Hello everybody ,

i want to ask a little..

i have few websites and blogs on my hosting at HM. i used wordpress for blog and HTML (create on dreamweaver)

one of my website is in standart .HTML , but i rename it to .PHP
few days later , my account has been suspended , then i contact support.said that my domain for my website must removed from my account.i got a reason, my website was hacked with code added (injection?)

my question :
1. Is it easy to hack .HTML renamed to .PHP ? what should i do to make my page more secure in PHP ? is it more secure if i use .HTML ?

2.My other website also use that metode , what should i do to save all my website from this case ?

3.IF later my website hacked again , what about my account ? because i was received notification/warning from admin support for this happen.

i'm scare it will did again :(

please help me

*sorry my english very bad

1. Is it easy to hack .HTML renamed to .PHP ? what should i do to make my page more secure in PHP ? is it more secure if i use .HTML ?

If you have any forms then that's probably how code was injected into your site. You have to limit the number of characters in your form fields and validate the data that is submitted.


2.My other website also use that metode , what should i do to save all my website from this case ?

Do the same thing on all sites with forms.


3.IF later my website hacked again , what about my account ? because i was received notification/warning from admin support for this happen.

If this happens again you will probably see the same response from Hostmonster.

there is a certain someone on this forum ;) who has a website: myPHPscripts.net (http://www.myphpscripts.net/) look for the injection script and start implementing it
(http://www.myphpscripts.net/)

thanks for response,

but my website pure .HTML page without form, just i rename it to .PHP

if i use .HTML , its more secure ?

i rename to .PHP because i want to add php script running on my HTML page. so i rename it to PHP.

you can only do certain things with html. if you need any kind of server side scripting, you need the php

thanks for answer..

mabby i must to rename it to .HTML again for securely

thanks all

you must still have an issue with something if they were able to inject php they may be able to inject javascript or other XSS even if its only an html file.

there is a certain someone on this forum ;) who has a website: myPHPscripts.net (http://www.myphpscripts.net/) look for the injection script and start implementing it
(http://www.myphpscripts.net/)

Thanks for the plug. Yes, Injection Scanner works fairly well, but it's not 100% foolproof. I am planning on major changes to the site in the coming future, including new scripts.