OK... so I have a custom CMS I wrote that has worked great for all my sites, until I came to Blue host. Blue host is THE ONLY hosting/servers that are having this occurrence, and no one has been able to solve. It is running the code completely as well as deleting the images from the folder. I know for a fact no one running it or hacking it manually... there are a few things that would not be deletable via the user interface... so it has got to be automated.

Here is the code that is being run... on it's own... at random / unpredictable times / on several different domains.... ONLY ON BH servers:

http://grab.by/7Mp

ANY IDEAS PLEASE HELP!

Does NO ONE see any problems with this script? I have been told repeatedly by blue host that it is impossible for the script to be running on the server on it's own.... but that is what seems to be happening.

Where do you have the script?

If it is public_html then there is nothing to stop it running every time anyone types in its address.

it is located inside and admin directory that you must log into prior to accessing the page... otherwise it sends you to the login page.

In order for it to be working as you mentioned, it would have to have been run repeatedly until ALL the table rows and files were deleted. It wipes out ALL of the data. But when I attempted to just type the address, it of course sends you to the log in page... does not run the script and there would be no ID associated with it when run that way.

Sounds like you have eliminated that script as the cause of the data getting deleted.

That script is the only one that does any deleting whatsoever. And when it is NOT uploaded to the server, the random database disappearances do not happen anymore. Then when I put the file back on serverside.... poof! it can happen at any time, but it WILL happen if that file is uploaded.

So in my eyes, it HAS to be that file, or the href link that a user clicks to run the file... but that also is inside the admin panel where only users can access (me being the only user).

So something is getting past your security and running the script then. Have you tried updating the script to build some security into the script itself - like making sure it can only be called from the link you expect it to be called from.

I have implemented a few ideas, none worked. I have not written anything that would tell it what link it should run from. do you have any examples where I can see a function like that or some way to implement that?

Maybe it's not a problem but in your Delete query you don't specify what to delete. It says DELETE FROM etc

Maybe it's not a problem but in your Delete query you don't specify what to delete. It says DELETE FROM etc

It is DELETING what was previously selected. The href that sends to this page is carrying a variable for the ID that matches the content to be deleted. It first selects the small_file and large_file from gallery where id=$id. Then it deletes that specific ID only... so one click = one ID = one row deleted. and there is certain content that is contained in the table that is not accessible to the user to click and delete.... but because it is in the same table and COULD be deleted with this script, it gets deleted as well. So that tells me that the script was run without a user clicking it. It is if it got all the ID's and ran the script

No one has any more ideas? I am still having the issue and have not found a solution.

Have you tried commenting out the delete call and then leaving it long enough to see if that stops it from happening. That would at least confitrm whether it actually is that statement getting run to do all the deletes or not.

yes...when commented out everything is just fine. Only when function is present will this occur.