Will Mysql stop hackers?

SpaceshipSpaceship
SpaceshipSpaceship
SpaceshipSpaceship
Watch
Impact
72
Hi
A few days a go I downloaded the form generator from http://phpformgen.sourceforge.net

During the installation of the script you could choose for the results to be put as files or mysql. I chose files as I thought it would be easy. Today I went on to the results page and it has come up with 'Hacked by Cyber for Islam'. If I reinstall the script but this time choose mysql will it stop me from been hacked again?

Thanks
sean
 
0
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
AfternicAfternic
I don't know anything about the script you downloaded but generally if you get hacked, the script isn't secure and I wouldn't bother running it a different way. That's the problem you take on when using freely available scripts. They are prone to hacking because the source is freely available.
 
0
•••
I would suggest creating your own form and having the information sent to your e-mail... If you need it in a database store it in a MySQL DB it is indeed more secure than a plain text file is..

-RageD
 
0
•••
lol

sql is safe as it can be its just the matter of weather you have blocked sql injection from ur files if u forgot to do it then any one can inject mysql and read-edit the fields lol i hack alot of databases in my time to know if it ant stoped ur just asking for it
 
0
•••
Well I think mysql can also be hacked. if the scripts are not proper.

Hackers can inject SQL queries and hack it easily.
 
0
•••
nick_mayhem said:
Well I think mysql can also be hacked. if the scripts are not proper.

Hackers can inject SQL queries and hack it easily.


all input and output has to be double checked, use a function to save you lots of editing

ex:
function strip_sql($value) {
// all functions in here , if needed put in a array to strip
}
 
0
•••
That script is interesting. I have just completed working on a form generator script myself for my CMS which is in heavy development.

I would of liked to have seen the demo in action but it didnt work. My form generator saves results and emails you.

As for the question you need to run the code through a validation function. php has a some of it's own functions like htmlspecialchars()
 
0
•••
CreedFeed said:
[...]That's the problem you take on when using freely available scripts. They are prone to hacking because the source is freely available.
The problem with that script is that it hasn`t been updated since 2003 not that the source is open.By that logic , Microsoft products would be the most secure and we know how well they do security-wise :)
You probably didn`t install it properly or there is some vulnerability that hasn`t been fixed because the it`s been a long time since tha last update (around 3 years!)
SQL will not prevent this from happening, you are also prone to SQL injection attacks as others have said in this thread.To know exactly what might have gone wrong we would have to check your installation.
I wonder why this project hasn`t been updated or someone hasn`t taken the code and worked on it.It`s a nice script.
 
0
•••
The issue isnt really anything to do with Mysql, the script is insecure and it probably got abused by some sort of remote command execution. Then again it might not even be the script, your whole server may have been compromised, was it just your index page hit?
 
0
•••
Dynadot — .com TransferDynadot — .com Transfer
Truehost — .com domains from $4.99, hosting includedTruehost — .com domains from $4.99, hosting included

We're social

Escrow.com
Spaceship
Domain Recover
CryptoExchange.com
Catchy
DomDB
NameFit
  • The sidebar remains visible by scrolling at a speed relative to the page’s height.
Back