June 4th, 2003, 11:01 AM
I see know now, well the answer would depend on how the site was hacked and the kind of site.
If it is a defacement then it will just look different with things people have already suggested.
However, if you are running a full web application ie with customers, database in the back end. It would be impossible to tell via the browser if the data of your customers has been exposed to a hacker/cracker (what ever the correct term is, you get my point). Depending how this was achived would depend on where the attack might show up, determining this kind of attack via the web logs or data base logs in some situations will also be near impossible aswell.
It would be possible to tell if the site has been attacked with a XSS vulnerability, but by veiwing the page with the malius code on you have just become a victum your self.
So sum that up, it would bepend on the kind of attack (and theres lots of them) to weather or not one could tell via the browser if you have been hacked.
I\'m a SittingDuck, but the question is \"Is your web app a Sitting Duck?\"
June 4th, 2003, 11:14 AM
The information that could be got if you run a google on the Hande of the script kidde (it would have to be a very stupid kidde for this to work but it has worked for me in the past) you could get their website or other boxes (through a defacment archive i know packetstorm used to do one but i dont think its up know) they have compermised and then you could work together with these sys admins to prove who dunnit.
As i said the script kidde must be real stupid for this to work
June 4th, 2003, 12:50 PM
Thanks a lot sittingduck
and thanks to you all.
The more one comes to know a man the more one admires a dog.
June 4th, 2003, 09:31 PM
Any code which will be able to change in the registry like yr home page, owner info,default search page etc, would be called Hacking a web browser or even any msg @ title, logo ect.
Trojans are power full to do like this and many more.
If a persone like me has access to yr sys, can do it mannualy using regedit.
This is the only way to be notice w.r.t a web browser(up to my knowledge)
I personaly had this problem.
If it is trojan then it can sed yr vital info to the hacker.
(-:IF U R A HACKER TRY TO BE ON POINT,IT SAVES TIME:-)
June 5th, 2003, 05:16 AM
The first things I would look for if I were in that situation would be obvious things like general defacinging like vercitti said. After that i would check to see if any links on the page were changed, or if there are any scripts that start to run when the page loads. I would also save the page so you have evidence if you find that you were hacked and decided to press charges. Then If you know you were hacked look for Identifying features like names, symbols, phrases, etc.. this can help in the identification of the hacker. Also look at the server logs for that web page. If you are head of security you shoudl have full access tot hose files. I think this might be part of the answer your looking for, so I tryed. gl finding the rest of it.
June 5th, 2003, 06:52 AM
my two cents
Well, if it was an effective hack, you wouldn't be able to tell unless the hacker wanted you to know. If he/she wanted you to know, you'd most certainly find out. Sounds simple, but, honestly, the question is still a bit general. If it were posed to you, it was most likely in an effort to generate a dialog between you and the prospective employer, giving you an opportunity to demonstrate your knowledge of hacks without the specific constraints of a "yes" or "no" answer. Employers in such a dynamic field often use these questions without a specifically "correct" answer. Any of the advice already given would probably be along the lines of what would be considered a "good" answer. Good luck in your interview.