My website has been hacked. I am observing how hacker accesses my site. Though I have been using bindparam
to prevent from sql injection
and direct access restriction
for backdoor attack
, hacker's change my index.php
page and run their own script. S/He put following line <iframe width='1' height='1' src='https://www.youtube.com/embed/hKdyS_bgUbM?rel=0&autoplay=1&loop=1&playlist=RvpkUhrTmxY'
in their uploaded html script.
I doubt I am become victim of xss attack
. So I search in google about possible script attack and found about iframe injection
. And in one youtube video, it is said that - if your iframe's width and height can be changed, iframe injection can be easily applied and hacked. What he is saying ?
I inspect element through mozila firefox inspector, my iframe's width and height can be changed and applied in body live iframe. Does he talk about my case ? Is my website hacked by iframe injection
? If it is, how to prevent. My website is still vulnerable, because I have only removed their index.php code and restore previous index.php
which had been hacked, nothing has been changed. Please help.