danshaw — 2014-06-25T08:28:09-04:00 — #1
Hi all, I hope you can help.
This year two of my clients websites have been "hacked".
In the first case, keywords with links were inserted in amongst my clients real content across the whole site.
In the other case, an extra page was created which just had a load of nonsense, but amongst the nonsense were links to an external website
In both cases the inserted content was relating to watches/handbags. The two sites are with two completely different web hosting companies.
The first site was built with a custom php CMS, so I wondered whether somehow SQL injection was taking place (although some static html pages were affected also)
I wondered whether anyone could explain how this could happen, what should I be looking for etc?
In both cases I do not have FTP logins stored on my computer, so I cant see my system being the cause.
Many thanks in advance
wolfshade — 2014-06-25T08:49:15-04:00 — #2
Well, I think the most common way for this to happen is if there are any forms that allow users to input data. IF the data is not sanitized and/or if the query to insert said data is not parameterized, you're leaving yourself open to it. I believe PHP has built-in methods for "scraping out" HTML that allows them to insert links.
I'm not too familiar with cross-site scripting (XSS) attacks, but it would be a good idea to Google all you can about it.
There are other ways, but I don't want my boss giving me the hairy eyeball, so I gots to scoot. Hope this helps.
danshaw — 2014-06-25T13:26:22-04:00 — #3
Awesome, many thanks. I'll have a look into those 2 things initially
technobear — 2014-06-25T13:32:17-04:00 — #4
dheerajgulia — 2014-07-10T05:02:09-04:00 — #5
Change your password monthly and do not discuss your password to any person.
wolfshade — 2014-07-10T08:58:07-04:00 — #6
Additionally, make sure that all passwords are STRONG passwords. "password123" is not a strong password. Strong passwords are at least 10 characters long, and use a combination of special characters, numbers, and upper- and lower-case letters. Actually, it's usually easier to remember a pass phrase than a password. Examples (and don't use any of these, these are just for example):
! 1 <3 Pr0gr4mm1ng CoD3 %
vitinhgiahung — 2014-07-17T04:16:43-04:00 — #7
redhat01 — 2014-07-19T17:09:31-04:00 — #8
That is paranoia
- scan your systems for viruses and malware
- change your ftp passwords (use some strong passwords)
- remove any cracked / nulled software that you have
- secure your scripts
dklynn — 2014-07-20T20:53:03-04:00 — #9
An ounce of paranoia trumps many pounds of site rebuilding to remove hacking residuals (backdoors).
Of your list, you forgot to KEEP CMS APPS UP TO DATE and VALIDATE EVERY USER-SUPPLIED PIECE OF DATA.
wolfshade — 2014-07-21T08:52:34-04:00 — #10
That's not paranoia; that's attempting to be secure in a day and age of the internet where XSS and SQL-injection attacks (along with MITM and others) are more than just commonplace.
Study for a Security+ exam and you'll see.