[Resolved] H4x0r3d

bpat1434

So I had a good photo script up. And now it seems that it's gone. When I go to the url, all I get is "H4X0R3D", and the page continually loads.

Has anyone ever had this problem? If so, can you tell me who did it so I can go after them, or at least know a direction to go in?

~Brett

laserlight

What exactly is this photo script supposed to do?

trex005

sux to be you... hope you have a nightly backup! (or at least some backup)
Check all your server logs, that should point you in the right direction. If you are on a shared server, report it to your provider

bpat1434

Well, I did report it.

I figured out what it was too.

I accidentally left my SQL statements un-verified. Doh! So the H4x0r went in and put html in the database, so that when I read the values and printed them, it would execute javascript.

I deleted the offending rows in the database and added a verification via regex. Thank god!!

And my backup... had none. So thankfully it was not that big of a deal. I went through and checked each row in my database too. But I thought my SCRIPT had been hacked, when in all actuality it was my database. That will teach me to leave my SQL statements open like that. But I had a good back-up of my scripts on my computer.

Thanks for the help.

~Brett

Ravenous

Classic SQL injection.. let this be a lesson to those of you inexperienced with such attacks. 🙂 Always validate any input from users.. always.

bpat1434

Wanna know what's funnier? It didn't matter.

I went to a meeting today between my liason and I. They decided that they wanted a more "professional" site and wanted someone that could update it full time. So the site, and my graphics, were basically ripped from me. Total Bu||sh!T.

Oh well. Yeah, I learned, and now I know.

~Brett

trex005

Yeah, I compleated a Very high paying project once, worked on it about 80 hours a week for over a month. I thought I was smart and got a detailed requirements document. well they were a big company (not going to name names) and found a way to weasle out of paying me because they effectivly changed what they ment by thing in the document. That too sucks... but you gotta learn to forgive or it'll eat you up!