Website security... - Techwatch Support Forums: Digital & Satellite TV, FTA, Cable, Computers, Mobile Phones, Apple and General Tech Forums

PerryCox · 12-01-10, 06:02 PM

Twice now I've had my website "hacked" and had malicious scripts placed on the homepage. I'm quite sure my password is secure, so does anyone know how this is being done, and more importantly, what I can do to prevent it.

FYI, the first attack had a php script added to the root(?), the second attack had a script placed at the bottom of the html on my homepage. I've got rid of any evidence as I just removed both bits of naughty code, rather than save them to see what they do.

TIA

PC

Shark. · 14-01-10, 01:00 AM

If your running a forum , there is a firewall you could put in place , but it would look less appealing to genuine members when they first go the homepage.

Shark.

PerryCox · 14-01-10, 09:44 AM

It's a commercial website (but not e-commerce, just business info). I've looked into it and there's a .htaccess blacklist I can put on (not exactly sure about how it works but it's supposed to be good).

Apparently access is gained by brute forcing the ftp password, so it's a combination of letters, numbers, capitals and punctuation now

The real damage is that the site gets listed by some security products as malicious

P3T3 · 12-04-10, 10:42 AM

Quote:

Originally Posted by PerryCox

It's a commercial website (but not e-commerce, just business info). I've looked into it and there's a .htaccess blacklist I can put on (not exactly sure about how it works but it's supposed to be good).

Apparently access is gained by brute forcing the ftp password, so it's a combination of letters, numbers, capitals and punctuation now

The real damage is that the site gets listed by some security products as malicious

If they are brute forcing your pword mix it with higher lower case and SIMBULS as usaly when brutforcing it wont use simbuls as well as letters and numbers you should be ok.

welshy9 · 13-04-10, 11:29 PM

they might have got into the acual server your sites hosted on and affected it that way ,

if your site got hacked , the server your using isnt setup right or secured enoughf ,

i got a server and do hosting and all the sites i host has never been hacked , had a few attempts but the server security and the anti ddos stoped it all

if you need any more help m8 give me a pm or add me on msn

admin@offshoreguy.co.uk

andybr1ggs · 16-04-10, 12:50 PM

Quote:

Originally Posted by welshy9

they might have got into the acual server your sites hosted on and affected it that way ,

if your site got hacked , the server your using isnt setup right or secured enoughf ,

i got a server and do hosting and all the sites i host has never been hacked , had a few attempts but the server security and the anti ddos stoped it all

if you need any more help m8 give me a pm or add me on msn

admin@offshoreguy.co.uk

welshy how much is your hosting ? I am currently with siteground looking to transfer my domain to another host, if the price is right.

welshy9 · 18-04-10, 12:08 AM

ive just added you on msn m8 ,

i charge £2 pcm i cant offer unlimited but can sort a good deal for you ,

servers in netherlands so no worrys with any DMCA

12-01-10, 06:02 PM	#1 (permalink)
PerryCox 28:2e:29:28:2e:29 Join Date: Mar 2009 Posts: 502 Thanks: 111 Thanked 202 Times in 139 Posts	Website security... Twice now I've had my website "hacked" and had malicious scripts placed on the homepage. I'm quite sure my password is secure, so does anyone know how this is being done, and more importantly, what I can do to prevent it. FYI, the first attack had a php script added to the root(?), the second attack had a script placed at the bottom of the html on my homepage. I've got rid of any evidence as I just removed both bits of naughty code, rather than save them to see what they do. TIA PC

14-01-10, 01:00 AM	#2 (permalink)
Shark. Senior Member Join Date: Dec 2009 Posts: 410 Thanks: 43 Thanked 90 Times in 73 Posts	Re: Website security... If your running a forum , there is a firewall you could put in place , but it would look less appealing to genuine members when they first go the homepage. Shark.

14-01-10, 09:44 AM	#3 (permalink)
PerryCox 28:2e:29:28:2e:29 Join Date: Mar 2009 Posts: 502 Thanks: 111 Thanked 202 Times in 139 Posts	Re: Website security... It's a commercial website (but not e-commerce, just business info). I've looked into it and there's a .htaccess blacklist I can put on (not exactly sure about how it works but it's supposed to be good). Apparently access is gained by brute forcing the ftp password, so it's a combination of letters, numbers, capitals and punctuation now The real damage is that the site gets listed by some security products as malicious

13-04-10, 11:29 PM	#5 (permalink)
welshy9 Member Join Date: Mar 2010 Posts: 65 Thanks: 6 Thanked 12 Times in 4 Posts	Re: Website security... they might have got into the acual server your sites hosted on and affected it that way , if your site got hacked , the server your using isnt setup right or secured enoughf , i got a server and do hosting and all the sites i host has never been hacked , had a few attempts but the server security and the anti ddos stoped it all if you need any more help m8 give me a pm or add me on msn admin@offshoreguy.co.uk

18-04-10, 12:08 AM	#7 (permalink)
welshy9 Member Join Date: Mar 2010 Posts: 65 Thanks: 6 Thanked 12 Times in 4 Posts	Re: Website security... ive just added you on msn m8 , i charge £2 pcm i cant offer unlimited but can sort a good deal for you , servers in netherlands so no worrys with any DMCA

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Introducing The Brand New Eurovox Official Website	Zemme	Eurovox	12	20-08-09 05:25 PM
Security flaws emerge in VoIP	BGonaSTICK	PC Hardware	0	05-08-07 02:13 PM
Swedish file-sharing website plans to buy Sealand	Analoguesat	PC Hardware	6	27-01-07 06:47 PM
Vista "opens new dawn" for security	BGonaSTICK	PC Hardware	1	31-12-06 01:40 AM