Re: [PHP] HELP SQL INJECTION

2009-07-11 Thread Ashley Sheridan
On Saturday 11 July 2009 01:17:28 Zareef Ahmed wrote: > Hi, > > First of all change your FTP password and stop storing your password in > your FTP client. > This type of attacks are very common with the people who use insecure FTP > client. > > My previous experience with your kind of problem tell

Re: [PHP] HELP SQL INJECTION

2009-07-10 Thread Zareef Ahmed
Hi, First of all change your FTP password and stop storing your password in your FTP client. This type of attacks are very common with the people who use insecure FTP client. My previous experience with your kind of problem tell me that chances of a FTP attack are really higher in the pattern of

Re: [PHP] HELP SQL INJECTION

2009-07-10 Thread Daniel Brown
On Fri, Jul 10, 2009 at 18:11, Chris Payne wrote: > > Sorry I post at the top because i'm legally blind and it's easier but > i'll try to post at the bottom :-) > > This is the main site on my server: > > http://www.oxyge.net > > I just took out the offending code at the end of the index page to ge

Re: [PHP] HELP SQL INJECTION

2009-07-10 Thread Chris Payne
>> Thank you all SO much for your help, it is very appreciated. > >    So would be your move to bottom-posting (with nods to the jihad > that was the longest thread of the list so far this month) as per the > mailing list rules.  ;-P > >    What's the URL to your site, if you feel comfortable in pr

Re: [PHP] HELP SQL INJECTION

2009-07-10 Thread Daniel Brown
On Fri, Jul 10, 2009 at 17:48, Chris Payne wrote: > Hi, > > Yes their IP is from Russia by Chinese in origin. > > How can this be prevented? > > Thank you all SO much for your help, it is very appreciated. So would be your move to bottom-posting (with nods to the jihad that was the longest thr

Re: [PHP] HELP SQL INJECTION

2009-07-10 Thread Chris Payne
Hi, Yes their IP is from Russia by Chinese in origin. How can this be prevented? Thank you all SO much for your help, it is very appreciated. Chris On Fri, Jul 10, 2009 at 2:40 PM, Daniel Brown wrote: > On Fri, Jul 10, 2009 at 17:37, Chris Payne wrote: >> Hi everyone, >> >> Hmmm i'm not sure i

Re: [PHP] HELP SQL INJECTION

2009-07-10 Thread Daniel Brown
On Fri, Jul 10, 2009 at 17:37, Chris Payne wrote: > Hi everyone, > > Hmmm i'm not sure it is an SQL Injection now, done a lot more checking > and it is inserting code at the end of every index.htm index.html > default.html and index.php pages on my site. > > Ooooh what fun :-) Wouldn't happen

Re: [PHP] HELP SQL INJECTION

2009-07-10 Thread Chris Payne
Hi everyone, Hmmm i'm not sure it is an SQL Injection now, done a lot more checking and it is inserting code at the end of every index.htm index.html default.html and index.php pages on my site. Ooooh what fun :-) Chris On Fri, Jul 10, 2009 at 2:22 PM, Govinda wrote: > > On Jul 10, 2009, at 1:5

Re: [PHP] HELP SQL INJECTION

2009-07-10 Thread Govinda
On Jul 10, 2009, at 1:50 PM, Daniel Brown wrote: On Fri, Jul 10, 2009 at 15:48, Chris Payne wrote: Hi everyone, My server appears to be the victim of a chinese hack-attack and I believe they managed to change pages via SQL Injection, do any of you have any ideas how to lock down my forms so

Re: [PHP] HELP SQL INJECTION

2009-07-10 Thread Eddie Drapkin
On Fri, Jul 10, 2009 at 3:50 PM, Daniel Brown wrote: > On Fri, Jul 10, 2009 at 15:48, Chris Payne wrote: >> Hi everyone, >> >> My server appears to be the victim of a chinese hack-attack and I >> believe they managed to change pages via SQL Injection, do any of you >> have any ideas how to lock dow

Re: [PHP] HELP SQL INJECTION

2009-07-10 Thread Daniel Brown
On Fri, Jul 10, 2009 at 15:48, Chris Payne wrote: > Hi everyone, > > My server appears to be the victim of a chinese hack-attack and I > believe they managed to change pages via SQL Injection, do any of you > have any ideas how to lock down my forms so MySQL cannot be used from > my forms? Fir

[PHP] HELP SQL INJECTION

2009-07-10 Thread Chris Payne
Hi everyone, My server appears to be the victim of a chinese hack-attack and I believe they managed to change pages via SQL Injection, do any of you have any ideas how to lock down my forms so MySQL cannot be used from my forms? Thanks everyone Chris -- PHP General Mailing List (http://www.php