Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6

Thread: what do i do?

  1. #1
    Registered User
    Join Date
    Jun 2002
    Posts
    67
    Thanks
    0
    Thanked 0 Times in 0 Posts

    what do i do?

    This recently happened to FOUR of the websites I've designed in the past:

    http://www.recyob.org.uk/mypoorwebsite.gif

    Firstly, I can't believe someone would stoop so low as to deface what are basically small town businesses - one's an almost charity who sells kiddy videos, one is my father's who admittedly is a nuclear health and safety engineer and has worked forthe MOD but who just consults to Boeing now, one is a local butcher site selling products online and the other one is a completely charitible Ollerton Village based website who focuses on recycling and litter picks! Hardly hacking into Microsoft or the BBC site! After realizing this had happened, I got this email from the host:


    "We are aware that some of our customers are experiencing website defacements, this normally happens if a hacker has guessed your password or obtained access through a vulnerable script on your website.

    To prevent this happening in future please remove any installation scripts (example: install.cgi) from your website and change your password to something hard to guess. Also password protect any folders that contain pages that can easily be hacked.

    If your website has been defaced please let us know by sending request to 'support' and we will try and restore your website from backup and change your password to prevent further access to hackers.

    Best regards,

    IT Manager: James Innes."

    OK, so this is fixable, the sites will get restored and everything will be checked script-wise and passwords make more uguessable.... but what do i do?

    I'm very angry that these people have targeted some small town, fairly insignificant websites to deface, but what do i do? I realise that hacking etc. is against UK law, but since it's such a rural area if I go to the local police station (ten milesaway and I don't drive... and everyone knows what British public transport is like) they'll stare like yokels and ask what the " 'eel a wib-sight is, me duck" and it will be a waste of time. I know this for a fact before I even go there.

    So, do i sit back seething with anger at these morons and let it pass, resigned... or do I try and struggle against the local illiterate in-bred police officers who are more used to dealing with conventional house break-ins etc.... (yes, I was born here but it is true there has been one murder and two rapes in the past eighteen years... hardly your experienced officers here...)

    Has anyone else had this sort of situation before? What happened? What did you do? (I obviously have to do SOMETHING because these businesses websites are still offline and people are asking questions?....)

    *upset*

    Sarah.

  • #2
    Regular Coder
    Join Date
    Jun 2002
    Location
    UK
    Posts
    577
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Do you use an adminstration panel CMS (content management system) to update your sites?

    ie - can you yourself change your homepage without using ftp, by just logging into a webpage and filling out a form?

    If you cannot - then the cracker must have entered your site through ftp / socket programming / server cracking - for which the onus lies on your host and not you.

    What got me very suspicious is your hosts mail saying other sites they host had also been hacked - the likelihood of one host having many sites all with hackable scripts building their content is so remote as to be daft - the likelihood of a cracker breaking onto a server as root and then defacing multiple sites is much more likely (tricky to do if the host has competent security measures - much more likely in the circumstances though)

    Personally I'd query your host first...

    We are aware that some of our customers are experiencing website defacements, this normally happens if a hacker has guessed your password or obtained access through a vulnerable script on your website.
    that just stinks of trying to pass the blame.
    Ökii - formerly pootergeist
    teckis - take your time and it'll save you time.

  • #3
    Registered User
    Join Date
    Jun 2002
    Posts
    67
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I understand and the logic of your reply seems sound... btw, I both use a control panel which you must log into from the host's site AND FTP...

    I've since noticed there was a further announcement the day before saying that server 2 was being replaced and that the websites would bee offline for a couple of hours... the websites were never online again until these idiots' sites were displayed... and now it says "We apologise for the problems that this hacker caused and we have since tightened security to prevent further compromise of server 2." .. suggests that the hackers did their stunt when it was being configured???

    oh i can't believe what horrible people there are out there... until this moment i was neither for nor against (there are toomany arguments either way) the whole iraq thing.... but these people aren't putting their side of the argument in a very nice light for me... i certainly won't listen to these people using these means of getting support.... hah! quite the contrary...

  • #4
    Senior Coder
    Join Date
    Aug 2002
    Location
    A 4D universe
    Posts
    1,337
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Just ignore it now, usually crackers only strike one site once, and never again. It is pretty rare too to even know about a site that was cracked.

    If you always have ftp access, it shouldn't really be a problem restoring the files, fingers crossed.

    Like you say, there are a lot of muppets out there who do that kind of thing, but it tends to be 12 year olds who have just realized that there is such a thing as cracking - not hacking it is completely different.

    Edit: There is not much that you can do, even the almighty Yahoo! has been cracked, as has TheTimes.com and CNN.com.


    Best wishes, and luck.


    Last edited by ionsurge; 04-19-2003 at 01:48 PM.
    http://www.mudsplat.com - Web design, print, and marketing solutions.

  • #5
    Senior Coder
    Join Date
    Jun 2002
    Location
    ColoRockyz
    Posts
    1,646
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Even Microsoft was cracked and defaced...
    Zoobie or not Zoobie...That is the problem.
    <body onUnload="flush( ! )">

  • #6
    Supreme Overlord Spookster's Avatar
    Join Date
    May 2002
    Location
    Marion, IA USA
    Posts
    6,280
    Thanks
    4
    Thanked 83 Times in 82 Posts
    Originally posted by Ökii
    the likelihood of one host having many sites all with hackable scripts building their content is so remote as to be daft -
    Not necessarily. Many hosts these days offer cpanel (which can contain bugs/security holes) or other web based control panels to their clients. Many hosts also like to offer ready made guestbook, merchant storefront, counters, and various other kinds of scripts to their clients. If one of those scripts has a security hole and several people on those servers decide to use that script then that can explain why several sites on one server got hacked.

    My host had the same predicament, the guestbook script I believe it was that they had available for people to use had a security hole in it allowing crackers to get into each account and deface the index page of the sites.
    Spookster
    CodingForums Supreme Overlord
    All Hail Spookster


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •