I'm being hacked regularly

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi all,

The site protection has never been an issue due to the main purpose of my  
site: it's a community website and has nothing very important, just  

Now the problem is that hackers don't only put my website regularly offline  
but the worse thing is that they put spam script on my site and send  
thousand spams from my account.

My site is build using $_GET["page"] so all my site has the same design  
(index.php being the general design and including the forms from different  
The first attack was to put an URL in the page param so I had an attack like  
The site of the hacker tool had a PHP script that was used to get  
information on everything on my pages and also had a script to send emails.

Now I protect against this kind of param by checking them and they can't  
access my site this way..

Now the pirate has installed a iroffer (an IRC server) directly on my  

So my questions are:
- how they do enter on my site ?
- where to find informations on protecting my website (PHP scripts) ?
- How the pirate can have access to my FTP account ? Or can he install an  
IRC server directly from one of my scripts ?
- Also can be a problem of the hosting instead of mine ?

Please help, I'm tired to re-install my server every week.


Re: I'm being hacked regularly

Quoted text here. Click to load it

Well, first thing to help is to tell what OS you are using. In general,
never accept things from outside blindly. If the person hacking your
machine can monitor traffic, FTP passwords are easily caught. There are
enough secure alternatives. Look into them.

Also, go through the PHP settings and see what you do not need. If you
do not need PHP to contact other servers, you can disable it, the
functions that do and/or switch on "safe mode".

Disable error display, but log all errors and warnings. If the attacker
is trying thing, he himself will not see the weaknesses of your setup,
but you do.

Good luck,
Willem Bogaerts

Application smith
Kratz B.V.

Re: I'm being hacked regularly

Quoted text here. Click to load it

try OWASP PHP TOP TEN, as it suggests top ten ways hackers get to you
and what you should do to stop them.
if you are being targetted, and have written your own scripts as it
seems then you can protect yourself with mod_security to a degree -
this will stop various standard attacks, see cool rules as well to add
functionality to the engine.
If you are using third party software which you download then you
should make sure it is fully patched and up to date.
there are no hard and fast rules after these steps have been taken,
just write secure code, keep everything including your php/apache
installs up to date and try not to attract to much attention.
Oh and log everything, using your script to detect patterns is the
first step to banning if you go that route, after all is your site
massive enough to need to accept connections from taiwan for instance?
If not, start there.

Site Timeline