can't
> access my site this way..
>
> Now the pirate has installed a iroffer (an IRC server) directly on my
> account.
>
> So my questions are:
> - how they do enter on my site ?
> - where to find informations on protecting my website (PHP scripts) ?
> - How the pirate can have access to my FTP account ? Or can he install an
> IRC server directly from one of my scripts ?
> - Also can be a problem of the hosting instead of mine ?
>
> Please help, I'm tired to re-install my server every week.
>
> Thanks

try OWASP PHP TOP TEN, as it suggests top ten ways hackers get to you
and what you should do to stop them.
if you are being targetted, and have written your own scripts as it
seems then you can protect yourself with mod_security to a degree -
this will stop various standard attacks, see cool rules as well to add
functionality to the engine.
If you are using third party software which you download then you
should make sure it is fully patched and up to date.
there are no hard and fast rules after these steps have been taken,
just write secure code, keep everything including your php/apache
installs up to date and try not to attract to much attention.
Oh and log everything, using your script to detect patterns is the
first step to banning if you go that route, after all is your site
massive enough to need to accept connections from taiwan for instance?
If not, start there.