I have a problem.
One person changes values in database, for his account.
The site is a game site (http://www.ovniz.com)
And I do not find where is the problem.
So can you help me to trace how this person can do this ?
1- I secure all post / get data
2- I add mysql_real_escape_string / (int) to all datas sent to database in queries
I add a small script to detect possible injection code, shell code, to reject some commands.
This person can always modify data in database. I suppose he has direct access to database… but :
– I change passwords (ftp, mysql, admin)
– He only change one sort of data in database (why not other datas ?)
He write me he can deface all my website and ask money…
So if you have some method to trace his activities, it would be very helpfull.
You can also test security in my website, I give you url.
I check logs, and he go to some website on my server.
Thanks for your help.