Link to home
Start Free TrialLog in
Avatar of mcrossland
mcrosslandFlag for United States of America

asked on

Website Security vulnerabilities

I have a friend (company) that has their website hosted with Network Solutions.
Recently their index.htm was edited and an IFRAME tag was added to that page.  I have no idea how this got there but would like to do some security testing.

Is there a free Security Scanner that will scan their website and report back any vulnerabilities?
If not, one that will let us scan and then maybe pay a nominal fee if vulnerabilities are found.

Thanks,
Mike
ASKER CERTIFIED SOLUTION
Avatar of kruptos
kruptos

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Mike,

Let me guess.. the iframe points to a trojan downloader hosted somewhere in Russia/Chine?  

What kind of software does the website run?  Any forum software or dynamic software? It's a possibility that the website software the site is running may have been hacked into and changes have been made.  I would look for rogue PHP scripts in an uploads directory or other scripts that do not look familiar to you and remove them immediately.  Since the site is hosted with Network Solutions, I would also contact them to have them look at the server the site is hosted on as well to perform anti-virus scans and intrution reports.
Avatar of Rich Rumble
Typically it's something like a PHPbb exploit that allows the entry point, not specifically a IIS/Apache issue, more of a language issue. If it's hosted, the hosting company needs to be informed so they can do the audit of their own servers more effectively, they will have the access and necessary log's etc.
There are scanners like Nessus, GFI's LanGuard etc... but they can only help with known vlun's or exploits, and are prone to false-positives. Source-Code for the site should be audited also, but after netsol has investigated the problem.
-rich
> Is there a free Security Scanner that will scan their website and report back any vulnerabilities?
no
if you omit "any" in the question, then yes

I'd not recommend nessus as a tool for scanning websites.
All free tools are very limited for such a task, you better go with one of the comercial ones: Acunetix, AppScan, WebInspect (in alphabetical order)
But before I'd first analyse the logfiles and ensure that the attack was done through *your* webserver, as it is probably a name-based virtual host it could have been done from *all* other websites hosted on that system.
Avatar of mcrossland

ASKER

Anthony,
You are right on the money!  Do you have any more information/documentation regarding this particular issue?  I'll forward on your comments to the webmaster to make sure their are not any more items in the directories.
Why hasn't someone suggested https://www.scanalert.com/ 
It is what is used on this site.....  :)
> Why hasn't someone suggested ..
try this and build your own opinion (full link up to and including the very last 22):
https://www.scanalert.com/SignUp.sa?adds106=2&act=step3&company.name=vulnerable%22%20onmouseover=%22alert('Hacker%20Safe');%22
[then try to key in your company name :-]]

> .. regarding this particular issue?
do you mean PHP (and its modules) flaws?
then simply go to http://www.securityfocus.com/bid/ and search for PHP (be prepared for a few million hits)-:
which does not mean that you have to check them all, but you need to know what's going on on your server to select the right ones.