Hello,
I’m having a lot of trouble by hackers
Since it is not possible to learn all the vulnerabilities at once, I am trying to solve the problem one by one.
First of all is ajax unsafe for hackers?
What am I doing with Ajax?
I send conditions and get content and list with ajax
Ajax is just another way of making a http request to a web page. It is not more or less secure than any other http request, because the security is determined by what your code on the server is doing with the external data that it receives.
All external data - $_POST, $_GET, $_FILES, $_COOKIE, and some $_SERVER variables, can come from anywhere, can be set to anything, and cannot be trusted. You must validate all external data before using it and you must use it safely in whatever context it is being used for. For an sql context, use a prepared query. In a html context, apply htmlentities(). In an email header context, validate that an email address is only and exactly one properly formatted email address.
What exact problem are you having and what is the relevant code?
I’m a beginner at coding
I cannot understand and solve them all at once.
That’s why I want to understand one by one and improve my codes
I send condition for sql query with Ajax and get the result
So, I’m running the php file and getting the output
Can you show us the code for handling SQL conditions? We can certainly check that.
Regarding security as a whole; there are a massive number of ways a web application can be vulnerable to attack. The places where you need to take care are where your code interacts with other systems; for example the web server, the database, or the disk. The root of the problem is ensuring only the data you expect passes to or from these systems.
I will prepare a sample sql query to share on the forum
I have no problems with the database
In my website’s home directory (public_html) I find a zip file and several folders with meaningless names and also several php files one of which was fox.php
red page when i visit my website and it says this site is an offensive site
I cleaned foreign files and installed “ImunifyAV” virus scanning plugin from WHM panel, it says it’s ok for now
“No malware found November 4, 2021 11:34 AM”
While I am not clear of everything you have going on…
This seems like an exploit in a php script or something that allows UPLOADS of any kind… and creation of directories…etc…
I remembered now.
I installed joomla on a website and closed the login from the homepage.
No pages, no plugins, as I installed
Yet hackers left zip, folder and php files on this website
On another website, “webtrees” was installed, similar files were left by hackers on my website.
Similar files were left by hackers on my website that I am trying to write
I have multiple websites on one hosting.
If there is a problem with my codes, why did the hackers leave files on other ready-made websites?
But not all reproach.
Only one of the 3 “webstrees”
Only one of 2 “joomla”
In addition, there is an option to upload company logo images on my website.
I check as below if there is an image uploaded
$target_file = $target_dir . basename($file_name);
$imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));
$extensions = array('jpeg','jpg','png','gif');
if (!in_array($imageFileType, $extensions )) {
$errors[] = "Sorry, only JPG, JPEG, PNG and GIF files are allowed.";
}