I have some old sites that have just been disabled by my hosting company, apparently due to an SQL injection attack. I looked into my database, and yes, I was hacked. * Oops *
My database is filled with script tags that were added to my source data (at least my source data is still there, so that was good).
I looked, although my old code and saw some unanitated input places, so obviously I will carefully consider this and check more. I also download a hacked site to compare it with the version I downloaded many years ago (using some kind of file verification program), this should let me see if they tried to add a backdoor.
My questions...
1) Is there a way to remove all attached tags for scripts from my database, since they are all the same?
2) Is there anything else I should know or miss?
I would like to note that these old sites do not store sensitive material, so it does not matter much, I would just like them to start again and again.
I delve into my security knowledge and soon delete all files on the host, change all passwords and upload an improved (and less hacker) site.
Thank...
source
share