Hi,
Can anyone tell me,
how can I found by seeing my web browser
that my site is hacked?
Thanks
DarkNite
Printable View
Hi,
Can anyone tell me,
how can I found by seeing my web browser
that my site is hacked?
Thanks
DarkNite
look through your web server log. what kind of web server is it?
-w0rm3y
W0rm3Y,
I'm not talking about web server,
I'm talking about web browser.
Any idea??
Darknite i dont understand your question please could you give more information on what you are trying to do and ill try to help you
With this little info, I'll do my best..
If there's a big pink fluffy bunny on your site..
If th3r3'5 w0rd5 l1k3 th1s 0n y0ur s1t3..
If there's anti israel adds (all of sudden)..
If the site states CHINA RULEZ..
then you know you are hacked..
Why do you think that your webbrowser is being hacked?
Why should anyone do this?
are you talking about web browser hijacking? Are you getting random pop-ups, strange search results and other strange things while you are browsing. If so try running somthing like Ad-aware
SittingDuck
Another indication that your web-browser has been hacked is if you read:
"Owned by <<UBerlamer name here<<. Admin patch your box"
"Greetz:<<other uberlamers' names here<<"
"contact :[email protected]"
LOL
Peace
And while you're at it run Swatit (which is a trojan and bot remover) and an antivirus proggy.Quote:
Originally posted here by SittingDuck
are you talking about web browser hijacking? Are you getting random pop-ups, strange search results and other strange things while you are browsing. If so try running somthing like Ad-aware
SittingDuck
Hi all,
I think my question is a bit unclear.
I've not caught in such a situation.
This is a scenarion which was asked to me in
a recent interivew.
Scenario is like this,
Suppose I'm the owner/ security head of a company.
My company has its website.
One fine day it would be hacked.
I come in the morning open the website in a browser.
How can I know by seeing the site that it is hacked
and what information/ details can I get about that hacking
from the browser.
Actually, I'm very new to these things.
So can anybody help me in getting the answer.
Thanks
Darknite
I see know now, well the answer would depend on how the site was hacked and the kind of site.
If it is a defacement then it will just look different with things people have already suggested.
However, if you are running a full web application ie with customers, database in the back end. It would be impossible to tell via the browser if the data of your customers has been exposed to a hacker/cracker (what ever the correct term is, you get my point). Depending how this was achived would depend on where the attack might show up, determining this kind of attack via the web logs or data base logs in some situations will also be near impossible aswell.
It would be possible to tell if the site has been attacked with a XSS vulnerability, but by veiwing the page with the malius code on you have just become a victum your self.
So sum that up, it would bepend on the kind of attack (and theres lots of them) to weather or not one could tell via the browser if you have been hacked.
SittingDuck
The information that could be got if you run a google on the Hande of the script kidde (it would have to be a very stupid kidde for this to work but it has worked for me in the past) you could get their website or other boxes (through a defacment archive i know packetstorm used to do one but i dont think its up know) they have compermised and then you could work together with these sys admins to prove who dunnit.
As i said the script kidde must be real stupid for this to work :)
Thanks a lot sittingduck
and thanks to you all.
Any code which will be able to change in the registry like yr home page, owner info,default search page etc, would be called Hacking a web browser or even any msg @ title, logo ect.
Trojans are power full to do like this and many more.
If a persone like me has access to yr sys, can do it mannualy using regedit.
This is the only way to be notice w.r.t a web browser(up to my knowledge)
I personaly had this problem.
If it is trojan then it can sed yr vital info to the hacker.
The first things I would look for if I were in that situation would be obvious things like general defacinging like vercitti said. After that i would check to see if any links on the page were changed, or if there are any scripts that start to run when the page loads. I would also save the page so you have evidence if you find that you were hacked and decided to press charges. Then If you know you were hacked look for Identifying features like names, symbols, phrases, etc.. this can help in the identification of the hacker. Also look at the server logs for that web page. If you are head of security you shoudl have full access tot hose files. I think this might be part of the answer your looking for, so I tryed. gl finding the rest of it.
Well, if it was an effective hack, you wouldn't be able to tell unless the hacker wanted you to know. If he/she wanted you to know, you'd most certainly find out. Sounds simple, but, honestly, the question is still a bit general. If it were posed to you, it was most likely in an effort to generate a dialog between you and the prospective employer, giving you an opportunity to demonstrate your knowledge of hacks without the specific constraints of a "yes" or "no" answer. Employers in such a dynamic field often use these questions without a specifically "correct" answer. Any of the advice already given would probably be along the lines of what would be considered a "good" answer. Good luck in your interview.
Corn