site bein messed up by some noob
 

guys needa bit of help some pranny thinks its smart to do some stuff to my site... i keep goin there and i keep gettin these annoying message boxes and redirected... here is a screen shot.




how would i go about stoping this? thanks

Either your CP/FTP information is very easy to guess or most likely you have a remote file exploit somewhere on your site.

Funny thing is I know the owner of Guysthatgame

ok well its definatly not my ftp so how do i stop this file?

Do you run backups? I'd look at restoring to some time before the exploit occurred, and running a full security audit immediately. Lock down SSH if you have it, turn off FTP at least temporarily (you should be using sFTP anyways) and scan for XSS vulnerabilities asap.

nah iv found out what there doing.. there is a form where people can submit and what is being submited is this

<a href='arlnk://asdasdasd'><script>alert('TK=NOOBS')</script></a><hr /><a href='arlnk://dfsdfsdfsdf'><script>alert('SANITIZE YOUR FUCKING INPUTS YOU SKIDDIE!')</script></a><hr /><a href='arlnk://gsdfsdfsdf'><meta http-equiv="REFRESH" content="0;url=http://www.guysthatgame.co.uk/gtgshop/product_images/q/jnx1119__58496.jpg"></a><hr />

which is clearly displaying an alert and redirecting.... i just spoted it in one of the files which is a text file that is writen to on submit and read by the main index page. How would i filter out stuff like this?

poor guy is spying on this post he is just posting a bit of js in to an open field he must think he is real clever. Its all filtered now anyway

Well, although not very eloquently put, he has a point. Sanitize your inputs. ;)

Repeat after me: Filter input, escape output.

Now I want 400 lines of that by monday!

From a programming perspective, it's normally best to consider the user a malicious idiot. If you remember this, you always know to validate your data for any sort of incorrect input and then filter it.

The first because he's an idiot.
The second because he's malicious.

;-)

zomg bbq! Salathe is still alive!

And here I was thinking everybody who ran this site had been eaten by mutated Oreo's bent on revenge.

Thats a typical XSS attack, escape your outputs. That was my thought before I got to the bottom of the image you gave. I assure you it could be worse, I once saw a case where the cracker injected code that downloaded a virus to the users machine. It was a mortgage banker so less technical clients would do whatever the site said and got infected.

I personally use the sanitize feature in the Savant template engine to escape my outputs.

They were. I've never ran this site. :-(

we lurk in the shadows and only come out to play every 30 days ;)

So basically you're a menstrual cycle?

Lets say 25 days then so we don't get associate with menstrual cycle :P