Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Website injection attack


  • Please log in to reply
10 replies to this topic

#1 wnccomp

wnccomp

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 20 July 2009 - 05:25 AM

I currently host 4 websites on one hosting server via GoDaddy. There are 3 sites that were built in html through Adobe GoLive. These are fairly simple websites. The fourth site was created in Wordpress. A few days after I began building the Wordpress site, I started having a lot of problems. Found an injection attack of iframe with a link to a chinese website: liteautotop [dot] cn. I uninstalled and wiped that part clean and reinstalled, this time adding as many security measures I could find for Wordpress.

But somehow, the hacker was able to add the same iframe to the other 3 sites. This has led to a big warning page when trying to view these 3 sites. I went through and deleted all of the bad iframes I could find. I resubmitted each site to Google for review. I also opened a ticket via GoDaddy to ask for their help and advice.

What I would like to know is... how do I keep my site secure? Are there good free detailed website scanners? What steps should I take on a regular basis? Any help on this matter is greatly appreciated!

BC AdBot (Login to Remove)

 


#2 KonamiYoto

KonamiYoto

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:06 AM

Posted 29 July 2009 - 12:00 PM

Hello,

The best way to keep your website Secure:
  • Use a Firewall to Shield Your Network - This is perhaps the single most important step you can take to protect yourself against hackers. If you don't know what a firewall is, or if you don't know how to select and configure one, find someone who does. Many administrators keep their companies' Web servers separate from the rest of the network to provide extra protection against break-ins.
  • Require Good Passwords - As a rule, people shouldn't use dictionary words, names, or other personal data for their passwords — they're too easy for an intruder to guess.
  • Limit Server Access - Only people who really need it should have access to the server. Even then, carefully control each user's level of access. And make sure you delete inactive users as quickly as possible.
  • Turn off unused services on your Web server - Consider getting rid of FTP and any other services that might help an intruder break into your server. Also remove shells and interpreters you don't need and delete unnecessary directories. For example, if you don't run Perl-based CGI scripts, remove the Perl interpreter from your server.
  • Check your system and Web logs for suspicious activity - Programs such as Tripwire for Unix systems and Internet Security Scanner for Windows NT can monitor your log files and alert you to any unusual behavior. Unusual log file activity might be the first — and only — warning that an intruder is trying to break into your system.
  • Keep a complete backup of your Web site - And keep it on a separate, secure computer. If a vandal does manage to destroy or deface your Web site, you'll be able to get a backup version up and running more quickly.
Top 100 Network Security Tools.

Be very, very, very careful.

There is not much you can do except secure your files and change your passwords, and listen to the tips.


~Zane

Edited by KonamiYoto, 29 July 2009 - 04:08 PM.


#3 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:03:06 AM

Posted 29 July 2009 - 02:39 PM

@KonamiYoto, would you care to explain to wnccomp just exactly how to enable/administer a firewall on GoDaddy's servers? Also, please explain how to turn off services on GoDaddy's servers. Additionally, how you would go about installing TripWire (which is no longer called TripWire) or ISS on GoDaddy's servers? Finally, please explain what your '404' is, and how it is able to tell you that you were hacked?

Thanks.

#4 KonamiYoto

KonamiYoto

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:06 AM

Posted 29 July 2009 - 05:02 PM

I do believe it either already has a firewall or.. Control Panel> Administration> Settings ? And I'd assume it'd have an option to install certain Web Logs.

#5 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:03:06 AM

Posted 29 July 2009 - 05:33 PM

No. When you rent web space from GoDaddy, you will not have admin access to do any of that. They are responsible for securing their servers, not the person renting web space. There is no way that wnccomp is going to be able to install anything on their servers. You seemed to have missed that point in the first post. :thumbsup:

#6 KonamiYoto

KonamiYoto

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:06 AM

Posted 29 July 2009 - 06:35 PM

No. When you rent web space from GoDaddy, you will not have admin access to do any of that. They are responsible for securing their servers, not the person renting web space. There is no way that wnccomp is going to be able to install anything on their servers. You seemed to have missed that point in the first post. :thumbsup:


Ah, ah... My apologies, then.

#7 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:03:06 AM

Posted 29 July 2009 - 06:38 PM

Otherwise, it was great advice. :thumbsup:

#8 wnccomp

wnccomp
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 30 July 2009 - 01:40 PM

Thank you for the advice!! I'll see what GoDaddy says. They have a pretty good level of customer service, at least.

#9 KonamiYoto

KonamiYoto

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:06 AM

Posted 30 July 2009 - 06:42 PM

No problem. :thumbsup: Hope everything works out.

#10 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:04:06 AM

Posted 01 August 2009 - 05:43 AM

I would put my finger on Wordpress. Wordpress is known to have problems (getting hacked, script execution) if admin (thats you) doesnt configure it correctly.

You should read this :
http://codex.wordpress.org/Hardening_WordPress

#11 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:02:06 AM

Posted 01 August 2009 - 11:10 PM

I've noted a spike in the number of comprimised websites I run into lately. 7 time out of 10, the site is running Wordpress. Don't get me wrong, I like Wordpress and even use it myself, but its security record is not that good, IMHO.

Make sure that you always apply the latest patches to your installation.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users