Solved

How to stop someone hacking into my website & changing the html code!

Posted on 2006-10-24
8
489 Views
Last Modified: 2013-12-04
Hello,

Is there anyway of stopping someone from hacking into one of my member websites & changing & deleting the html codes for background images (wallpapers), images & music videos.
They keep messing with the above html formats I am not very good at html code but does the word 'none' in the code delete the html code? Is there any html code I can use to stop the hacking I have seen the word 'none' at the end of some of the html code but I don't know what it does, delete the html or no action at all?
 
I have changed my password to this particular website but they have my email address.
Changing my password does not stop them hacking into my website homepage?
I cannot change my email address to this website only the password?

Please help,
thankyou David39





 
0
Comment
Question by:David39
8 Comments
 
LVL 9

Expert Comment

by:FixingStuff
ID: 17800158
Where is your website hosted?  Are you running your own web server, or is it at your ISP or domain host?
If your own server, what OS and web server?
If at your ISP or domain host, notify them because this probably indicates a big security hole in their system that they need to fix.
This cannot be fixed with html code and the word 'none' in the html does not have any meaning... except that someone is changing it if you didn't do it.
FS-
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17800718
Reinstall the OS from scratch, patch patch patch, turn on a firewall, and log everything you can, winXP and win2003 can log ip's with the firewall, and IIS will log IP's also. The event log can log other changes to the system. PHPbb is an exploit playground, and almost impossible to keep secure. IIS needs to be secured, try the lockdown tool http://www.microsoft.com/technet/security/tools/locktool.mspx
-rich
0
 
LVL 24

Expert Comment

by:SunBow
ID: 17813805
One thing you can begin to try is to change the default directories to everything including the homepage, place similar things in common directories but separated from other areas of hard drive(s), even to a separate system. Secure the diectories and the systems, and as stated above, review the logs. Do not use default names in your convention. You can have images go to ../images or ../Images - pay attention to case and use it well. You can try too to leave some dummy files around with original default names like default.htm or index.html etc., secure them but be watchful.

What kinds of programs can you run on the servers? Have you some cgi? Is FTP enabled to the default html directory? Once you learn some rules better, you might consider changing the servers' addresses as well, since you are apparently know and sought after, possibly by a former Admin with a grudge. Reduce # of admins and have all change their password, while revisiting firewall to ensure allports are blocked but the ones needed for the business.
0
 
LVL 22

Expert Comment

by:orangutang
ID: 17816602
Depending on where your website is, I would recommend Deep Freeze (http://www.faronics.com/html/choose.asp) You can change all the settings you want but once you restart your computer, everything will be reset to what it originally was when you first installed it.
0
Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

 

Author Comment

by:David39
ID: 17818114
Hello,
Thank you for your answers.

The website I am refurring to is my friend's website. My friend had a dispute with somone on this website forum page. So he deleted some of her images & backgrounds etc. I don't want to give the name of the website for personal reasons.
The website is a login type email username & password from my personal pc using my ISP service.
I don't know how he hacks into the webpage using my email & my friends password.
Does he actually login to my friends personal webpage & changes the html code in the profile settings page. You see the profile settings page after you have logged in is where you can copy paste & type the html code for the background images, walllpapers etc.
Is there any software to stop html hackers entering & or changing my website?
I don't want to reinstall Windows XP home.
Thank you for your replies,
David39




 

0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17818421
Once compromised, you can't be sure of anything on the server anymore, I still say reinstall. Is the website running PHPbb, IIS, Apache? PHPbb forum software has many many vectors for attack, and you simply have to keep up with patches, and or move to another code base. You need to know how they are doing what they are doing, and plug that hole. make sure the pc is firewalled only allowing port 80 incomming, XP Home doesn't have a firewall builtin so you have to install one like ZoneAlarm or have the ISP block the ports for you. If you can find the attackers IP you can also block that.
-rich
0
 

Author Comment

by:David39
ID: 17818570
Hello,
I don't know what is PHPbb, IIS, Apache, I know IP is a series of numbers i.e internet provider address is that correct?
How do you find the persons IP address is there any software available to do this?
I am running Windows XP Home Firewall ON Avast Antivirus Software & Lavasoft Adaware Software.
Please advise,
David39

 
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 17818616
The ip is your address on the internet, so data knows how to get to/from your pc. A firewall will typically log all the IP's and or the DNS names of the pc's that make connections to your pc. IIS and Apache are webservers, IIS is M$'s and Apache is a cross platform server, Mac, M$, Linux etc... Your firewall should only allow port 80 incomming for web traffic, and block all other ports. Unless you are also running a email server or ftp server etc... then you will want to allow those ports to be open as well. PHPbb is a forum program, you've probably seen this type of forum before on the net: http://www.phpbb.com/styles/demo.php that's PHPbb I assume your not running it, just a simple webpage. Does your source code contain any comments or reveal any username/passwords? (don't post website link or source code here, you'll just make yourself a bigger target)
What webserver do you use? What program renders your webpage?
-rich
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now