Need some help
Results 1 to 8 of 8

Thread: Need some help

  1. #1
    Junior Member
    Join Date
    Aug 2002
    Posts
    2

    Need some help

    some guy or girl or group hacked my webpage, replaced the index.html file with one they edited to say "You have been paid a visit by us... thanks lanley and ^Mo-Shiza^."

    I assume that those at the end are nicknames from mirc.

    How do i stop this, and how did they do it?

    Seeing as im posting in the newbie section, this obviously means im a newbie, so step by step instructions on prevention and offensive routines please.

    Thanks!

    Jeff

  2. #2
    Senior Member
    Join Date
    Aug 2002
    Posts
    651

    Web Page Hacked

    Maybe you could use a firewall if you don't already have one. I guess it depends on how they got in. Have you checked your logs to see if there's anything there? Maybe you could research some file integrity software just in case it happens again, but you should probably make sure you harden your box. Since I do not know what your current configuration (OS, webserver...) is, it would be hard for me to help too much. You could check into hardening your webserver on Google . We will help as much as possible though. One thing you will find here is that people like to see you do some legwork (no offense intended), but you can definitely find help.

  3. #3
    The first question is: Where is your web site? Is it hosted at your ISP or are you running your own web server?
    First, letís assume your web site is hosted at your ISP. Contact the ISP and let them know what has happened. Give them a little time to figure out what has occurred and then ask them what they have done to resolve this issue such that it wonít happen the same way again.
    Now, letís assume you are running your own web server. In order for use to steer you in the right direction, we need some basic information. What OS are you running? What web server application (Apache, IIS) Version numbers will also help.

  4. #4
    Senior Member
    Join Date
    Feb 2002
    Posts
    177
    Are you hosting your web page on a home network with a cable/dsl connection? If so then you need to set up a firewall on to block all unwanted access, and you must harden your webserver with necessary patches.

    There are quite a few resources here, and you should do a search for things like firewalls, and web server security. You'll find this place to be a wealth of information.

    As for your web server itself...I'd take it down right now, read everything you can on this board, then rebuild your webserver properly.

    Check out the Tutorial Forums . They're a great place for "how-to's".

    If you're not hosting this site on a home network, then you need to contact the people that are hosintg your site, and complain!

    Hope this helps!

  5. #5
    Senior Member
    Join Date
    Apr 2002
    Posts
    1,050
    eh could you give more detalils like is the server that got compromised your own server or a company owned server like geocities ? if it is your own look for which patches are available for like Apache if thats what your running that should stop kiddies defacing your site REMEMBER always patch your network when patches are available

    EDIT 3 people posted at the same time :-/ bleh
    By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
    The 20th century pharoes have the slaves demanding work
    http://muaythaiscotland.com/

  6. #6

    SANS Preventing Web Site Defacements

    I would suggest reading step by step tutorials that are published. To do so, go to your favorite web search engine and enter "Preventing Web Site Defacements" and I'm sure you can find a number fo step by step tutorials. I would also like to suggest the SAN's publication which I have attached. Hope it helps.

  7. #7
    Junior Member
    Join Date
    Aug 2002
    Posts
    2
    sorry bout that

    FreeBSD 4.2
    Apache 1.3.5 (I think thats the correct ver. #)
    Tiny Personal Firewall (Re-Coded to work on FBSD)
    Zone Alarm Pro (Re-Coded)

    Ive allowed access to ports 80-81 for public
    and port 22 (Secure FTP) for local internet trafic (People on my LAN)

    Theres only 2 people on my lan, me and other family, and the others
    dont know how to operate a keyboard (even a newer newbie than me)

    Any other questions, post em and ill reply
    irc.corecontrol.net
    MSG Duffman (Thats Me) for Info!

  8. #8
    Senior Member
    Join Date
    Feb 2002
    Posts
    177
    Is you OS up to date with patches?
    FreeBSD.org
    (4.62 is the current release right now, you might want to think about installing that)

    How about your http server? Is that up to date as well?
    Apache.org
    (2.0.40 is the latest right now.)

    Disable all unneccessary services/daemons on your server!!! This closes the door for vulnerablilites if they exist for that service.
    Keep your machines patched!!! This prevents your machine from being an easy target for script kiddies.

    My suggestion....rebuild your webserver with the newest FreeBSD, and then install the newest Apache, and make sure all pertinent updates are applied.

    Good luck!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •