June 6th, 2002, 01:40 AM
I Need Info
my web site got hacked sometime today and the person like defaced it! I am changing it back..but how can i prevent someone from doing this...or how did they even get my password? This makes me mad1
June 6th, 2002, 01:44 AM
Heh, nice try on the social engineering ... no one will tell you how, and anyways, if u hate the hacker who screwed ur site, y would u want to know how to too??
June 6th, 2002, 01:44 AM
Maybe this did happen, but plz answer y ur even asking how ?
June 6th, 2002, 01:50 AM
Well, you didn't give enough info for us to go on, but you also have to consider the possibility that they didn't get your password at all. Perhaps they overflowed a buffer, or used a vulnerable cgi script. Without more info, it's gonna be tough for us to answer your questions.
June 6th, 2002, 01:51 AM
i asked how because i want to know how i can prevent
how can i prevent them from gettin my password?
June 6th, 2002, 01:58 AM
k ... then dont talk about HOW they did ... like i just learned, this is a security site ....
June 6th, 2002, 02:02 AM
sloppyjoe, You would need to provide more info on what happened. Do you run your own server or is it an account on another server. Any other info would be helpful.
June 6th, 2002, 02:07 AM
Making sure you keep your web sever all patched up would be a good start. Lots of web page defacements are done using old exploits on unpatched servers. Then thereís the issue of what services your running and what ports are open. But like str34m3r said youíre not giving us much to work with.
How about telling us a few things about your web site. Is it even on your server? Or is it on Geocities or some other hosting service. If its hosted on a well known service with a good security record then the chances are that some on hacked into your personal computer and stole the password from there.
A few helpful tidbits of information would be
What os youíre running
What are you using to display the web page apache/ISS ..ect
What ports are open?
What services your running?
Its not software piracy. Iím just making multiple off site backups.
June 6th, 2002, 02:16 AM
the domain im using is angelfire
June 6th, 2002, 02:29 AM
Ah, then it would be simple for someone on the same network as you or between you and the server to sniff your password as it goes by on the wire. The only real way to avoid having your password sniffed is to use some sort of encrypted means of authentication. For file transfer, there's sftp, though I doubt angelfire supports it. There may also be some way to upload files over HTTPS, which is probably more likely supported.