Avatar of mcrossland
mcrossland
Flag for United States of America asked on

Website Security vulnerabilities

I have a friend (company) that has their website hosted with Network Solutions.
Recently their index.htm was edited and an IFRAME tag was added to that page.  I have no idea how this got there but would like to do some security testing.

Is there a free Security Scanner that will scan their website and report back any vulnerabilities?
If not, one that will let us scan and then maybe pay a nominal fee if vulnerabilities are found.

Thanks,
Mike
SecurityInternet Protocol Security

Avatar of undefined
Last Comment
ahoffmann

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
kruptos

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
AnthonyP9618

Mike,

Let me guess.. the iframe points to a trojan downloader hosted somewhere in Russia/Chine?  

What kind of software does the website run?  Any forum software or dynamic software? It's a possibility that the website software the site is running may have been hacked into and changes have been made.  I would look for rogue PHP scripts in an uploads directory or other scripts that do not look familiar to you and remove them immediately.  Since the site is hosted with Network Solutions, I would also contact them to have them look at the server the site is hosted on as well to perform anti-virus scans and intrution reports.
Rich Rumble

Typically it's something like a PHPbb exploit that allows the entry point, not specifically a IIS/Apache issue, more of a language issue. If it's hosted, the hosting company needs to be informed so they can do the audit of their own servers more effectively, they will have the access and necessary log's etc.
There are scanners like Nessus, GFI's LanGuard etc... but they can only help with known vlun's or exploits, and are prone to false-positives. Source-Code for the site should be audited also, but after netsol has investigated the problem.
-rich
ahoffmann

> Is there a free Security Scanner that will scan their website and report back any vulnerabilities?
no
if you omit "any" in the question, then yes

I'd not recommend nessus as a tool for scanning websites.
All free tools are very limited for such a task, you better go with one of the comercial ones: Acunetix, AppScan, WebInspect (in alphabetical order)
But before I'd first analyse the logfiles and ensure that the attack was done through *your* webserver, as it is probably a name-based virtual host it could have been done from *all* other websites hosted on that system.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
mcrossland

ASKER
Anthony,
You are right on the money!  Do you have any more information/documentation regarding this particular issue?  I'll forward on your comments to the webmaster to make sure their are not any more items in the directories.
Why hasn't someone suggested https://www.scanalert.com/ 
It is what is used on this site.....  :)
ahoffmann

> Why hasn't someone suggested ..
try this and build your own opinion (full link up to and including the very last 22):
https://www.scanalert.com/SignUp.sa?adds106=2&act=step3&company.name=vulnerable%22%20onmouseover=%22alert('Hacker%20Safe');%22
[then try to key in your company name :-]]

> .. regarding this particular issue?
do you mean PHP (and its modules) flaws?
then simply go to http://www.securityfocus.com/bid/ and search for PHP (be prepared for a few million hits)-:
which does not mean that you have to check them all, but you need to know what's going on on your server to select the right ones.