{"id":794,"date":"2008-04-17T13:31:25","date_gmt":"2008-04-17T18:31:25","guid":{"rendered":"http:\/\/www.bytebot.net\/blog\/archives\/2008\/04\/17\/help-my-website-has-been-hacked-now-what"},"modified":"2008-04-17T13:31:26","modified_gmt":"2008-04-17T18:31:26","slug":"help-my-website-has-been-hacked-now-what","status":"publish","type":"post","link":"http:\/\/www.bytebot.net\/blog\/archives\/2008\/04\/17\/help-my-website-has-been-hacked-now-what","title":{"rendered":"Help, my website has been hacked! Now What?"},"content":{"rendered":"<p><a href=\"http:\/\/eliw.com\/\">Eli White<\/a> from Digg presented. It was an interesting talk&#8230; He covered:<\/p>\n<p>You are going to get hacked&#8230;<br \/>&#8211; SQL injection<br \/>&#8211; XSS<br \/>&#8211; CSRF (cross site request forgery)<br \/>&#8211; Session Hijacking<\/p>\n<p>Slides (<a href=\"http:\/\/eliw.com\/conference\/mysql-2008-hacked.pdf\">PDF<\/a>, <a href=\"http:\/\/eliw.com\/conference\/mysql-2008-hacked.odp\">ODP<\/a>) have SQL injection\/XSS example, with the hole, the attack, and the prevention.<\/p>\n<p>Technorati Tags: <a class=\"performancingtags\" href=\"http:\/\/technorati.com\/tag\/mysqlconf\" rel=\"tag\">mysqlconf<\/a>, <a class=\"performancingtags\" href=\"http:\/\/technorati.com\/tag\/mysql\" rel=\"tag\">mysql<\/a>, <a class=\"performancingtags\" href=\"http:\/\/technorati.com\/tag\/mysqluc08\" rel=\"tag\">mysqluc08<\/a>, <a class=\"performancingtags\" href=\"http:\/\/technorati.com\/tag\/mysqluc2008\" rel=\"tag\">mysqluc2008<\/a>, <a class=\"performancingtags\" href=\"http:\/\/technorati.com\/tag\/eli%20white\" rel=\"tag\">eli white<\/a>, <a class=\"performancingtags\" href=\"http:\/\/technorati.com\/tag\/digg\" rel=\"tag\">digg<\/a>, <a class=\"performancingtags\" href=\"http:\/\/technorati.com\/tag\/hacked\" rel=\"tag\">hacked<\/a>, <a class=\"performancingtags\" href=\"http:\/\/technorati.com\/tag\/security\" rel=\"tag\">security<\/a>, <a class=\"performancingtags\" href=\"http:\/\/technorati.com\/tag\/sql%20injection\" rel=\"tag\">sql injection<\/a>, <a class=\"performancingtags\" href=\"http:\/\/technorati.com\/tag\/xss\" rel=\"tag\">xss<\/a>, <a class=\"performancingtags\" href=\"http:\/\/technorati.com\/tag\/csrf\" rel=\"tag\">csrf<\/a>, <a class=\"performancingtags\" href=\"http:\/\/technorati.com\/tag\/slides\" rel=\"tag\">slides<\/a><\/p>\n<div class=\"sharedaddy sd-sharing-enabled\"><div class=\"robots-nocontent sd-block sd-social sd-social-icon-text sd-sharing\"><h3 class=\"sd-title\">Share this:<\/h3><div class=\"sd-content\"><ul><li class=\"share-email\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"\" class=\"share-email sd-button share-icon\" href=\"mailto:?subject=%5BShared%20Post%5D%20Help%2C%20my%20website%20has%20been%20hacked%21%20Now%20What%3F&body=http%3A%2F%2Fwww.bytebot.net%2Fblog%2Farchives%2F2008%2F04%2F17%2Fhelp-my-website-has-been-hacked-now-what&share=email\" target=\"_blank\" title=\"Click to email a link to a friend\" data-email-share-error-title=\"Do you have email set up?\" data-email-share-error-text=\"If you&#039;re having problems sharing via email, you might not have email set up for your browser. You may need to create a new email yourself.\" data-email-share-nonce=\"97e41cc931\" data-email-share-track-url=\"http:\/\/www.bytebot.net\/blog\/archives\/2008\/04\/17\/help-my-website-has-been-hacked-now-what?share=email\"><span>Email<\/span><\/a><\/li><li class=\"share-facebook\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-facebook-794\" class=\"share-facebook sd-button share-icon\" href=\"http:\/\/www.bytebot.net\/blog\/archives\/2008\/04\/17\/help-my-website-has-been-hacked-now-what?share=facebook\" target=\"_blank\" title=\"Click to share on Facebook\" ><span>Facebook<\/span><\/a><\/li><li class=\"share-linkedin\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-linkedin-794\" class=\"share-linkedin