We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Oxwall SQL Injection | Forum

Ricardo
Ricardo Nov 9 '11
I just had my site suspended by my Internet provider with the following claim:

"Dear customer,


According to our security department to schedule your website is generating many security problems on our server. The problems that were caused by programming your site was installed unauthorized software on the server that is affecting the smooth operation of it causing problems to all our clients who are on the same server.

Possibly these files were placed in the archives of your site using the technique of SQL injection:

"SQL Injection it is the manipulation of a SQL statement using the variables that make up your script (usually via forms or access to the database), if there is a prevention operations can be performed, which may impact on the design of tables, stored data, and scripts that send email. "

Where can no longer host your site until further notice. In order to remedy the issue, please let us return stating the purpose of your website so that we may be looking at our management and thus better guide you.


Any other questions will be at your disposal,
Team Hotel WEB."


Keelan Leader
Keelan Nov 9 '11
VPS.

Sounds like you have some people who doesn't like you trying to use SQL injections.

Move to a VPS
Mark
Mark Nov 10 '11
sounds like an excuse to cancel your contract without any backlash, did they give a list of injected/infected files, did they actually identify a security leak or just assuming their is one?
Michael Leader
Michael Nov 10 '11
I believe that as Oxwall is possibly the only free social website creation solution with the rich features it is capable of and in the early days installs were slow and sparse.  As it becomes more popular and hosts are seeing greater resource usage they are looking for ways to either maximise the usage and / or drive people to more expensive plans.  VPS.  The shared hosts packages are probably not geared up for it.
As it happens, VPS will be a better experience for you and your users.  The good news also will be with more people needing VPS the price will drop.




Den Team
Den Nov 10 '11
Just to verify that site was not closed to any security issues:
- how many users online do you have until your site was suspended?
- does you hosting provide with any exact details of reason of suspension? 
The Forum post is edited by Den Nov 10 '11
Michael Leader
Michael Nov 10 '11
FYI my site got suspended (twice now) with <10 members using the site.
Ricardo
Ricardo Nov 10 '11

Quote from Mark sounds like an excuse to cancel your contract without any backlash, did they give a list of injected/infected files, did they actually identify a security leak or just assuming their is one?

@Mark: My site is located at "
http://www.lostintheclouds.blog.br/". But they said the problem (SQL Injection) was in the file "http://picasa.com.lostintheclouds.blog.br/pl.php".

Is there any "pl.php" on the core files??

The URL "picasa.com.lostintheclouds.blog.br" could point to any IP in the Net. Not necessarily to my hosting server, right?

Ricardo
Ricardo Nov 10 '11

Quote from Addenster Just to verify that site was not closed to any security issues:
- how many users online do you have until your site was suspended?
- does you hosting provide with any exact details of reason of suspension? 

@Addenster: I was the ONLY user registred by the time the site was suspended!!! They just said the problem (SQL Injection) was in the file "http://picasa.com.lostintheclouds.blog.br/pl.php".
Ricardo
Ricardo Nov 10 '11
They now transferred me from a linux package to a windows package without consulting me first.

I was translating
into Brazilian Portuguese and it seems to have lost all my work in one month!

Den Team
Den Nov 10 '11
There is no such file pl.php in default core package. Somebody has added this file to your site via FTP os something else. 

Michael Leader
Michael Nov 11 '11
As Addenster said pl.php is not in the core.  remove it, get the host to move you backto linux and unsuspend.  Of they are unwilling,  get them to open the site for your IP only and jump in and get a backup of your site files and database.
Then go find a new host!

My resource problem the host indicated it came from index.php but I blame it on my host squeezing too many users on one server, not really an issue with the software, just tight hosters.