OK, techie request time people. Those of a non-technical, anti-acronym mindset should look away now.
I think I’m getting hacked. Well not here, Scottish Blogs.
The Scottish Blogs site uses a MySQL database to store the member details. The submission form calls a separate PHP page which does a little checking (to make sure duplicate URLs and email addresses aren’t added) then throws the info into the database. The database connection details are held in a separate PHP file which is included as and where needed.
I’m pretty sure that someone has managed to figure out how to write to the database directly. I’ve taken the submission form offline for the past few hours but I’m still getting new “spam” sites added, I’m currently getting around 15 – 20 “spam” submissions a day, mainly from chinese sites/hackers (not really spam as such just illegible nonsense).
So, given those rather skimpy details, anyone got any suggestions on how this is happening and how I can stop them from doing it?
