PHPJunkyard support forum


https://developers.phpjunkyard.com/

guestbook wiped by "hacker"

https://developers.phpjunkyard.com/viewtopic.php?t=423

Page 1 of 1

guestbook wiped by "hacker"

Posted: Thu Sep 15, 2005 7:42 am
by lee
Hi - I just wondered if anyone else has had their guestbook wiped by a malicious user. The php scripts look unchanged/unharmed, but the entries.txt file is blank.

Anyone know how this is done? I know nothing about hacking or scripting, but my guess is that it was via the php script, as opposed to a hack into the site from another route, as there was an email notification from the guestbook as it happened!

regards,

lee
www.victorianlondon.org

Posted: Thu Sep 15, 2005 8:16 am
by Klemen
Lee,

I doubt your guestbook was "hacked". If you received an e-mail notification when it happened the problem probably was that your server was under too much load and tried to write to too many files at a time (or to write different input to the same file) and thus truncated/emptied the file.

This is a known issue with text databases and I've seen it happen before in hit counters. If you have a website with many visitors or if your guestbook is under a lot of pressure (many submissions) I would suggest that you find a guestbook with MySQL database.

Regards

Posted: Fri Sep 23, 2005 11:55 pm
by Me59
make sure your webspace (index of files) can not be browsed by visitors.

Many incompetent provider allow this by default - especially in the EU and USA this is fairly common. This way, every visitor can see/target and maybe alter/delete your files.

Posted: Sat Sep 24, 2005 12:28 pm
by Klemen
True, you can either prevent that by .htaccess (on Apache):

Options -Indexes

orsimply place a blank index.htm file to every folder.

Posted: Sat Sep 24, 2005 9:21 pm
by Me59
Just yesterday I was learning alot about .htaccess - preventing site ripping (copycats) was one issue and switching off file view another.

Blocking the file view can be done by adding:
IndexIgnore *

Don't forget to CHMOD to 644 otherwise the visitor can view your .htaccess

Posted: Sun Sep 25, 2005 11:30 am
by Klemen
Yup, .htaccess is a quite useful little file :wink:
Me59 wrote:IndexIgnore *
Same result with

Options -Indexes

use either.

How are you preventing copycapts with .htaccess? I don't think there is a reliable way of doing it, or is it?

Posted: Sun Sep 25, 2005 10:19 pm
by Me59
Klemen,

Everything is here - a very nice tutor!

http://www.javascriptkit.com/howto/htaccess.shtml

Posted: Sun Sep 25, 2005 10:50 pm
by Klemen
Pretty cool, thanks!
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited