SitePoint Sponsor

User Tag List

Results 1 to 18 of 18
  1. #1
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,756
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Problem while researching Hacked Macquarie University Website

    Last night I saw an article about how Macquarie University's website was hacked.

    So I found a security website that had cached a copy of the hacked website, and I saved the HTML into an HTML file in NetBeans so I could re-create the web page to show others.

    In the HTML that I saved, there was this reference to some image on the website...

    http://lh6.ggpht.com/Ozkd02BshFn39KGdmy1UV1iGC_duOgzv_qTNsGOr-02QvKVHMKE0aLB8scDTKy63_Ulal7h-sdL0Q0n3iII=s556


    I tried right-clicking on the image to save a local copy, but FireFox didn't allow me to do this.

    What I would like to know is, "Is it possible that the URL above is to one of the Hackers servers, and thus maybe carried a dangerous payload that I could have somehow picked up while originally viewing the cached website on this intermediary website, or while viewing the page - and images - again from my local copy?!"

    I am on a Mac, but nonetheless, I am sort of regretting doing what I did...

    Thoughts??

    Sincerely,


    Debbie

    P.S. Here is a partial screen-shot from the code I copied and placed into a local HTML file... (I did this mainly because the original was a few pages, and so there was no easy way to do a "screen-shot"...)

    2_MacquarieUniveristyHacked.png

  2. #2
    SitePoint Zealot 2ndmouse's Avatar
    Join Date
    Jan 2007
    Location
    West London
    Posts
    196
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    From what I can gather, ggpht.com is an image repository used by Picasa and the like. It can't be opened in a browser directly, chrome returns a 404.

    The sub-domains lh6 lh5 lh4 etc appear to represent different world regions, according to some info I found. Anyway, bottom line is, I don't think it's a link to anything nasty.

    Check for links to any other remote sites, especially in the javascript, if there is any. That's where any malicious stuff is likely to be.

    As a footnote, and at the risk of being bombarded by protesting mac users, I don't think being on a mac offers any more protection against malicious code than being on a pc. Just an opinion, based on something I read a while back.

    Regards
    Detect file changes remotely. SimpleSiteAudit is an early
    warning anti-hacker system which sends an alert on detection.

    PHP Find Orphan Files - Finds all the unreferenced files on your site.

  3. #3
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,756
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by 2ndmouse View Post
    From what I can gather, ggpht.com is an image repository used by Picasa and the like. It can't be opened in a browser directly, chrome returns a 404.

    The sub-domains lh6 lh5 lh4 etc appear to represent different world regions, according to some info I found. Anyway, bottom line is, I don't think it's a link to anything nasty.
    Glad to hear that!

    BTW, why can't I right-click and save the two images on that website?



    Check for links to any other remote sites, especially in the javascript, if there is any. That's where any malicious stuff is likely to be.
    Yeah, that much I know.


    As a footnote, and at the risk of being bombarded by protesting mac users, I don't think being on a mac offers any more protection against malicious code than being on a pc. Just an opinion, based on something I read a while back.

    Regards
    I think Macs are safer, but that doesn't mean they are completely free of weaknesses or people who want to hack them.

    Normally I am pretty careful about what I save, but I just found the hacking of that website so - in your face!! - that I wanted to keep a copy for myself and to show others how dumb companies and institutions can really be?!

    Sincerely,


    Debbie

  4. #4
    SitePoint Zealot 2ndmouse's Avatar
    Join Date
    Jan 2007
    Location
    West London
    Posts
    196
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by DoubleDee View Post
    BTW, why can't I right-click and save the two images on that website?
    Right-click is probably disabled in the javascript. Usually, it produces an alert, but there's no reason why the alert can't be removed.

    Here's an example

    Regards
    Detect file changes remotely. SimpleSiteAudit is an early
    warning anti-hacker system which sends an alert on detection.

    PHP Find Orphan Files - Finds all the unreferenced files on your site.

  5. #5
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,756
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by 2ndmouse View Post
    Right-click is probably disabled in the javascript. Usually, it produces an alert, but there's no reason why the alert can't be removed.

    Here's an example

    Regards
    If that is what they did, then is there an easy way around that?

    I actually looked in the HTML, and pasted the URL to the photo, and it still wouldn't let me save the photo...


    Debbie

  6. #6
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,097
    Mentioned
    448 Post(s)
    Tagged
    8 Thread(s)
    Quote Originally Posted by DoubleDee View Post
    is there an easy way around that?
    Just disable JS.
    Facebook | Google+ | Twitter | Web Design Tips | Free Contact Form

    Forum Usage: Tips on posting code samples, images and more

    Forrest Gump: "IE is like a box of chocolates: you never know what you're gonna get."

  7. #7
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,756
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ralph.m View Post
    Just disable JS.
    Duh! Okay, that did the trick.

    Thank you!

    (Now let's hope the links to those images and the images themselves are not malware?!)


    Debbie

  8. #8
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,097
    Mentioned
    448 Post(s)
    Tagged
    8 Thread(s)
    As far as the image is concerned, I guess you could "save for web", which would probably strip out any nastiness in it ... although I doubt there's any issue with it.

    I do find the turning off JS quite funny. I was asked to do a gallery site at one point, and the client was adamant that the pictures had to be protected by one of those JS scripts. She showed me an example site, and it took me less than a second to turn off JS and download the images. Her shoulders sank, and she never asked for this again.
    Facebook | Google+ | Twitter | Web Design Tips | Free Contact Form

    Forum Usage: Tips on posting code samples, images and more

    Forrest Gump: "IE is like a box of chocolates: you never know what you're gonna get."

