Announcement

Collapse
No announcement yet.

Hacked sites and Filezilla

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Dan
    replied
    That is correct Hexosphere. Cassie, WHUK servers are constantly optimized for the best security, hence why FP extensions were removed a while ago; even features which could even give a glimpse of a fail sign are likely to be removed. Nobody implied that it was indeed your fault, you should not take offense to something that hasn't been said.

    Bearing in mind that SQL injections, with forum software that is both in-dated and out-dated can easily be affected by this, mainly with the free forums. May I ask what website you are referring to?

    Leave a comment:


  • Hexosphere
    replied
    Originally posted by Cassie View Post
    After that post I spent days virus, malware, spyware etc. checking and found absolutely nothing on any of the 4 computers I use.

    All passwords are in my head - they are not saved in any FTP programmes, including frontpage, on any of my computers.

    Therefore the only logical weak link is potentially your servers and I take offence to to you implying it was my fault when it obviously wasn't.

    Hopefully this has given you a heads up to check your security.
    Without trying to get into a he said / she said type affair, it's all too easy to blame other people for things that have gone wrong.

    With the above in mind, the phrase 'the only logical weak link .....' can be a bad thing to jump into feet first, mainly because forum software (most software has flaws, it's just a case of finding them), can be very susceptible to hijacking of various kinds, the only way to stay ahead is to ensure that you are upto date with any maintenance patch releases from the vendor (this could be the forum software, a new version of php, or even a MySQL update that prevents injections), and if a hole has been found but no patch released, then turn it off until such time as a patch is released.

    From what I have read on this thread, no one implied, nor suggested that it was your fault. It was mainly an aim at a guideline for anyone that may stumble upon this thread in the future. Storing passwords is a bad thing on any machine, mainly due to an attacker only needing to gain access to 'that' machine in order to access others. The only thing that I have read on this thread, is helpful hints to people that may not be as savvy as say yourself, on what should / shouldn't be done.

    A good suggested read would be the hackers handbook, and teach yourself the same techniques that these people use to enter your site.
    Last edited by Hexosphere; 20-08-09, 10:19 PM.

    Leave a comment:


  • Cassie
    replied
    After that post I spent days virus, malware, spyware etc. checking and found absolutely nothing on any of the 4 computers I use.

    All passwords are in my head - they are not saved in any FTP programmes, including frontpage, on any of my computers.

    Therefore the only logical weak link is potentially your servers and I take offence to to you implying it was my fault when it obviously wasn't.

    Hopefully this has given you a heads up to check your security.

    Leave a comment:


  • Administrator
    replied
    Never ever save your FTP passwords in any of the FTP programs you use. Your website will get hacked if you save your FTP passwords in a FTP software on a windows machine. You won't loose your FTP information untill and unless you get some sort of Virus on your computer.

    If you are using Frontpage and if you create profile for auto-connect then your website will get hacked once your computer gets infected by a virus program.

    We have seen such thing happening with websites of many customers and there's nothing much we can do to help them. If a hacker gets connected to your FTP account in one go then there's no way our server can stop the hacker from defacing your website.

    Leave a comment:


  • black-dog
    replied
    Originally posted by Dan View Post
    Please keep the hastiness to a minimum.
    And don't be hasty in being nasty...

    Leave a comment:


  • Dan
    replied
    Please keep the hastiness to a minimum.

    Leave a comment:


  • Cassie
    replied
    I only said about the forum because one of the posts said NO forums had been affected.

    I don't need your pity - I have since found out it was nothing to do with Frontpage.

    Martin said he had fixed the site but when I checked there was still 2 directories in there that had the hackers information in it. They have now been deleted properly.

    All passwords were strong but have been changed to be stronger.

    Leave a comment:


  • black-dog
    replied
    Originally posted by Cassie View Post
    Sorry to jump in on this thread but just thought I would say that my forum was hacked but don't know if it is on the same server as you. So forums have been hacked.
    This isn't anything to do with forums. In fact there isn't a forum on the site.

