My site was hacked into..

[BigBeano]

Hey everyone, first off this looks like a great website, very education. Anyhow, Mr. LieuMang (he actually has an account on here I noticed, and this is where he learned how to hack into PHP forums, which is what I have on my site) hacked in there. I've got a couple of questions. First, does anybody have any experience with Can-Host? It's the hosting company I use. It's pretty cheap, and usually they are alright with support, but I e-mailed them 6 days ago and have still not received anything back. Also, I am 99.5% sure that Mr LieuMang hacked in through the PHP forum using a buffer overflow, so how could I protect against this in the future? Anything short of taking the PHP out and getting something else in there? Thanks.

Also, I forgot one thing, if you want to check out the site it's www.rabidchipmunkmusic.com. The message he put up is still there, as I can't get back in. I'm about to the point where I'm going to try to hack into my own stinking website to get control of it again!

[instronics]

Im sure that he did NOT LEARN that in here......I would really goto the newbies faq sections and read up on how or what to post in here.

[pr0letariat]

A buffer overflow? (like instronics said) I'm sure he didn't learn that @ AO...

You should look for any updates on your PHP software, it's most likely that your friend Mr LieuMang found the buffer overflow exploit on some skript kiddie sight (ie- PacketStorm)... These exploits and fixes go hand in hand, as soon as the exploit is posted on the www, a fix will usually come out a few weeks later...

I suggest searching for updates and or exploits for your PHP package...

I hope this helped :-)

[SittingDuck]

Web application security is a massive topic, and a buffer overflow attack is only one method.

Have a look at www.owasp.org as this is the best web site for web application security. They also have a paper on securiting web applications

But to start you off, in sloving this problem, you need to write some form of input validation for for form. Ie, is you expect a number between 1 and 10, test to see if it's a number between 1 and 10. If it not, then dont process any of the data.

Hope that gives you something to go on

SittingDuck

[BigBeano]

Finally we have control of our website again, I guess the question now is how to keep it secure. I upgraded the PHP forum to the latest version, and changed security settings. Now members cannot upload anything to the server, and you must be a member to post. Basically, anything to make it secure I did. Thanks for the responces guys.

[Dahvid]

just because he is a member of this site .. there are tonnes of sites on the net that you can get exploits etc off .

[er0k]

hrm.. i could see him learning about buffer overflows and stuff here, but not how to do them, etc. he may have learned the theory but not the way in which to practice. since this site deals with everything security related, he could have read some discourse on how to prevent buffer overflows, and took it there, so dont throw out him learning about buffer overflows completely at AO, that just makes this site look lame if you completely eliminate the possibility of a person learning about something here, just not *how* to do it maliciously...

[Dahvid]

you could learn about buffer overflows from just about anywhere on the net.. this site included. a quick search on www.google.com will get you anything