Hacked!

[eluser]asylmottaket[/eluser]
Hi guys,

I just found out that a site Ive made in CI just got hacked/compromized.

Line 118 in index.php

Code:

/* End of file index.php */
/* Location: ./index.php */<!-- bastest t1 -->

Googleing the "<!-- bastest t1 -->" gave me only one result:

http://forum.joomla.org/viewtopic.php?f=444&p=1670508



The only user input that I can think of, is the query string:
like domain.com/page/[numeric-ID] ..but I'm checking the ID like:

Code:

if(ctype_digit($id) === FALSE)
        {
            redirect('/page');
            exit();
        }

So I'm not quite sure how this could have happend.

define('CI_VERSION','1.6.3'); ..should probably updated though. But would this happen in CI 1.7.1 ?

[eluser]GSV Sleeper Service[/eluser]
hmm, quite unlikely that it's due to sql injection on a CI page, unless you're allowing all characters in the URL.
are you on a shared host? if so it's probably down to some other chump running unpatched software.
grep your access logs for strings like 'union', 'into outfile' etc just to be on the safe side.

[eluser]TheFuzzy0ne[/eluser]
That sounds like it might be an error on your part more than anything. Whoever it was clearly had full access to the server, and if that's the case, then I doubt you're site would still be intact. In any case, the security issue is not CodeIgniter. You can't edit any files in CodeIgniter via the URI unless you've coded in the ability to do so.

[eluser]louis w[/eluser]
Agreed, this hack has nothing to do with CI. Someone gained access to your server.