my website was recently attacked and in the log i found some requests like :
I found some suspicious files and folders in my root directory and someone has written on home page that "you are hacked".
one of the folder is "lentenfish" having files like "sql.php" , "cof.pl" , ".htaccess" ,"jen.jeen"
mysite.com/view_news.php?id=-999.9 UNION ALL SELECT 0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536--
and
/?<'IMG SRC="javascript:alert(cross_site_scripting.nasl);">
and
/?ho+{COMPLETE_VERSION}
and
/admin/?email=../admin/noop.cgi?foo=bar&test=blah
and
/admin/?password=../../../../../../../../windows/win.ini
and many more :(
i don't know where the problem is and how to solve.
My website is written in php and the backend is MySql.
So Please help me out in solving this.
Thanks !