      |
4 Notices
|
Windows > How to deal with and prevent website hacking - Web Africa > Support KnowledgeBase
KnowledgeBase
KB Home >
Windows
>
How to deal with and prevent website hacking
|
Problem/Summary Your website has been hacked; defaced or is displaying foreign content Symptoms Default Page Some of the most common defacements are as simple and often limited to the default document of a site being replaced. Often these pages will contain one or two lines of text and some times images. Example: "HACKED BY TURKISH HACKER ENO7" Images Replaced Almost as common as default page replacements, images are over written with a custom image normally containing text and occasionally a flash animation. Foreign Content Often the content of a site, most often text is replaced whilst the basic elements of the site remains intact. Recovery Default Page The first thing to do would be to establish if the hacker has replaced your default page (index.htm default.asp etc) with their own file or if the user has simply inserted a page that is being called before yours as a default document. 1) Firstly make a backup of the default document in question then upload a baked up copy of your default page and check that no other pages have been compromised. 2) Make sure that your default document is the first document served, is you are using index.html be sure that this is at the top of the default documents list. 3) Contact support and have the problem investigated. Foreign Content / Replaced Images Browse over your site to ascertain what content has been compromised and where is this contact stored, for example if you are using a CMS and all of the text has been replaced the two most common places to check would be the Database or the Administration interface for the CMS. 1) Again make a backup of any compromised files or Database"s and restore your backup files. 2) Change your database and Administrator passwords and confirm that there are no new admin users that have been created. 3) If using an upload script please confirm that the script does not allow uploading to directories other than the uploads directory. 4) Update any Third party script; Plugins or CMS systems being used. Exploits are commonly discovered in publicly available code. 5) Contact support and have the problem investigated. Prevention Passwords Never use weak passwords, steer clear of dictionary words. Try to use passwords that do not relate to you in any obvious way. See for further reading: http://security.fnal.gov/UserGuide/password.htm http://www.newsforge.com/software/03/02/26/1639212.shtml?tid=2 Frequent Updates If you are using a pre-built CMS such as Joomla; PHPnuke or DotNetNuke please be sure that you are always using the most up-to-date stable version. Make a habit of reading the security and news forums specific to the CMS you are using as patches and hotfix"s for exploits will be announced often long before your site is at risk. Third Party Script Before using and deploying third party scripts or application on your site check to see if there are any known security flaws or exploits. Make a habit of regularly checking to see if the script or application has been updated due to a security issue. Custom Scripts Should you be using your own scripts to preform functions such as upload file or insert and retrieve information from a database please be sure that you have sanitized your input fields. The recourse below deals with the most common web application attacks. http://searchappsecurity.techtarget.com/generic/0,295582,sid92_gci1157415,00.html In the case where you are using any form of sql back end it is vitally important that you understand how to harden your code against SQL injection. Please take a look at the links below which deal with preventing SQL injection: http://searchsqlserver.techtarget.com/tip/0,289483,sid87_gci1207766,00.html http://searchappsecurity.techtarget.com/tip/0,289483,sid92_gci1219890,00.html http://portal.acm.org/citation.cfm?id=1108496&dl=ACM&coll=&CFID=15151515&CFTOKEN=6184618 Backups Keep regular backups of all your files; databases and content, these can save you hours of trying to correct the damage that has been done. |
Mail |
Print| Additional Info |
 |
||||||||||||||||||||||||
|
|||||||||||||||||||||||||
WA acquires Frogfoot consumers
MailFire: Email Marketing Launched!
Hosting Overage Traffic Price Reduction
Webafrica is the TOP service provider in South Africa. I havent had a chance to test their customer service, because in an entire year I didn't have to contact them once! Everything just works, and it works properly.
- Nicolas BIschoff
- Nicolas BIschoff
