shared hosting at godaddy hacked index.php and login.php automatically changed
Question
yesterday many web application that i have hosted at godaddy shared hosting got defaced (hacked). They changed the index.php and login.php to follwing source code :
Deface By black sQl
HACKED BY black sQl WARNING!!! Lets start to secure your websiteBut Remember This
SECUIRITY IS AN ILLUSION!!
BD Black Hackers Cyber Army
black sql::!hR V1Ru5::3lack D4G0N::TLM-V1Ru5
i donot know how they did that as it is just the login page there is no usage of get and the username and password are only the fields the user can input and they are also cleaned before they enter any function.
i checked the raw access logs and found some suspicious entries there. those are as following :
46.118.158.19 - - [29/Sep/2017:06:27:29 -0700] "GET / HTTP/1.1" 200 522 " http://pochtovyi-index.ru/ " "Opera/8.00 (Windows NT 5.1; U; en)"
188.163.72.15 - - [29/Sep/2017:06:48:37 -0700] "GET / HTTP/1.1" 200 522 " https://educontest.net/ " "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
can anybody help me how to secure this kind of intrusion?
1 answers
solution1
0 2017-09-30 07:06:43
It depends on how he has gained access.
Major steps to take into consideration are:
- Restricting access to server using htaccess
- use PDO, to make apps secure from SQL Injection
- Secure your apps with CSRF tokens
- etc. Check this All in one Cheat Sheet
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.