Answer the question
In order to leave comments, you need to log in
What to do if the site was hacked and deleted?
I sent a link to a site for a one kf rating, and there some rat hacked it with an xss attack (the hacker entered pieces of code in all text fields, and created many accounts with it). He put a shorter redirect, then according to some reports he found out that the cracker had downloaded the cookies, and somehow got access to the server and to the sites. Then he deleted the folder with users and all the info, and then he deleted the site itself.
Question: How to protect yourself from the subsequent such hacking? What utilities do you recommend?
Ps:
Website in: HTML & PHP, on VDS Ubuntu. I have the attacker's IP.
Answer the question
In order to leave comments, you need to log in
Reinstall Windows. Every day, regularly, exactly at 14:00 Moscow time.
(Now it would be trite to not filter the fields for characters)
How to protect yourself from the subsequent such hacking?
A well-written site (I'm purely talking about the server side) - it's impossible to hack. That's the whole program.
NedoKoder and Araik are correct.
There are no utilities for this. Just pass all the output text and what is written to the database through the necessary functions. And what has already been deleted, contact the hosting support service. Restore backup. Unless, of course, there is a built-in option in the hosting itself. For example, my hoster has such an opportunity
I suspect that there was such a site that .. he is dear there))
regex filter on all incoming requests and on the data inside them: unexpected - do not process! (that's the whole defense)
htmlspecialchars once, mysql_escape_string twice (or %s placeholders).
How many times have I already seen both here in questions and on other forums ... SELECT ... WHERE ID = $_GET['id'] straight away without processing. Well, you can't do that!
Hello. Based on your story, the site was hacked by stealing an admin cookie via XSS. In order to specifically protect against cookie theft, the HttpOnly attribute for the cookie had to be set. This flag prevents cookies from being accessed via Javascript. Other XSS vulnerabilities can be protected by setting the X-XSS-Protection header and setting the Content Security Policy. You can also get rid of the very cause of XSS - the lack of filtering in the code that inserts user data into the body of the page. To do this, you need to certify the inserted rows. You can search XSS Filter Evasion Cheat Sheet. And in order to find places on the site vulnerable to XSS and other vulnerabilities, I recommend trying vulnerability scanners like https://metascan.ru
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question