website hacked repeatedly

The website I created for our local group of car guys has been hacked twice now in 3 days Some months ago I emailed the password to somebody so that they could upload a big video file ... everything seemed fine until a few days ago when a bunch of the files (mainly pictures) were deleted and there was a new file "love.html" which basically said "Hahaha I hacked your page." ...
Part of the website I programmed which could have a security loophole ... either from putting some PHP code to delete files in a textarea in a form (although I use a parsing function that's supposed to get rid of PHP), and also allowing people to upload files (but only registered members should be able to do this.) So they could've gotten in through one of those loopholes, or just gotten the password from that email, or just cracked the password on their own. I think it's one of the first two because the password was not changed, and they also didn't access the MySQL database, only the files.
Anyways I had the password changed ... damn hosting company sent an email saying "Your new password is this" ... and today it's been hacked again. This time only one file was changed, the index.php to say "I hacked your page" again ... seems to be a different hacker this time. So possibly they have access to my email or even to my actual computer ... I just backed up all files and the MySQL database, changed my email password, changed my website password again (over the phone and asked not to get an email about it) and upped the security on my connection.
Anyways just wanted to rant about that and also ... since my website is for local people only and both hackers were using some sort of middle east language ... I was wondering if anybody knew how to block all IPs outside the US? Thanks for the help This blows

 

I'm sure Noah will be along shortly to gloat.

 

Most likely a PHP exploit, it happens. I wouldn't worry too much about having your email or computer being compromised. Sounds like a typical defacement. Do you by any chance remember what group/person(s) were mentioned on the page? You could try searching for their names and to see if anyone else has had a run in with them and discovered how they did it.

 

Thanks, that's comforting ... I do remember one and I'll search for it. I've been going through some PHP security articles; hopefully I'll be able to fix whatever the problem was.

 

Are you tracking who's uploading what in your upload form for members? See if that file is being uploaded by a member whose account might have been compromised.

What do you want your users to be allowed to upload? If it's only photos, only allow photo extensions/mime types to be uploaded and make the form fail on anything else.

Also, read up on XSS, could be a flaw with an input field.

Another thought might be a server/server software vulnerability. Using cPanel? Has it been updated recently? Could be any number of vulnerabilities in the server itself. Also, if it keeps coming back even though you think you've "fixed" the problem, be wary of rootkits.

 

I'm a ****ing idiot with computers


Oh, and I just saved money on my car insurance by switching to Geico!

 

Note: Don't edit the file itself. But...

On .htaccess, what are your (chmod) permissions set at?

For instance:

RW-
R--
R--

 

Patch your php-based software regularly...this is likely not a password issue.

 

i concur.

 

I do check the mime types on all uploads but I don't track who's doing what so I'll start doing that. I think it was probably the contact form though - forgot to striptags on the input.

Strangely there was no .htaccess file ... so I created one and uploaded it. I guess I forgot to make one for this website but I'm surprised there wasn't a default one on the server.

Thanks, I programmed lots of it myself so I can't really patch it, but I think I found the flaw in the code.

 

I hope it doesnt happen again andrew!

Im tired of uploading pics again and again

 

PHP always seems to get hacked by the Middle East.

 

My forum was hacked by the "Red Devil Crew." Peckers. They're hacked A LOT of sites just for another notch in the belt.