Shoutbox

Ok my friends site is being hacked and then redirected to another site, which is annoying and he had to take the site down.

so im askin is there any way to block this thing or something that wont allow hackers to do something with it?

the website is www.access-anime.com

thanks in advance

Tell him to learn how to keep up to date on software and its latest security holes.

EDIT: Nevermind that, tell him to learn how to code.

code:

---

http://access-anime.com/index.php?xd=media.htm

---

Is that what he calls secure?

I get:

You need to create a MySQL database, or edit the information in config.php
MySQL Error: Unknown database 'access_member'

quote:

---

Originally posted by segosa
Tell him to learn how to keep up to date on software and its latest security holes.

EDIT: Nevermind that, tell him to learn how to code.

code:

---

http://access-anime.com/index.php?xd=media.htm

---

Is that what he calls secure?

---

i dont know one thing about creating a website and php, i'll tell him that, and i think it was his friend who does all the coding i believe..sorry if i dont have a lot of information, if he gets back online i'll ask more about this

quote:

---

Originally posted by mwe99
I get:

You need to create a MySQL database, or edit the information in config.php
MySQL Error: Unknown database 'access_member'

---

this is what i get also, the website is down so i guess that is why

quote:

---

Originally posted by SikStyles

quote:

---

Originally posted by segosa
Tell him to learn how to keep up to date on software and its latest security holes.

EDIT: Nevermind that, tell him to learn how to code.

code:

---

http://access-anime.com/index.php?xd=media.htm

---

Is that what he calls secure?

---

he took the site down so i dunno, i get that message also

i dont know one thing about creating a website and php, i'll tell him that, and i think it was his friend who does all the coding i believe..sorry if i dont have a lot of information, if he gets back online i'll ask more about this

quote:

---

Originally posted by mwe99
I get:

You need to create a MySQL database, or edit the information in config.php
MySQL Error: Unknown database 'access_member'

---

---

Tell him this.

You can't go blindly using include() on anything the user can input into the URL. That's just asking for trouble.

If you give a URL to PHP's include() function and URL wrappers are enabled (most servers) then it'll download and include it into the page.

If you write a PHP script and stick it inside a .txt file, upload it to your server and put its URL into the xd= line the contents of that file will be executed on the victim's server with the httpd's permissions.

If he coded the site, or his friend did, then he should know that that's a security hole.

quote:

---

Originally posted by segosa
Tell him this.

You can't go blindly using include() on anything the user can input into the URL. That's just asking for trouble.

If you give a URL to PHP's include() function and URL wrappers are enabled (most servers) then it'll download and include it into the page.

If you write a PHP script and stick it inside a .txt file, upload it to your server and put its URL into the xd= line the contents of that file will be executed on the victim's server with the httpd's permissions.

If he coded the site, or his friend did, then he should know that that's a security hole.

---

thanks a bunch Segosa
i'll tell him that