In the image below is where I recently found these malicious hyperlinks.
I tried to log into my web-host and I couldn't find any hyperlinks attached to the elements in my files.
My Questions:
- How do I avoid these?
- How can I remove them?
- Despite these hyperlinks, Is my website vulnerable to any XSS attacks? If yes, please specify the holes i should fill.
I am using Ajax to send an instant response if the email already exists or not; Would this influence the attacker to easily send XMLHTTPRequests to the server?
I just want to make my website 100% safe as in a matter of none would ever get into the database ( confidentiality, integrity, and availability ) considering I have SSL certificate over HTTPS. Even if it's only login system website without many complicated input stuff.
I heard using SQL stored procedures help, also HTML encoding.
Please visit the website and take a look over the code www.tarsh.tk
Any Help/Hints/Tips/Links would be appreciated.