SitePoint Sponsor

User Tag List

Results 1 to 12 of 12
  1. #1
    SitePoint Evangelist fs_tigre's Avatar
    Join Date
    Feb 2009
    Location
    Close to Chicago, Illinois
    Posts
    517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    What to do after your site has been hacked

    Hi,

    Today when I checked the site of one of my clients I noticed that it was hacked, a big note was on the index page, I changed the index page and changed the password to access the cpanel (server) and everything looks fine now but I started wondering what if they left some malicious scripts or some code in the server that Iím not seeing.

    What are the steps I should follow to make sure there is no malware in the server and to ensure the my files don't contain malicious code?

    Any good books on web security for future reference?

    Any suggestions?

    As always thanks a lot!
    Thank you very much!!!

  2. #2
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,097
    Mentioned
    448 Post(s)
    Tagged
    8 Thread(s)
    Hmm, good question. I would probably use Dreamweaver to compare the local and remote files. That would possibly indicate if there was anything on the server that I didn't expect to be there. [Replace Dreamweaver with whatever program you use to design and/or upload.]
    Facebook | Google+ | Twitter | Web Design Tips | Free Contact Form

    Forum Usage: Tips on posting code samples, images and more

    Forrest Gump: "IE is like a box of chocolates: you never know what you're gonna get."

  3. #3
    SitePoint Evangelist fs_tigre's Avatar
    Join Date
    Feb 2009
    Location
    Close to Chicago, Illinois
    Posts
    517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks a lot!
    Thank you very much!!!

  4. #4
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

  5. #5
    SitePoint Evangelist fs_tigre's Avatar
    Join Date
    Feb 2009
    Location
    Close to Chicago, Illinois
    Posts
    517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Wow! great info, thanks a lot.
    Thank you very much!!!

  6. #6
    SitePoint Enthusiast
    Join Date
    May 2010
    Posts
    25
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    First, I suggest checking all of the file and folder permissions. It's generally recommended that folders be set to nothing higher than 755 and files nothing higher than 644. We frequently see permissions modified after a website infection.

    Second, check all .php files for the following strings:

    touch
    chmod
    passthru
    system
    base64
    eval
    rot13
    gzinflate

    You can't just assume files with the above strings are bad, but those files should be investigated more thoroughly.

    Keep in mind that looking only at files with a recent datetime stamp is not very secure. Many of the backdoors we're seeing on infected websites have the ability to change/modify the datetime stamp of any file on the website. We've also been seeing backdoors that have valid comments in them. For instance, on one osCommerce based site, the backdoor had the exact same osCommerce comments/header as other valid files.

    As a good measure, assume that all passwords stored on the site have been stolen. Change all passwords: MySQL, cPanel, FTP - everything.

  7. #7
    SitePoint Evangelist fs_tigre's Avatar
    Join Date
    Feb 2009
    Location
    Close to Chicago, Illinois
    Posts
    517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks lot for the good information, I wish I could learn more about this type of things.

    I just ordered a book called Apache Security, will this help to learn about web security?

    http://www.amazon.com/Apache-Securit...5773193&sr=8-1

    Thanks a lot
    Thank you very much!!!

  8. #8
    SitePoint Enthusiast
    Join Date
    May 2010
    Posts
    25
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It's a good book and full of great information. However, unless you're on a dedicated server, much of it won't apply to you.

    Some other good books are: Hardening Apache, Preventing Web Attacks with Apache, Pro PHP Security, ModSecurity 2.5 and Essential PHP Security.

    Obviously the PHP books are more toward programmers, but the information is still relevant for anyone with a website - I think.

    Any questions you have, just ask! There are many good responders in this forum.

  9. #9
    SitePoint Evangelist fs_tigre's Avatar
    Join Date
    Feb 2009
    Location
    Close to Chicago, Illinois
    Posts
    517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Wow! those are the books I was looking for, thank a lot.

    Any questions you have, just ask! There are many good responders in this forum.
    I have said this so many times... I LOVE THIS FORUM, I honestly don't know what I would do without it.
    Thank you very much!!!

  10. #10
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Also there is a lot of info in thread that is mentioned in my signature (~;
    Bear in mind though that it takes time and expertise to be able to secure everything properly and you have to reiterate all process: Protection->Detection->Action on regular basis.

  11. #11
    SitePoint Evangelist fs_tigre's Avatar
    Join Date
    Feb 2009
    Location
    Close to Chicago, Illinois
    Posts
    517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks a lot!
    Thank you very much!!!

  12. #12
    SitePoint Evangelist fs_tigre's Avatar
    Join Date
    Feb 2009
    Location
    Close to Chicago, Illinois
    Posts
    517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you very much!!!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •