SitePoint Sponsor

User Tag List

Results 1 to 18 of 18

Hybrid View

  1. #1
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,762
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Problem while researching Hacked Macquarie University Website

    Last night I saw an article about how Macquarie University's website was hacked.

    So I found a security website that had cached a copy of the hacked website, and I saved the HTML into an HTML file in NetBeans so I could re-create the web page to show others.

    In the HTML that I saved, there was this reference to some image on the website...

    http://lh6.ggpht.com/Ozkd02BshFn39KGdmy1UV1iGC_duOgzv_qTNsGOr-02QvKVHMKE0aLB8scDTKy63_Ulal7h-sdL0Q0n3iII=s556


    I tried right-clicking on the image to save a local copy, but FireFox didn't allow me to do this.

    What I would like to know is, "Is it possible that the URL above is to one of the Hackers servers, and thus maybe carried a dangerous payload that I could have somehow picked up while originally viewing the cached website on this intermediary website, or while viewing the page - and images - again from my local copy?!"

    I am on a Mac, but nonetheless, I am sort of regretting doing what I did...

    Thoughts??

    Sincerely,


    Debbie

    P.S. Here is a partial screen-shot from the code I copied and placed into a local HTML file... (I did this mainly because the original was a few pages, and so there was no easy way to do a "screen-shot"...)

    2_MacquarieUniveristyHacked.png

  2. #2
    SitePoint Zealot 2ndmouse's Avatar
    Join Date
    Jan 2007
    Location
    West London
    Posts
    196
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    From what I can gather, ggpht.com is an image repository used by Picasa and the like. It can't be opened in a browser directly, chrome returns a 404.

    The sub-domains lh6 lh5 lh4 etc appear to represent different world regions, according to some info I found. Anyway, bottom line is, I don't think it's a link to anything nasty.

    Check for links to any other remote sites, especially in the javascript, if there is any. That's where any malicious stuff is likely to be.

    As a footnote, and at the risk of being bombarded by protesting mac users, I don't think being on a mac offers any more protection against malicious code than being on a pc. Just an opinion, based on something I read a while back.

    Regards
    Detect file changes remotely. SimpleSiteAudit is an early
    warning anti-hacker system which sends an alert on detection.

    PHP Find Orphan Files - Finds all the unreferenced files on your site.

  3. #3
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,762
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by 2ndmouse View Post
    From what I can gather, ggpht.com is an image repository used by Picasa and the like. It can't be opened in a browser directly, chrome returns a 404.

    The sub-domains lh6 lh5 lh4 etc appear to represent different world regions, according to some info I found. Anyway, bottom line is, I don't think it's a link to anything nasty.
    Glad to hear that!

    BTW, why can't I right-click and save the two images on that website?



    Check for links to any other remote sites, especially in the javascript, if there is any. That's where any malicious stuff is likely to be.
    Yeah, that much I know.


    As a footnote, and at the risk of being bombarded by protesting mac users, I don't think being on a mac offers any more protection against malicious code than being on a pc. Just an opinion, based on something I read a while back.

    Regards
    I think Macs are safer, but that doesn't mean they are completely free of weaknesses or people who want to hack them.

    Normally I am pretty careful about what I save, but I just found the hacking of that website so - in your face!! - that I wanted to keep a copy for myself and to show others how dumb companies and institutions can really be?!

    Sincerely,


    Debbie

  4. #4
    SitePoint Zealot 2ndmouse's Avatar
    Join Date
    Jan 2007
    Location
    West London
    Posts
    196
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by DoubleDee View Post
    BTW, why can't I right-click and save the two images on that website?
    Right-click is probably disabled in the javascript. Usually, it produces an alert, but there's no reason why the alert can't be removed.

    Here's an example

    Regards
    Detect file changes remotely. SimpleSiteAudit is an early
    warning anti-hacker system which sends an alert on detection.

    PHP Find Orphan Files - Finds all the unreferenced files on your site.

  5. #5
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,762
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by 2ndmouse View Post
    Right-click is probably disabled in the javascript. Usually, it produces an alert, but there's no reason why the alert can't be removed.

    Here's an example

    Regards
    If that is what they did, then is there an easy way around that?

    I actually looked in the HTML, and pasted the URL to the photo, and it still wouldn't let me save the photo...


    Debbie

  6. #6
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,120
    Mentioned
    448 Post(s)
    Tagged
    8 Thread(s)
    Quote Originally Posted by DoubleDee View Post
    is there an easy way around that?
    Just disable JS.
    Facebook | Google+ | Twitter | Web Design Tips | Free Contact Form

    Forum Usage: Tips on posting code samples, images and more

    Forrest Gump: "IE is like a box of chocolates: you never know what you're gonna get."

  7. #7
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,789
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    The most effective way I have found for protecting images from being copied via the context menu is to place a transparent image in front of them so that the transparent image is the one that gets copied instead of the real one. By the time they realise they got the wrong images at least some will not bother going back to steal the images a different way - such as by saving the entire page and then copying the images from there.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  8. #8
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,120
    Mentioned
    448 Post(s)
    Tagged
    8 Thread(s)
    That's a clever idea. I guess it could easily be automated for a gallery site, too, as manually doing it for every image would be tedious.
    Facebook | Google+ | Twitter | Web Design Tips | Free Contact Form

    Forum Usage: Tips on posting code samples, images and more

    Forrest Gump: "IE is like a box of chocolates: you never know what you're gonna get."


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •