cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

HACKED Dreamweaver Developer Toolbox

Guest
Jun 09, 2009 Jun 09, 2009

Copy link to clipboard

Copied

I make the back-end of my websites with Dreamweaver Developer Toolbox. Yesterday for the first time one site got HACKED.

All data entry said HACKED and there was a photo of a guy. What can I do to protect my sites? The host says there is a "gap in the script" which made it possible to hack the website and fill the database.

Thanks for helping me out..

logo3.jpg

TOPICS
Extensions

Views

3.4K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 5 Replies 5
latest latest Jump to latest reply
pziecina
LEGEND ,
Jun 09, 2009 Jun 09, 2009

Copy link to clipboard

Copied

This was your database?

If so then it is possible that your site suffered from an sql injection problem. Was this from a password protected part of your site?

PZ

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Jun 09, 2009 Jun 09, 2009

Copy link to clipboard

Copied

In Response To pziecina

Yes, the back-end to update the website was password-protected. How do they do sql-injection?

How can I protect and is this really a gap in the Developer Toolbox scripts?

All the datas contained where overwritten with things like:

HACKED,Trk_Komando | SYSTEM OWNED| StRiCt Dark , HESABINI VERECEKSINIZ TEKER TEKER ... Benım Vatanımda Ezan Susmaz Bayrak Inmez Ya Sev Yada Terk Et! || NE MUTLU TÜRKÜM DIYENE...!!!! | HACKED SavcıHackTeam  ~StRiCt Dark ~ SpeArLine ~ RéoxqinG ~ Mr.BLacK ~ karayipliler ~ starwars ~  

etc.

I also have found this entry:

http://img199.imageshack.us/img199/6091/desingedburak.jpg

Thankx for answering!

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
pziecina
LEGEND ,
Jun 09, 2009 Jun 09, 2009

Copy link to clipboard

Copied

In Response To Deleted User

It's not specific to the ADDT, but something that can happen on most websites at the moment.

The problem is that many people doing web design/development are completely unaware of the various security issues,

For a description of sql injection try:     http://en.wikipedia.org/wiki/SQL_injection

It may also be that they have hacked into the password protected part of the site or 'found' your connection script, this is why simply allowing dreamweaver to do everything for you without a knowledge of security issues can be fatal (as your problem proves)

A good book if you wish to learn more is:

Essential PHP Security (Paperback)

by Chris Shiflett

PZ

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Jun 09, 2009 Jun 09, 2009

Copy link to clipboard

Copied

In Response To pziecina

So I changed the password, made it more difficult (does this help?). But how could I protect my connection script?

Xxx

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
pziecina
LEGEND ,
Jun 09, 2009 Jun 09, 2009

Copy link to clipboard

Copied

LATEST
In Response To Deleted User

You could restrict access to the folder and only allow your site access.

Any change from providing a normal type of password is better, always use a combination of random letters and numbers. as many hackers have scripts that can run through a combination of names or variables there of.

Also have you set up the log-in page to only allow three log-in attempts then lock-out that page for (say) 30 mins?

PZ

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Copyright © 2024 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices