Hi!

My site was hacked by one of those middle eastern cyber groups, the pakistani cyber army to be precise. This is sort of the 3rd time they are doing this.

I think the hack came from a php/sql injection. I have tried and cleaned by files the last two times they attacked and i am surprised the attack is coming again AND THEY SEEM TO get into my WHM and change all my clients site/details.

I have a WHMCS installation there.

Could it be that they are entering through my WHMCS?
Will getting an SSL certificate stop these attacks?
Where and where do I look into my files to locate and clean the injection?

Please your help will be appreciated.

internetpo: Hi!

My site was hacked by one of those middle eastern cyber groups, the pakistani cyber army to be precise. This is sort of the 3rd time they are doing this.

I think the hack came from a php/sql injection. I have tried and cleaned by files the last two times they attacked and i am surprised the attack is coming again AND THEY SEEM TO get into my WHM and change all my clients site/details.

my site is **** I have a WHMCS installation there.

Could it be that they are entering through my WHMCS?
Will getting an SSL certificate stop these attacks?
Where and where do I look into my files to locate and clean the injection?

Please your help will be appreciated.

SSL certs only secures data transmission from your user to you. it will not help.
locate the vulnerable part or resign.

look into the form submissions, url parameters passed in and make sure they are escaped.
never connect to your database as root from your application and never give the database user the file privilege.
for most operations, SELECT,UPDATE,DELETE, INSERT will do.
check that you are not including any file dynamically from the url
e.g in php

include ($_GET['returnURL']);

well be sure you have lost some clients and potential clients on here by posting your domain.

Thanx webdezzi. Looking into all you have said. I have now made security a top most agenda

You've got mail. .

internetpo: Hi!

My site was hacked by one of those middle eastern cyber groups, the pakistani cyber army to be precise. This is sort of the 3rd time they are doing this.

I think the hack came from a php/sql injection. I have tried and cleaned by files the last two times they attacked and i am surprised the attack is coming again AND THEY SEEM TO get into my WHM and change all my clients site/details.

I have a WHMCS installation there.

Could it be that they are entering through my WHMCS?
Will getting an SSL certificate stop these attacks?
Where and where do I look into my files to locate and clean the injection?

Please your help will be appreciated.

Rather than accessing the $_GET and $_POST superglobals directly, you can make use of PHP functions like filter_input() and filter_input_array().

for example <?php
$my_string = filter_input(INPUT_GET, ‘my_string’, FILTER_SANITIZE_STRING);
?>

The code above is roughly the equivalent of retrieving $_GET[‘my_string’] and then running it through some sort of filter that strips HTML and other undesirable characters. This represents data sanitization, one of the two things that the filtering system can do.

bro you need to be very careful always monitor your members activities in your site for example i banned some members in my site because of Unidentifiable Activities and they are always from Parkistan and Iran though i later received attack from them but guess what, i got backup of everything including my members and mostly my web hosters is doing marveliously well for me so i am not afraid and my eyes is always on my site 24hours a day and if i notice any attack i wil rename and redirect members telling them to check back in few minutes then i will get the problem fixed.
If you need help visit my little home and contact O.C.E THANKS

Slyr0x: You've got mail. .

Slyr0x is the man for U bro,get things done before they take U down for gud...