sd-button share-icon\" href=\"http:\/\/www.bytebot.net\/blog\/archives\/2008\/04\/17\/help-my-website-has-been-hacked-now-what?share=linkedin\" target=\"_blank\" title=\"Click to share on LinkedIn\" ><span>LinkedIn<\/span><\/a><\/li><li class=\"share-twitter\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-twitter-794\" class=\"share-twitter sd-button share-icon\" href=\"http:\/\/www.bytebot.net\/blog\/archives\/2008\/04\/17\/help-my-website-has-been-hacked-now-what?share=twitter\" target=\"_blank\" title=\"Click to share on Twitter\" ><span>Twitter<\/span><\/a><\/li><li class=\"share-end\"><\/li><\/ul><\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>Eli White from Digg presented. It was an interesting talk&#8230; He covered: You are going to get hacked&#8230;&#8211; SQL injection&#8211; XSS&#8211; CSRF (cross site request forgery)&#8211; Session Hijacking Slides (PDF, ODP) have SQL injection\/XSS example, with the hole, the attack, and the prevention. Technorati Tags: mysqlconf, mysql, mysqluc08, mysqluc2008, eli white, digg, hacked, security, sql [&hellip;]<\/p>\n<div class=\"sharedaddy sd-sharing-enabled\"><div class=\"robots-nocontent sd-block sd-social sd-social-icon-text sd-sharing\"><h3 class=\"sd-title\">Share this:<\/h3><div class=\"sd-content\"><ul><li class=\"share-email\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"\" class=\"share-email sd-button share-icon\" href=\"mailto:?subject=%5BShared%20Post%5D%20Help%2C%20my%20website%20has%20been%20hacked%21%20Now%20What%3F&body=http%3A%2F%2Fwww.bytebot.net%2Fblog%2Farchives%2F2008%2F04%2F17%2Fhelp-my-website-has-been-hacked-now-what&share=email\" target=\"_blank\" title=\"Click to email a link to a friend\" data-email-share-error-title=\"Do you have email set up?\" data-email-share-error-text=\"If you&#039;re having problems sharing via email, you might not have email set up for your browser. You may need to create a new email yourself.\" data-email-share-nonce=\"97e41cc931\" data-email-share-track-url=\"http:\/\/www.bytebot.net\/blog\/archives\/2008\/04\/17\/help-my-website-has-been-hacked-now-what?share=email\"><span>Email<\/span><\/a><\/li><li class=\"share-facebook\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-facebook-794\" class=\"share-facebook sd-button share-icon\" href=\"http:\/\/www.bytebot.net\/blog\/archives\/2008\/04\/17\/help-my-website-has-been-hacked-now-what?share=facebook\" target=\"_blank\" title=\"Click to share on Facebook\" ><span>Facebook<\/span><\/a><\/li><li class=\"share-linkedin\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-linkedin-794\" class=\"share-linkedin sd-button share-icon\" href=\"http:\/\/www.bytebot.net\/blog\/archives\/2008\/04\/17\/help-my-website-has-been-hacked-now-what?share=linkedin\" target=\"_blank\" title=\"Click to share on LinkedIn\" ><span>LinkedIn<\/span><\/a><\/li><li class=\"share-twitter\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-twitter-794\" class=\"share-twitter sd-button share-icon\" href=\"http:\/\/www.bytebot.net\/blog\/archives\/2008\/04\/17\/help-my-website-has-been-hacked-now-what?share=twitter\" target=\"_blank\" title=\"Click to share on Twitter\" ><span>Twitter<\/span><\/a><\/li><li class=\"share-end\"><\/li><\/ul><\/div><\/div><\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_options":[]},"categories":[1],"tags":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p4vJD-cO","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":769,"url":"http:\/\/www.bytebot.net\/blog\/archives\/2008\/04\/10\/a-slice-of-wednesday-5-must-see-talks","url_meta":{"origin":794,"position":0},"title":"A slice of Wednesday &#8211; 5 must-see talks","date":"10\/4\/2008","format":false,"excerpt":"A session at the MySQL Conference 2008 that I'd have loved to attend, would have been the Adopting and Adapting OSS at Shinsei Bank. As a case study, Shinsei Bank in Japan is a great MySQL customer and use case - they're a bank. A pretty large bank... Sadly, the\u2026","rel":"","context":"In &quot;MySQL&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":525,"url":"http:\/\/www.bytebot.net\/blog\/archives\/2007\/04\/22\/activerecord","url_meta":{"origin":794,"position":1},"title":"ActiveRecord","date":"22\/4\/2007","format":false,"excerpt":"ActiveRecord, by Rabble.Rails ActiveRecord is mostly database agnostic. Good subset of the SQL standard is supported, so you can migrate very easily (this is what OS X Leopard will do - develop using sqlite on your workstation, then migrate to mysql on the server).Integer primary keys, and classname_id foreign keys.\u2026","rel":"","context":"In &quot;General&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":793,"url":"http:\/\/www.bytebot.net\/blog\/archives\/2008\/04\/15\/services-oriented-architecture-with-php-and-mysql","url_meta":{"origin":794,"position":2},"title":"Services Oriented Architecture with PHP and MySQL","date":"15\/4\/2008","format":false,"excerpt":"Joe Stump, Lead Architect, Digg. Slides should make its way at Joe's website soon enough. Mainly works on the backend, makes sure its scalable, can all the Digg buttons be served, et al. Application layer is loosely coupled from your data. Whole point of SOA? You can put a service\u2026","rel":"","context":"In &quot;MySQL&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":538,"url":"http:\/\/www.bytebot.net\/blog\/archives\/2007\/04\/27\/diggcom-scales-japanese-character-set-data-warehousing","url_meta":{"origin":794,"position":3},"title":"Digg.com scales; Japanese Character Set; Data Warehousing","date":"27\/4\/2007","format":false,"excerpt":"I missed a couple of talks that I'd really have liked to attend, for various reasons (probably the fact that at the MySQL conferences, staff also have a tonne of meetings and customers\/people to meet). Thanks to the great bloggers, I don't feel so bad for missing such talks. And\u2026","rel":"","context":"In &quot;MySQL&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":573,"url":"http:\/\/www.bytebot.net\/blog\/archives\/2007\/06\/19\/ask-a-sql-guru","url_meta":{"origin":794,"position":4},"title":"ask a SQL guru","date":"19\/6\/2007","format":false,"excerpt":"Came across ask a SQL guru today. Service is run by the Microsoft DB MVP's. You call them (via Skype), and they answer your query, via a video cast. Its quite new, hasn't proven itself (I mean, why not just ask a forum?), and also offers itself as a video\u2026","rel":"","context":"In &quot;Databases&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2816,"url":"http:\/\/www.bytebot.net\/blog\/archives\/2013\/11\/11\/mariadb-10-0-5-storage-engines-check-the-linux-packages","url_meta":{"origin":794,"position":5},"title":"MariaDB 10.0.5 storage engines &#8211; check the Linux packages","date":"11\/11\/2013","format":false,"excerpt":"Today before Ivan's tutorial, he told me that in the 10.0.5 virtual machine images he created, he couldn't find the Cassandra storage engine. I told him it had to be installed separately, and this is true - you have to install some engines separately! When you do a yum install\u2026","rel":"","context":"In &quot;MariaDB&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/posts\/794"}],"collection":[{"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/comments?post=794"}],"version-history":[{"count":0,"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/posts\/794\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/media?parent=794"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/categories?post=794"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/tags?post=794"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}