nige Posted January 26, 2011 Share Posted January 26, 2011 Hey All, Our web server appears to be getting hacked by a third part and I think they are getting in via a PHP contact form. They are planting a .htaccess file in the root folder redirecting the pages to a blank one. Can anyone give me advice on the best course of action to take. I can post our PHP code if needed. Many Thanks Quote Link to comment Share on other sites More sharing options...
litebearer Posted January 26, 2011 Share Posted January 26, 2011 1. yes, show us the code 2. change all your passwords DO NOT store them 3. Are you on a shared server? 4. In your FTP program - change password - do NOT store Quote Link to comment Share on other sites More sharing options...
nige Posted January 26, 2011 Author Share Posted January 26, 2011 Hi litebearer, Thanks for the quick reply. See answers below 1. yes, show us the code Filename: sendmail.php <? $linefeed='\n'; $Title=$_POST['Title']; $FName=$_POST['FName']; $SName=$_POST['SName']; $email_address=$_POST['email_address']; $mobile=$_POST['mobile']; $Age=$_POST['Age']; $Address1=$_POST['Address1']; $Town_City=$_POST['Town_City']; $County=$_POST['County']; $Country=$_POST['Country']; $Message=$_POST['Message']; $cosmetic=$_POST['cosmetic']; $lingerie=$_POST['lingerie']; $Ccard=$_POST['Ccard']; $Sales=$_POST['Sales']; $FashionShows=$_POST['FashionShows']; $bargin=$_POST['bargin']; $error=0; function check_firstname($FName) { if(preg_match("/[a-zA-Z\-\Ä\ä\Ö\ö\Ü\ü\ ]+$/s",$FName)) return TRUE; else return FALSE; } function check_surname($SName) { if(preg_match("/[a-zA-Z\-\Ä\ä\Ö\ö\Ü\ü\ ]+$/s",$SName)) return TRUE; else return FALSE; } function check_email_address($email_address) { // if(preg_match("/[a-zA-Z0-9\@\ // ]+$/s",$email_address)) // return TRUE; // else // return FALSE; // First, we check that there's one @ symbol, and that the lengths are right if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email_address)) { // Email invalid because wrong number of characters in one section, or wrong number of @ symbols. return false; } // Split it into sections to make life easier $email_array = explode("@", $email_address); $local_array = explode(".", $email_array[0]); for ($i = 0; $i < sizeof($local_array); $i++) { if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) { return false; } } if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name $domain_array = explode(".", $email_array[1]); if (sizeof($domain_array) < 2) { return false; // Not enough parts to domain } for ($i = 0; $i < sizeof($domain_array); $i++) { if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) { return false; } } } return true; } function check_mobile($mobile) { if(preg_match("/[0-9\ ]+$/s",$mobile)) return TRUE; else return FALSE; } if(!check_firstname($FName)) { echo "<B>Please input your firstname correctly.</B><br>"; $error++; } if(!check_surname($SName)) { echo "<B>Please input your surname correctly.</B><br>"; $error++; } if(!check_email_address($email_address)) { echo "<B>Your email entered is not an invaild email address.</B><br>"; $error++; } if(!check_mobile($mobile)) { echo "<B>Mobile number has wrong format.</B><br>"; $error++; } if($error == 0) { mail( "regform@domain.ie", "A new customer has signed up", "Name: " . $Title . " " . $FName . " " . $SName . "\r\n" . "Email: " . $email_address . "\r\n" . "Mobile Phone: " . $mobile . "\r\n" . "Age: " . $Age . "\r\n" . "Address: " . "\r\n" . " " . $Address1 . "\r\n" . " " . $Town_City . "\r\n" . " " . $County . "\r\n" . " " . $Country . "\r\n" . "Message: " . $Message, "From: Web Registration <regform@domain.ie>" ); mail( $email_address, "Welcome to the Mailing List", "Dear " . $Title . " " . $SName . ",\r\n\r\n" . "Thanks for joining the mailing list." . "\r\n" . "We'll keep you up to date about exciting events and special offers." . "\r\n" . "Be in touch soon!". "\r\n\r\n" . " Department Store", "From: MailingList <regform@domain.ie>\r\n" ); header( "Location: thankyou.htm" ); }else{ echo "<br><br></br></br>"; echo "You will be re-directed back to the registration page in 10 seconds......."; echo '<META HTTP-EQUIV="Refresh" Content="10; URL=register.htm">'; } ?> 2. change all your passwords DO NOT store them Thanks 3. Are you on a shared server? Yes 4. In your FTP program - change password - do NOT store Thanks, we checked our logs and there doesn't appear to be any FTP activity but we'll change them anyway. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.