I am suffering from SQL Injection attacks


Since I opened an online project I'm having problems with trespassing, where someone is doing direct inserts in the database. It was the one that gave me initiative to by in all the variables received through the method $_GET and $_POST . The functions:

$variavel = trim(strip_tags(mysqli_real_escape_string($conn, $_POST['recebe'])));

I used two programs to scan scanner to analyze the site ('Acunetix' and 'Scrawlr'), where I first returned vulnerable variables, but now I have done all the same procedure and now more trouble signal.

However, the attacker is still able to invade the server, even though he is sure that he has checked all the lines of code in the project.

asked by Pedro Quezado 12.12.2015 в 12:36

3 answers


After being attacked, he may have gathered important information that allows him to make the invasion by other means. When you have a server hacked, it is not easy to make it safe again. If you can not effectively do what is simple, that is to leave you safe initially, now it will be much more difficult. He may even be doing this by having direct access to the server now.

A security specialist (rare to find a really capable) could do a scan on that server to see if there is anything that can be done. If you prefer on your own, the best way probably is to start a new server, with all different data, especially passwords. Do not go copying anything that was on the compromised server. If you have to copy something, you will have to do a thorough analysis of the content. And passwords, forget, this can not be leveraged.

Privacy already was. This will never have a solution, once lost, will not come back.

Otherwise, the code is probably still vulnerable. These softwares make superficial analyzes. Do not trust them as a definitive solution. If you can not find all the vulnerabilities, you'll need to hire a specialist. And be careful, a lot of people sell what they do not have.

Remember that now the attacker probably knows your code and knows how to exploit any flaw, even those that were previously unnoticed.

answered by 12.12.2015 / 13:18

Avoid using the mysqli_ * and mysql_ * functions, use PDO, handle the data entries. Make a select in your bank and check the privileges of the users, if there are any "strange" users, if root has external access without password, etc.

select user,password,host,grant_priv from mysql.user; 

Running the above query, make sure that any user (with host =%, which would be remote access) has no password. It is not guaranteed that he has access to the database in the way I have quoted but may occur. Check mysql and php logs. As quoted @bigown, the most advisable is to hire someone who understands the subject, rarity but it is possible.

answered by 26.10.2016 в 17:04

In fact, nothing will replace security expertise, but using mature PHP frameworks like Symfony will help you to program seamlessly implementing security with symfony

If rewriting your project is not an option, I recommend turning to magic quotes , even though obsolete in newer versions of PHP, it can solve the problem of SQL injection.

answered by 26.10.2016 в 17:17