guys needa bit of help some pranny thinks its smart to do some stuff to my site... i keep goin there and i keep gettin these annoying message boxes and redirected... here is a screen shot.
Do you run backups? I'd look at restoring to some time before the exploit occurred, and running a full security audit immediately. Lock down SSH if you have it, turn off FTP at least temporarily (you should be using sFTP anyways) and scan for XSS vulnerabilities asap.
nah iv found out what there doing.. there is a form where people can submit and what is being submited is this
<a href='arlnk://asdasdasd'><script>alert('TK=NOOBS')</script></a><hr /><a href='arlnk://dfsdfsdfsdf'><script>alert('SANITIZE YOUR FUCKING INPUTS YOU SKIDDIE!')</script></a><hr /><a href='arlnk://gsdfsdfsdf'><meta http-equiv="REFRESH" content="0;url=http://www.guysthatgame.co.uk/gtgshop/product_images/q/jnx1119__58496.jpg"></a><hr />
which is clearly displaying an alert and redirecting.... i just spoted it in one of the files which is a text file that is writen to on submit and read by the main index page. How would i filter out stuff like this?
From a programming perspective, it's normally best to consider the user a malicious idiot. If you remember this, you always know to validate your data for any sort of incorrect input and then filter it.
The first because he's an idiot.
The second because he's malicious.
Thats a typical XSS attack, escape your outputs. That was my thought before I got to the bottom of the image you gave. I assure you it could be worse, I once saw a case where the cracker injected code that downloaded a virus to the users machine. It was a mortgage banker so less technical clients would do whatever the site said and got infected.
I personally use the sanitize feature in the Savant template engine to escape my outputs.
Join the friendly bunch on IRC...
site bein messed up by some noob
Linear Mode
