Can you tell if someone has hacked into your website

piano0011 · August 29, 2019, 4:18am

I am just wondering if it is possible if someone could hack into your website? I have used prepared statement and have htmlspecialchars to output variables but sometimes, I have someone users who have registered but they haven’t activated their account yet. I have also included a code that will delete that user if they don’t activate their account, just on the safe side…

aracnophob · August 29, 2019, 4:56am

depends on the hack. A hacker can make a mock replica of your login page just to phish for someones credentials to login to your website. This is why its a good idea to capture users mac addresses or use cookies that will dedicate the users information directly to the server so they dont hit a bogus hacker server. Im not however sure if infinity epizy server has pre baked cookies for this though

piano0011 · August 29, 2019, 5:32am

I think this is what the person is trying to do because I get some invalid email addresses used from them… any tutorials on how to prevent this?

piano0011 · August 29, 2019, 5:33am

but I am using $csrf token for each form though… will this help?

anon19508339 · August 29, 2019, 5:58am

well. you’ve prepared your statements it means the SQL injection cannot work on your site.
also same thing for PHP Injection.

hackers to see can they sql inject or no: first they put a ’ in form input via inspect element or typing. then they press submit. if it gave SQL ERROR. IT’S SQL INJECTABLE.

for PHP Injection:

example we’ve this:
www.domaino.com/index.php?id=1

simply php detects this with $_REQUEST[‘id’]
like:

<?php

$betty = $_REQUEST['id'];
?>

it’ll translate to:

$betty = 1;

if a hacker comes and write these for input:

www.domaino.com/index.php?id=1;%20php_info()

it’ll translate to:

$betty = 1; php_info();

if it be success ful. it’ll show the php info

aracnophob · August 29, 2019, 6:18am

I run this code example in order to remove html tags from being sent to the database. This will keep them from uploading a file then making a link to start said file on the server. You can also run some regex to remove any msyql injection but it may cause a lot of trouble.

preg_replace(‘/<[^>]+>/’, ‘’, $text);

piano0011 · August 29, 2019, 6:22am

I am confused here because I thought that prepared statement is good enough? I also used htmlspecialchars to send variables through…

anon19508339 · August 29, 2019, 6:25am

wait. but it is?

i’m using it too

system · October 28, 2019, 6:25am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.