2nd Attack

[RogerB]

Kesuk was attacked again yesterday evening by the same code. I talked to a gentleman yesterday and he thinks the registration and contact forms could possibly have vulnerabilities, what do you guys think. Would anyone be interested in helping me check my site? I really could use it.

[James142]

Kesuk was attacked again yesterday evening by the same code. I talked to a gentleman yesterday and he thinks the registration and contact forms could possibly have vulnerabilities, what do you guys think. Would anyone be interested in helping me check my site? I really could use it.

Damn, dont thse people have better things to do in their lifes?

[Kyle]

-

[RogerB]

can't view my pilots in the admin panel....... updated 3 times...

[Kyle]

-

[RogerB]

No, its just blank

[RogerB]

head over to shout box

[Kyle]

Umm,

but you have pilots still in the system, so you updated three times and now something with the attack is preventing you to see the pilots.

[RogerB]

I found the problem directory, it was called attachments, this directory had code that was removing protection on my php files.

[Kyle]

I found the problem directory, it was called attachments, this directory had code that was removing protection on my php files.

Ok, Roger, you know everyone can access your indexing because I checked your indexing is still enabled., so use that .htaccess file that i gave you and That will black out the indexings and it might stop the problems.

[mark1million]

Roger who have you upset, lol

Man you have had some crap luck lately.

[RogerB]

When you have a quality and original project people want to attack it.

[Tom]

Or more likely, you didn't clear everything up. If you have all the files you use saved locally (which you should), just delete everything and reupload...

[RogerB]

Ok, that was the case Tom but you could of been nice and agreed with me for once.

[Tom]

Meh I was just being honest in my opinion. I've known people who did things like this - it was never a case of wanting to attack someone, only being able to.

[Kyle]

Roger,

Do you ever think that could be related to the hacking right now and someone hacked your FSPaintshop, and then now your virtual airlines?

Or Am I wrong, just different person?

[RogerB]

That was a specific attack on E107 world wide actually, they found a hole in the contact form.

I did want to say:

Despite all our differences and personality clashes, we as the PHPvms community stuck together and helped one another out, I think that is great and important to remember. Thanks guys.

[Kyle]

That was a specific attack on E107 world wide actually, they found a hole in the contact form.

I did want to say:

Despite all our differences and personality clashes, we as the PHPvms community stuck together and helped one another out, I think that is great and important to remember. Thanks guys.

Ahh Ok, I'm cleared up now.

We are all a team here at phpVMS! We help out each other!

[mark1million]

I'd second that guys, just goes to show what a few people with a common interest can achieve

[Nabeel]

So it was an e107 vulnerability?

I have to review some of that registration code, though I have before, but I'm always a little paranoid.

The best solution is to use prepared statements, however, not everyone is using mysqli. I'll have to see if there is some other way around it, but I think it would be difficult this stage in the game.

[joeri]

Roger i have a question

what sort of forum are you using.

i had the same problem on an other server with the smf forum they got in via the forum and then injected all simular files with url's and some other s***

[RogerB]

FsPaint shop was hacked a few months ago, I used E107 then, they got in threw the contact form.

I just switched forums, deleted the database and directory for the old.

Kesuk, I have no idea but it was hacked twice.. My host told if the contact and registration pages aren't done correctly it can be a problem.