Code Injection

[unisecureus]

What is code injection? one of the websites it gets hacked by someone because when I open my website it gets redirected to another website. I have removed that code injection script from the website and also removed his database files from my server database but its temporary solution I guess because again I am getting spam links on my website.

How I can solve this problem. please help me with permanent solutions for the same.

 

[HostMantis]

You can't just remove the code that was injected and consider it fixed and then wonder why it happens again and again.

It's the equivalent of a burglar coming in through an open window in your home, ransacking the house and then afterward you do nothing more than clean up the mess they made while ransacking.

The burglar will just come back the next day through the very same window and do it again and again.

If you don't close the hole, they will continue to come back in the very same way again and again. Also, they will tend to drop additional hidden malware and backdoors, so once compromised it is difficult to clean.

 

[mostwantedhost]

As suggested by HostMantis, once you got infected, hacker may have placed more backdoor. Best way to terminate the account and restore from backup.

Also use php function like strip_tags (assuming your site is developed in php) to clean the code before adding form value in database.

 

[unisecureus]

hi. Thanks for reply and suggestion.

 

[ryandoc]

Codeinjection is when hackers add some script to your website's code.

 

[MilesGeek]

Code Injection is an attack in which the attacker can execute a malicious code due to an injection attack. It is different from Command Injection because an attacked is restricted of the language performing the injected code. Though it is possible for the attacker to increase an attack from Code Injection for executing the arbitrary shell commands, it is not the same case always.

Generally, the Code Injection attack is done when code evaluation is done by an application without it's prior validation. It is observed that the code evaluation that contains user input can always put you into trouble.

Hence, you should avoid using 'eval()' in your code.

 

[RS-Liam]

Code injection isn't limited to eval()'d code. Sometimes things unintentionally break because of unsanitized user input.

For instance, if you're asking a user to upload an image file but you have no validation, someone can just upload a rouge file instead and let it do its work.