    Originally posted by Cassie View Post
    He said it was something about permissions but I don't understand those. He said he had fixed them too but guess I will only know if they are right if I get hacked again or I can't get on my site.
    Permissions being set correctly won't help if someone can use ftp, as in my case.

    Originally posted by Cassie View Post
    I use frontpage because I am not a qualified webdesigners - I am just a crafter with a website. I don't understand all the bits I just use them. I would have hoped that the hosting here was secure enough for this not to happen - obviously not.

    Can anyone explain further what has happened?
    There are known security issues with FrontPage and I have told my client this on many occasions. And M$, bless their little cotton socks, have dumped it. What does that tell you?

    If you are on a Windows server you should be ok for a while. If on Linux you'll have to accept that you use FP at your own risk.



    Yes I feel sorry for people like you and my client who have invested time and money in this product but perhaps this will give you some idea why M$ is despised by so many people.

    Leave a comment:


  • Cassie
    replied
    Sorry to jump in on this thread but just thought I would say that my forum was hacked but don't know if it is on the same server as you. So forums have been hacked.

    Chat apparently sorted it last night (thanks Martin) by rolling to a backup but I have not had chance to check anything yet.

    He said it was something about permissions but I don't understand those. He said he had fixed them too but guess I will only know if they are right if I get hacked again or I can't get on my site.

    I use frontpage because I am not a qualified webdesigners - I am just a crafter with a website. I don't understand all the bits I just use them. I would have hoped that the hosting here was secure enough for this not to happen - obviously not.

    Can anyone explain further what has happened?

    Leave a comment:


  • MrTWS
    replied
    Fair enough black-dog as I say if you want a hand (even though I'm not that smart) I'll be happy to do that. Good luck with the issue though and I hope you did not take umbrage at me suggesting it was an error on your part - only a possibility as I know too I've made errors too myself and it is not till someone points it out, that you even realise there is a problem

    Best wishes
    MrTWS

    Leave a comment:


  • black-dog
    replied
    Originally posted by MrTWS View Post
    I hope you don't mind me saying then (and please excuse me for saying) but if your scripting is flawed or leaves vulnerabilities then that might be the problem. I only say that because some sites that get "hacked" do so through some weak scripts or insecure programming

    Obviously not being a hacker myself I don't know how these loopholes work, but I know they must exist if someone or some people have broken your sites. Check all your scripting again and make sure that everything is airtight. If you want to PM me some details - like the site name, or what scripting you have done, I can run through it with you too (a fresh pair of eyes can help)
    I don't think the problem lies with my scripting though thanks for the offer of help. The site in question has an online registration system and a number of submission forms. There will eventually be an upload facility (always a problem area) but that is not in place yet. I'm more inclined to believe that this is another Front Page exploit.

    Leave a comment:


  • MrTWS
    replied
    I hope you don't mind me saying then (and please excuse me for saying) but if your scripting is flawed or leaves vulnerabilities then that might be the problem. I only say that because some sites that get "hacked" do so through some weak scripts or insecure programming

    Obviously not being a hacker myself I don't know how these loopholes work, but I know they must exist if someone or some people have broken your sites. Check all your scripting again and make sure that everything is airtight. If you want to PM me some details - like the site name, or what scripting you have done, I can run through it with you too (a fresh pair of eyes can help)

    Leave a comment:


  • black-dog
    replied
    Originally posted by MrTWS View Post
    And does it use a database or a forum software, or some other method of user input?

    A number of sites on the same VPS were affected. No forums, but some scripting (written by me)

    Leave a comment:


  • MrTWS
    replied
    Originally posted by black-dog View Post
    In this case, seeded with a load of hidden links
    And does it use a database or a forum software, or some other method of user input?

    Leave a comment:


  • Dan
    replied
    Well in my opinion, the two FTP programs that come preinstalled with cPanel are more likely to have flaws than Filezilla.

    I'm not sure where Alan got his sources from?

    Leave a comment:

Working...
X