Need some help

[boueboy]

some guy or girl or group hacked my webpage, replaced the index.html file with one they edited to say "You have been paid a visit by us... thanks lanley and ^Mo-Shiza^."

I assume that those at the end are nicknames from mirc.

How do i stop this, and how did they do it?

Seeing as im posting in the newbie section, this obviously means im a newbie, so step by step instructions on prevention and offensive routines please.

Thanks!

Jeff

[t2k2]

Maybe you could use a firewall if you don't already have one. I guess it depends on how they got in. Have you checked your logs to see if there's anything there? Maybe you could research some file integrity software just in case it happens again, but you should probably make sure you harden your box. Since I do not know what your current configuration (OS, webserver...) is, it would be hard for me to help too much. You could check into hardening your webserver on Google . We will help as much as possible though. One thing you will find here is that people like to see you do some legwork (no offense intended), but you can definitely find help.

[Infiltrator]

The first question is: Where is your web site? Is it hosted at your ISP or are you running your own web server?
First, let’s assume your web site is hosted at your ISP. Contact the ISP and let them know what has happened. Give them a little time to figure out what has occurred and then ask them what they have done to resolve this issue such that it won’t happen the same way again.
Now, let’s assume you are running your own web server. In order for use to steer you in the right direction, we need some basic information. What OS are you running? What web server application (Apache, IIS) Version numbers will also help.

[Sgt_B]

Are you hosting your web page on a home network with a cable/dsl connection? If so then you need to set up a firewall on to block all unwanted access, and you must harden your webserver with necessary patches.

There are quite a few resources here, and you should do a search for things like firewalls, and web server security. You'll find this place to be a wealth of information.

As for your web server itself...I'd take it down right now, read everything you can on this board, then rebuild your webserver properly.

Check out the Tutorial Forums . They're a great place for "how-to's".

If you're not hosting this site on a home network, then you need to contact the people that are hosintg your site, and complain!

Hope this helps!

[prodikal]

eh could you give more detalils like is the server that got compromised your own server or a company owned server like geocities ? if it is your own look for which patches are available for like Apache if thats what your running that should stop kiddies defacing your site REMEMBER always patch your network when patches are available

EDIT 3 people posted at the same time :-/ bleh

[imported_Tek Weasel]

I would suggest reading step by step tutorials that are published. To do so, go to your favorite web search engine and enter "Preventing Web Site Defacements" and I'm sure you can find a number fo step by step tutorials. I would also like to suggest the SAN's publication which I have attached. Hope it helps.

[boueboy]

sorry bout that

FreeBSD 4.2
Apache 1.3.5 (I think thats the correct ver. #)
Tiny Personal Firewall (Re-Coded to work on FBSD)
Zone Alarm Pro (Re-Coded)

Ive allowed access to ports 80-81 for public
and port 22 (Secure FTP) for local internet trafic (People on my LAN)

Theres only 2 people on my lan, me and other family, and the others
dont know how to operate a keyboard (even a newer newbie than me)

Any other questions, post em and ill reply

[Sgt_B]

Is you OS up to date with patches?
FreeBSD.org
(4.62 is the current release right now, you might want to think about installing that)

How about your http server? Is that up to date as well?
Apache.org
(2.0.40 is the latest right now.)

Disable all unneccessary services/daemons on your server!!! This closes the door for vulnerablilites if they exist for that service.
Keep your machines patched!!! This prevents your machine from being an easy target for script kiddies.

My suggestion....rebuild your webserver with the newest FreeBSD, and then install the newest Apache, and make sure all pertinent updates are applied.

Good luck!