On 04/10/14 03:53, Jim Giner wrote: > The scripts all use prepare queries (PDO) and my inputs are checked too. > I have learned from some of the best on other forums (Jacques1 for ex.) > and have been educated to read a couple of suggested books. Yes - I > learned how to improve my programming in php/web a bit late, but I did > pick it up and convert all my scripts. I really don't think my scripts > are the problem -hence that is why I didn't even mention that in my > initial post. Jim I look after a lot of sites where others have created the original code, and as 'exploits' are documented around the net you see hackers trying them against random sites. They like to identify just what a site is using to target particular exploits, so if the detect Joomla or wordpress or MySQL they will 'have a go' with their library of 'tests'. This is where understanding just what the log file shows can be useful as you may see a long list of URL's trying out combinations of things. I use Firebird myself and the logs for that show all the failed MySQL attacks ... Another useful tool I have is a package called 'beyond compare'. One of the few packages I've actually paid for. All of the websites on client hosted services I have a local copy of the working site and can BC with th live site when problems are spotted. takes some time to run on remote file systems with the bigger frameworks, but modifications stick out like a sore thumb and one can usually establish quite quickly how a problem arose, but more important - fix the problem rapidly. There is a lot of legacy code that I don't need to rework and this allows an economic maintenance process. A vector for adding stuff is where third party sites provide javascript and the like and even php.net has been affected by making files that were editable via git accessible via the site. I prefer to keep to my own copies of these so I can include them in the cross checking. I think what I am seeing is that your own 'attack' has been extra links added into your own files? Which would mean that something has access to write, but that may be via a back door created elsewhere. I've a couple of .asp sites which kept getting attacked and I could not see why - not normally using ASP - but eventually it was tracked down to a know asp exploit in a third party element. -- Lester Caine - G8HFL ----------------------------- Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk Rainbow Digital Media - http://rainbowdigitalmedia.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
