SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Zealot
    Join Date
    Aug 2006
    Posts
    164
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Techniques for preventing unauthorized modifications of the site

    Hi all,

    recently I had an issue with my site - someone managed to modify my .js file and injected a malicious code there. I have no idea how . I was just wondering how to prevent it from happening. i cleaned the file and changed my password but I am feeling that is not enough.

    Do you monitor your files for changes (cron script), do you use any monitoring software? The worst thing is detecting that not early enough. That really can shutdown your business

    Cheers!
    http://www.yourshoutbox.com <- FREE chat for your website - limited offer
    http://www.smartchatbox.com <- let your visitors talk

  2. #2
    Life is not a malfunction gold trophysilver trophybronze trophy
    TechnoBear's Avatar
    Join Date
    Jun 2011
    Location
    Argyll, Scotland
    Posts
    6,379
    Mentioned
    269 Post(s)
    Tagged
    5 Thread(s)
    As I mentioned in your other thread, setting all file permissions to read-only is a good start.

    I've used CrawlProtect to help block attacks. It also records problem IP addresses, so you can choose to block them completely - and it makes it easy to see which files have been modified and to change the file permissions when necessary.

  3. #3
    SitePoint Member
    Join Date
    Dec 2012
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can log you file modify time. Then you can detect if some of files were edited not by you

  4. #4
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,672
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    kusz,

    This has been asked before and got a long series of good responses including:

    * Use VERY strong passwords (cPanel and FTP).

    * NO unchecked uploads

    * Nightly maldet scans

    * Hash "clean" files and compare daily

    For more (including commercial apps to aide in these efforts, look back a couple of months.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •