How to stop someone hacking into my website & changing the html code!

Posted on 2006-10-24
Medium Priority
Last Modified: 2013-12-04

Is there anyway of stopping someone from hacking into one of my member websites & changing & deleting the html codes for background images (wallpapers), images & music videos.
They keep messing with the above html formats I am not very good at html code but does the word 'none' in the code delete the html code? Is there any html code I can use to stop the hacking I have seen the word 'none' at the end of some of the html code but I don't know what it does, delete the html or no action at all?
I have changed my password to this particular website but they have my email address.
Changing my password does not stop them hacking into my website homepage?
I cannot change my email address to this website only the password?

Please help,
thankyou David39

Question by:David39
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 17800158
Where is your website hosted?  Are you running your own web server, or is it at your ISP or domain host?
If your own server, what OS and web server?
If at your ISP or domain host, notify them because this probably indicates a big security hole in their system that they need to fix.
This cannot be fixed with html code and the word 'none' in the html does not have any meaning... except that someone is changing it if you didn't do it.
LVL 38

Expert Comment

by:Rich Rumble
ID: 17800718
Reinstall the OS from scratch, patch patch patch, turn on a firewall, and log everything you can, winXP and win2003 can log ip's with the firewall, and IIS will log IP's also. The event log can log other changes to the system. PHPbb is an exploit playground, and almost impossible to keep secure. IIS needs to be secured, try the lockdown tool http://www.microsoft.com/technet/security/tools/locktool.mspx
LVL 24

Expert Comment

ID: 17813805
One thing you can begin to try is to change the default directories to everything including the homepage, place similar things in common directories but separated from other areas of hard drive(s), even to a separate system. Secure the diectories and the systems, and as stated above, review the logs. Do not use default names in your convention. You can have images go to ../images or ../Images - pay attention to case and use it well. You can try too to leave some dummy files around with original default names like default.htm or index.html etc., secure them but be watchful.

What kinds of programs can you run on the servers? Have you some cgi? Is FTP enabled to the default html directory? Once you learn some rules better, you might consider changing the servers' addresses as well, since you are apparently know and sought after, possibly by a former Admin with a grudge. Reduce # of admins and have all change their password, while revisiting firewall to ensure allports are blocked but the ones needed for the business.
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

LVL 22

Expert Comment

ID: 17816602
Depending on where your website is, I would recommend Deep Freeze (http://www.faronics.com/html/choose.asp) You can change all the settings you want but once you restart your computer, everything will be reset to what it originally was when you first installed it.

Author Comment

ID: 17818114
Thank you for your answers.

The website I am refurring to is my friend's website. My friend had a dispute with somone on this website forum page. So he deleted some of her images & backgrounds etc. I don't want to give the name of the website for personal reasons.
The website is a login type email username & password from my personal pc using my ISP service.
I don't know how he hacks into the webpage using my email & my friends password.
Does he actually login to my friends personal webpage & changes the html code in the profile settings page. You see the profile settings page after you have logged in is where you can copy paste & type the html code for the background images, walllpapers etc.
Is there any software to stop html hackers entering & or changing my website?
I don't want to reinstall Windows XP home.
Thank you for your replies,


LVL 38

Expert Comment

by:Rich Rumble
ID: 17818421
Once compromised, you can't be sure of anything on the server anymore, I still say reinstall. Is the website running PHPbb, IIS, Apache? PHPbb forum software has many many vectors for attack, and you simply have to keep up with patches, and or move to another code base. You need to know how they are doing what they are doing, and plug that hole. make sure the pc is firewalled only allowing port 80 incomming, XP Home doesn't have a firewall builtin so you have to install one like ZoneAlarm or have the ISP block the ports for you. If you can find the attackers IP you can also block that.

Author Comment

ID: 17818570
I don't know what is PHPbb, IIS, Apache, I know IP is a series of numbers i.e internet provider address is that correct?
How do you find the persons IP address is there any software available to do this?
I am running Windows XP Home Firewall ON Avast Antivirus Software & Lavasoft Adaware Software.
Please advise,

LVL 38

Accepted Solution

Rich Rumble earned 1500 total points
ID: 17818616
The ip is your address on the internet, so data knows how to get to/from your pc. A firewall will typically log all the IP's and or the DNS names of the pc's that make connections to your pc. IIS and Apache are webservers, IIS is M$'s and Apache is a cross platform server, Mac, M$, Linux etc... Your firewall should only allow port 80 incomming for web traffic, and block all other ports. Unless you are also running a email server or ftp server etc... then you will want to allow those ports to be open as well. PHPbb is a forum program, you've probably seen this type of forum before on the net: http://www.phpbb.com/styles/demo.php that's PHPbb I assume your not running it, just a simple webpage. Does your source code contain any comments or reveal any username/passwords? (don't post website link or source code here, you'll just make yourself a bigger target)
What webserver do you use? What program renders your webpage?

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
OfficeMate Freezes on login or does not load after login credentials are input.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question