yesterday many web application that i have hosted at godaddy shared hosting got defaced (hacked). They changed the index.php and login.php to follwing source code :
Deface By black sQl
HACKED BY black sQl WARNING!!! Lets start to secure your websitei donot know how they did that as it is just the login page there is no usage of get and the username and password are only the fields the user can input and they are also cleaned before they enter any function.
i checked the raw access logs and found some suspicious entries there. those are as following :
46.118.158.19 - - [29/Sep/2017:06:27:29 -0700] "GET / HTTP/1.1" 200 522 " http://pochtovyi-index.ru/ " "Opera/8.00 (Windows NT 5.1; U; en)"
188.163.72.15 - - [29/Sep/2017:06:48:37 -0700] "GET / HTTP/1.1" 200 522 " https://educontest.net/ " "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
can anybody help me how to secure this kind of intrusion?
It depends on how he has gained access.
Major steps to take into consideration are:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.