Chief Delphi
Page 2 of 2 < 1 2
Show 100 post(s) from this thread on one page

Chief Delphi (http://www.chiefdelphi.com/forums/index.php)
-   Website Design/Showcase (http://www.chiefdelphi.com/forums/forumdisplay.php?f=64)
-   -   Website Hacking Problems (http://www.chiefdelphi.com/forums/showthread.php?t=57894)

DonRotolo 14-06-2007 18:02
Re: Website Hacking Problems
 
[Offtopic]Jimi Hendrix said "If a six truned into nine, I won't mind", but it appears the nine turned into a six. Wonder what he's say about that...

Anyway, the PI-O-Neers just love it...[/Offtopic]

I just uploaded a white paper on Password Security, this will help people create (and remember!) very strong passwords for multiple sites. Enjoy.

Don

TheOtherGuy 15-06-2007 02:23
Re: Website Hacking Problems
 
1 Attachment(s)
Quote:
Originally Posted by artdutra04 (Post 631728)
Check the file/folder permissions of the root directory. If it's are listed as 777, this is a security problem. Change (chmod) them to 770 or 755. You can create subfolders with a chmod setting of 777, but only do so where your scripts actually need file creation/deletion/alteration permissions. If all you have in a directory is static HTML files that you alter via FTP, lock down the file permissions for that directory.
I take it you mean it is very bad if our httpdocs folder is set to 777? I'm sorry I don't know more about this kinda stuff, so thanks for any help you can give us!

[EDIT] I chmod(ed) it to 755

artdutra04 15-06-2007 10:57
Re: Website Hacking Problems
 
Quote:
Originally Posted by TheOtherGuy (Post 631822)
I take it you mean it is very bad if our httpdocs folder is set to 777? I'm sorry I don't know more about this kinda stuff, so thanks for any help you can give us!

[EDIT] I chmod(ed) it to 755
If the root directory of your website is chmod'd to 777, and you are hosting your website on a shared server, it's possible that you could be compromising the security of your website. This could allow changes to be made to the root directory of your website, which is bad. So changing the permissions to 755 for the root directory is a good idea.

Basically, when a folder is chmod'd to 777, it means anyone can read, execute, or write files to that directory. The order of the numbers means [Owner] [Group] [User], each with a value from 0-7. Since we certainly don't want anonymous users being able to write files to the directory, we change the Group and User values to a lower value, which allow them to read and execute, but not write to that directory. Hence, we get a more secure file permissions value of 755.

GRaduns340 15-06-2007 10:58
Re: Website Hacking Problems
 
I didn't actually see what your problem was, but our site was recently hacked as well. It's been running on a CMS for ease of transfer to the next webmaster, so at first I assumed that either that or the forum was the loophole and that I would go about trying to find that. I later discovered, after talking with our private host, that it was a root access hack, and that all sites on the server had been hacked through the server's root user. We got hit pretty hard, as ALL web-based files (PHP, HTML, HTM...) were overwritten by copies that contained a meta refresh, redirecting our site to some foreign forum. I still can't delete some of them because of ownership and permission changes that were also made, but if that's what you're dealing with, you'll have to go through your host if you actually want to correct it.

TheOtherGuy 15-06-2007 11:29
Re: Website Hacking Problems
 
Quote:
Originally Posted by artdutra04 (Post 631847)
If the root directory of your website is chmod'd to 777, and you are hosting your website on a shared server, it's possible that you could be compromising the security of your website. This could allow changes to be made to the root directory of your website, which is bad. So changing the permissions to 755 for the root directory is a good idea.

Basically, when a folder is chmod'd to 777, it means anyone can read, execute, or write files to that directory. The order of the numbers means [Owner] [Group] [User], each with a value from 0-7. Since we certainly don't want anonymous users being able to write files to the directory, we change the Group and User values to a lower value, which allow them to read and execute, but not write to that directory. Hence, we get a more secure file permissions value of 755.
Ok, thanks! I'm pretty sure the folder was set to 755 before the hacking started, so they probably got in through a security loophole in one of the older forums (I made several because I was new to this stuff)

Now we just have to wait and see if it gets hacked again....

artdutra04 15-06-2007 11:40
Re: Website Hacking Problems
 
Quote:
Originally Posted by GRaduns340 (Post 631848)
I didn't actually see what your problem was, but our site was recently hacked as well. It's been running on a CMS for ease of transfer to the next webmaster, so at first I assumed that either that or the forum was the loophole and that I would go about trying to find that. I later discovered, after talking with our private host, that it was a root access hack, and that all sites on the server had been hacked through the server's root user. We got hit pretty hard, as ALL web-based files (PHP, HTML, HTM...) were overwritten by copies that contained a meta refresh, redirecting our site to some foreign forum. I still can't delete some of them because of ownership and permission changes that were also made, but if that's what you're dealing with, you'll have to go through your host if you actually want to correct it.
It sounds like they used an automated script to infect all your files; as such the changes in permissions might have been set to only PHP's "nobody" user. (Which would restrict access to such files to PHP scripts alone.) See if you can use PHP to do a site-wide crawl, read every .html, .htm, or .php file, str_replace() the "<meta refresh..."> crap with NULL or an empty character set "", save the files again, and then chmod everything to the permissions it should be set at.

EDIT: Basically, this is the exact reverse of their automated script. ;)

GRaduns340 15-06-2007 12:19
Re: Website Hacking Problems
 
That's exactly what they did, and I could run through that, but I'm working with our host, and he's told me he will reset ownership for us. As it is, I can overwrite everything they did, I just need a couple thigns deleted that I don't have originals to overwrite with. It's not a big deal any more, just that at some point between now and next season it will be good for whoever takes over as webmaster for our team to have the right ownership.

slade24 15-06-2007 15:09
Re: Website Hacking Problems
 
You might want to further go through and patch any security holes in scripts that you hand-wrote. Make sure nothing allows a user to inject headers (for example, in a email sender) or upload files with filetypes other than specific ones (ie: allow jpg, prevent .php or .asp or whatever).

If you are running on Apache (your gallery uses php files, so I will assume this is true), you can also use .htaccess files to block IP addresses of known offenders. A nice look at .htaccess can be found here -- they're quite useful for many things.

Also, I don't know if anyone told you otherwise, but your site is built using tables. There's nothing wrong with that, but if you are hoping to grow as a web developer, look into learning CSS and using it for layout as well as style. Alistapart.com (A List Apart) is a pretty amazing site for web design concepts in general. The table vs. CSS debate can be found here.


All times are GMT -5. The time now is 01:31.
Page 2 of 2 < 1 2
Show 100 post(s) from this thread on one page

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright © Chief Delphi