when our website was infected,we always just change the root password and the mysql password,fix the code where have vulnerability。But I think it is not enough , does anyone have more advance on it? I just have no idea that whether he has the backdoor in our system or have other attack that I haven't know about。
Asked
Active
Viewed 69 times
-1
-
When you say "injected" do you mean "infected"? – Dai Sep 26 '14 at 06:13
-
It's possible that the server is hacked. Also make sure that you are not vulnerable to XSS, SQL injection, ... – GuyT Sep 26 '14 at 06:15
-
Hope so this will help you more... http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – DeDevelopers Sep 26 '14 at 06:19
1 Answers
0
The problem is, that after the system was once hacked, you cannot be 100% sure that the hacker did not leave you a backdoor, unless he left a log of what he did.
The best way would be complete reset the system. Re-install the OS and completely rebuild the server. However that might not always be an option.
I would advise you to
- Rebuild the system
- Check all code using sql in you app to use prepared statements
- log the sql for some time and go through it, to see if the hacker tries again and make double sure you get the code he aims at
(original post spoke of injection - not infection)
Kai Mattern
- 3,090
- 2
- 34
- 37
-
well,the system have running some other service ,it can not be rebuild at once。I check the access log ,error but that seems normal except missing one or two hour's log。And in the mysql binlog just found he has build a table and insert one data and then deleted!I'm boring about that I can't do anything to make sure whether he was always there ! – xiaopihai Sep 26 '14 at 06:39
-
Sounds like a SQL injection, but the strange thing is that the logs are missing. Doing this through SQL is very hard. Maybe the hacker can execute code via the `exec()` function? – GuyT Sep 26 '14 at 11:03