This year two of my clients websites have been “hacked”.
In the first case, keywords with links were inserted in amongst my clients real content across the whole site.
In the other case, an extra page was created which just had a load of nonsense, but amongst the nonsense were links to an external website
In both cases the inserted content was relating to watches/handbags. The two sites are with two completely different web hosting companies.
The first site was built with a custom php CMS, so I wondered whether somehow SQL injection was taking place (although some static html pages were affected also)
The second site is all just static .html files, some javascript (lightbox JS etc), so I am intrigued as to how someone could just gain access and upload a new page.
I wondered whether anyone could explain how this could happen, what should I be looking for etc?
In both cases I do not have FTP logins stored on my computer, so I cant see my system being the cause.
Well, I think the most common way for this to happen is if there are any forms that allow users to input data. IF the data is not sanitized and/or if the query to insert said data is not parameterized, you’re leaving yourself open to it. I believe PHP has built-in methods for “scraping out” HTML that allows them to insert links.
I’m not too familiar with cross-site scripting (XSS) attacks, but it would be a good idea to Google all you can about it.
There are other ways, but I don’t want my boss giving me the hairy eyeball, so I gots to scoot. Hope this helps.
Additionally, make sure that all passwords are STRONG passwords. “password123” is not a strong password. Strong passwords are at least 10 characters long, and use a combination of special characters, numbers, and upper- and lower-case letters. Actually, it’s usually easier to remember a pass phrase than a password. Examples (and don’t use any of these, these are just for example):
That’s not paranoia; that’s attempting to be secure in a day and age of the internet where XSS and SQL-injection attacks (along with MITM and others) are more than just commonplace.