Thread: Help!Site hacked

Hello everyone,

I appeal to your emergency lights: my website was hacked yesterday (sql injection in advance), I cleaned up the bases and I thought I had corrected the flaw, but this morning Rebelote the famous hacker speak again him.

I do not really know where to look and I miss a little time, so if an expert could help me, I'd be eternally grateful.

Thank you in advance!

If you have your own dedicated and you do not even know where the logs ... honestly it's dangerous there. Taking a dedicated, it must manage its server and be very careful what we do, all update and prevent most problems.Your logs are safely in the Apache folder in the subfolder logs with different files like access.log and error.log.

What are the symptoms of piracy? Is there only data changes, modification of site files, in both cases how much? What systems are used on the site (SPIP, Wordpress?) And their versions? Otherwise the logs for all depends how you have configured virtual hosts, it seems that by default is C: \ wamp \ www \ logs \

For symptoms: not for the moment of insertion and modification of data (creation of accounts with admin rights and then change the home page news via these accounts.)

For the IP address I'm ok, but it seems to be a non-fixed IP, so hard to block his access.

For now, here's what I did:
- Activation of magic quotes in the configuration Wamp
- Added function htmlentities on most variables in my various forms
- Removal of rights "structure" to the account used to query the database (to avoid duties like "DROP" or "GRANT")

What can I do to secure a minimum?

To the minimum in my opinion it would be:
- Change passwords for all accounts that can create new users
- Change passwords for MySQL accounts and Windows
- Look in the Windows audit logs for evidence of connections that are not yours
- For users of the site MySql only allow SELECT, UPDATE, INSERT, DELETE
- When using WiFi, buy a pair of keys and move the website to HTTPS (expensive, but unfortunately sometimes necessary).