  9. #9
    Life is not a malfunction gold trophysilver trophybronze trophy
    TechnoBear's Avatar
    Join Date
    Jun 2011
    Location
    Argyll, Scotland
    Posts
    6,059
    Mentioned
    253 Post(s)
    Tagged
    5 Thread(s)
    Quote Originally Posted by ralph.m View Post
    I do find the turning off JS quite funny. I was asked to do a gallery site at one point, and the client was adamant that the pictures had to be protected by one of those JS scripts. She showed me an example site, and it took me less than a second to turn off JS and download the images. Her shoulders sank, and she never asked for this again.


    A slightly more realistic approach to the problem is the one used by this site, for example (not one of mine ). The first time you right-click, it brings up a copyright warning message, but once you've closed that, the normal right-click functions are restored.

    Take plenty of exercise walk round and round the garden
    or
    sign up now for the Isle of Jura 10K or Half Marathon!

  10. #10
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,097
    Mentioned
    448 Post(s)
    Tagged
    8 Thread(s)
    Quote Originally Posted by TechnoBear View Post
    it brings up a copyright warning message ...
    I guess that's a better approach, although it doesn't seem people care much these days. Might be better to play on superstitions ... like—"You will be cursed and die in seething agony within the week ... Muahahahaha" sort of thing.
    Facebook | Google+ | Twitter | Web Design Tips | Free Contact Form

    Forum Usage: Tips on posting code samples, images and more

    Forrest Gump: "IE is like a box of chocolates: you never know what you're gonna get."

  11. #11
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,784
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    The most effective way I have found for protecting images from being copied via the context menu is to place a transparent image in front of them so that the transparent image is the one that gets copied instead of the real one. By the time they realise they got the wrong images at least some will not bother going back to steal the images a different way - such as by saving the entire page and then copying the images from there.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  12. #12
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,097
    Mentioned
    448 Post(s)
    Tagged
    8 Thread(s)
    That's a clever idea. I guess it could easily be automated for a gallery site, too, as manually doing it for every image would be tedious.
    Facebook | Google+ | Twitter | Web Design Tips | Free Contact Form

    Forum Usage: Tips on posting code samples, images and more

    Forrest Gump: "IE is like a box of chocolates: you never know what you're gonna get."

  13. #13
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,756
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ralph.m View Post
    As far as the image is concerned, I guess you could "save for web", which would probably strip out any nastiness in it ... although I doubt there's any issue with it.

    I do find the turning off JS quite funny. I was asked to do a gallery site at one point, and the client was adamant that the pictures had to be protected by one of those JS scripts. She showed me an example site, and it took me less than a second to turn off JS and download the images. Her shoulders sank, and she never asked for this again.
    One of several reasons why I haven't incorporated JavaScript into my website (as part of the base design)...


    Debbie

  14. #14
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,097
    Mentioned
    448 Post(s)
    Tagged
    8 Thread(s)
    Quote Originally Posted by DoubleDee View Post
    One of several reasons why I haven't incorporated JavaScript into my website (as part of the base design)...
    It should only eve be an enhancement, rather than a dependancy.
    Facebook | Google+ | Twitter | Web Design Tips | Free Contact Form

    Forum Usage: Tips on posting code samples, images and more

    Forrest Gump: "IE is like a box of chocolates: you never know what you're gonna get."

  15. #15
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    16,998
    Mentioned
    186 Post(s)
    Tagged
    2 Thread(s)
    Similar to turning off javascript, wouldn't an underlying image be right-clck-saveable by turning off CSS?

  16. #16
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,097
    Mentioned
    448 Post(s)
    Tagged
    8 Thread(s)
    Indeed, just as easy. If the image can be seen, it can be saved ... even if with a screen shot.
    Facebook | Google+ | Twitter | Web Design Tips | Free Contact Form

    Forum Usage: Tips on posting code samples, images and more

    Forrest Gump: "IE is like a box of chocolates: you never know what you're gonna get."

  17. #17
    Life is not a malfunction gold trophysilver trophybronze trophy
    TechnoBear's Avatar
    Join Date
    Jun 2011
    Location
    Argyll, Scotland
    Posts
    6,059
    Mentioned
    253 Post(s)
    Tagged
    5 Thread(s)
    Off Topic:

    Quote Originally Posted by ralph.m View Post
    I guess that's a better approach, although it doesn't seem people care much these days. Might be better to play on superstitions ... like—"You will be cursed and die in seething agony within the week ... Muahahahaha" sort of thing.


    Or perhaps "right-clicking again will download a virus which will completely wipe and reformat your hard drive".
    Take plenty of exercise walk round and round the garden
    or
    sign up now for the Isle of Jura 10K or Half Marathon!

  18. #18
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,097
    Mentioned
    448 Post(s)
    Tagged
    8 Thread(s)
    Off Topic:

    Quote Originally Posted by TechnoBear View Post
    Or perhaps "right-clicking again will download a virus which will completely wipe and reformat your hard drive".
    That's better, of course, because some people would actually believe it.

    When I first allowed my router to broadcast a wireless signal, I changed its broadcast name to VirusPortal (or something like that) to dissuade others from trying to use it. In the end, it felt too mean, and I changed it, because I didn't want to freak innocent people who might get worried that their computer was in danger.
    Facebook | Google+ | Twitter | Web Design Tips | Free Contact Form

    Forum Usage: Tips on posting code samples, images and more

    Forrest Gump: "IE is like a box of chocolates: you never know what you're gonna get."


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •