Well i have a script (It's secure for what i know. e.g. No direct file access using die()). Coded in PHP. But hackers would access the "conf.php" file and change its contents. But not all.
Normal File:
<?php
/*
* Some license
*/
$conf['mysql_host'] = 'localhost';
//some other details
?>
After hackers changed it:
Hi, we luve uhhhh<?php
/*
* Some license
*/
$conf['mysql_host'] = 'locahost'];
//Some other details
?>
Any solution? Please help. Oh and i did clean variables to prevent any XXS and SQL-injection attacks.