Solved

How to stop someone hacking into my website & changing the html code!

Posted on 2006-10-24
8
488 Views
Last Modified: 2013-12-04
Hello,

Is there anyway of stopping someone from hacking into one of my member websites & changing & deleting the html codes for background images (wallpapers), images & music videos.
They keep messing with the above html formats I am not very good at html code but does the word 'none' in the code delete the html code? Is there any html code I can use to stop the hacking I have seen the word 'none' at the end of some of the html code but I don't know what it does, delete the html or no action at all?
 
I have changed my password to this particular website but they have my email address.
Changing my password does not stop them hacking into my website homepage?
I cannot change my email address to this website only the password?

Please help,
thankyou David39





 
0
Comment
Question by:David39
8 Comments
 
LVL 9

Expert Comment

by:FixingStuff
ID: 17800158
Where is your website hosted?  Are you running your own web server, or is it at your ISP or domain host?
If your own server, what OS and web server?
If at your ISP or domain host, notify them because this probably indicates a big security hole in their system that they need to fix.
This cannot be fixed with html code and the word 'none' in the html does not have any meaning... except that someone is changing it if you didn't do it.
FS-
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17800718
Reinstall the OS from scratch, patch patch patch, turn on a firewall, and log everything you can, winXP and win2003 can log ip's with the firewall, and IIS will log IP's also. The event log can log other changes to the system. PHPbb is an exploit playground, and almost impossible to keep secure. IIS needs to be secured, try the lockdown tool http://www.microsoft.com/technet/security/tools/locktool.mspx
-rich
0
 
LVL 24

Expert Comment

by:SunBow
ID: 17813805
One thing you can begin to try is to change the default directories to everything including the homepage, place similar things in common directories but separated from other areas of hard drive(s), even to a separate system. Secure the diectories and the systems, and as stated above, review the logs. Do not use default names in your convention. You can have images go to ../images or ../Images - pay attention to case and use it well. You can try too to leave some dummy files around with original default names like default.htm or index.html etc., secure them but be watchful.

What kinds of programs can you run on the servers? Have you some cgi? Is FTP enabled to the default html directory? Once you learn some rules better, you might consider changing the servers' addresses as well, since you are apparently know and sought after, possibly by a former Admin with a grudge. Reduce # of admins and have all change their password, while revisiting firewall to ensure allports are blocked but the ones needed for the business.
0
 
LVL 22

Expert Comment

by:orangutang
ID: 17816602
Depending on where your website is, I would recommend Deep Freeze (http://www.faronics.com/html/choose.asp) You can change all the settings you want but once you restart your computer, everything will be reset to what it originally was when you first installed it.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:David39
ID: 17818114
Hello,
Thank you for your answers.

The website I am refurring to is my friend's website. My friend had a dispute with somone on this website forum page. So he deleted some of her images & backgrounds etc. I don't want to give the name of the website for personal reasons.
The website is a login type email username & password from my personal pc using my ISP service.
I don't know how he hacks into the webpage using my email & my friends password.
Does he actually login to my friends personal webpage & changes the html code in the profile settings page. You see the profile settings page after you have logged in is where you can copy paste & type the html code for the background images, walllpapers etc.
Is there any software to stop html hackers entering & or changing my website?
I don't want to reinstall Windows XP home.
Thank you for your replies,
David39




 

0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17818421
Once compromised, you can't be sure of anything on the server anymore, I still say reinstall. Is the website running PHPbb, IIS, Apache? PHPbb forum software has many many vectors for attack, and you simply have to keep up with patches, and or move to another code base. You need to know how they are doing what they are doing, and plug that hole. make sure the pc is firewalled only allowing port 80 incomming, XP Home doesn't have a firewall builtin so you have to install one like ZoneAlarm or have the ISP block the ports for you. If you can find the attackers IP you can also block that.
-rich
0
 

Author Comment

by:David39
ID: 17818570
Hello,
I don't know what is PHPbb, IIS, Apache, I know IP is a series of numbers i.e internet provider address is that correct?
How do you find the persons IP address is there any software available to do this?
I am running Windows XP Home Firewall ON Avast Antivirus Software & Lavasoft Adaware Software.
Please advise,
David39

 
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 17818616
The ip is your address on the internet, so data knows how to get to/from your pc. A firewall will typically log all the IP's and or the DNS names of the pc's that make connections to your pc. IIS and Apache are webservers, IIS is M$'s and Apache is a cross platform server, Mac, M$, Linux etc... Your firewall should only allow port 80 incomming for web traffic, and block all other ports. Unless you are also running a email server or ftp server etc... then you will want to allow those ports to be open as well. PHPbb is a forum program, you've probably seen this type of forum before on the net: http://www.phpbb.com/styles/demo.php that's PHPbb I assume your not running it, just a simple webpage. Does your source code contain any comments or reveal any username/passwords? (don't post website link or source code here, you'll just make yourself a bigger target)
What webserver do you use? What program renders your webpage?
-rich
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now