Quote:
Originally Posted by bogart
Hackers are able to use contact forms and inject code if you are using sql.
|
which is easily avoided with a few simple lines in your code.
for example, always limit your input boxes in your forms, ie.
Code:
<input type="text" maxlength="some appropriate number here" />
@FairwayandIsle:
how often do you update your site via FTP? you said a couple times a week?
upon updating your site, do you soon thereafter notice your site becomes infected? if so, your FTP connection has been compromised.
there's an easy fix, but it requires your server/host to allow for SSH2 connections.
you're probably connected using an unencrypted port 21 right now, which is the same as surfing the web without any firewalls, spyware/virus protection.
i had a similar problem ages ago where all of a sudden, out of the blue, my site started acting funny...some pages weren't showing up, etc.
turns out, any time i uploaded a file via the unencrypted port 21, some bot or something was altering my files by injecting hundreds of 'viagra' type links into the source code, but was using CSS to hide the links. this was causing Google to index my page as per the hundreds of ridiculous links that it found hidden in the source, ultimately leading to my being banned from Google (had i not fixed the problem in time, which i did).
not saying it is the problem, but it definitely could be.
what you need to do is contact your host and request a secure FTP connection (SSH2), and then plug in those credentials into your FTP client, and your set.