How to stop someone hacking into my website & changing the html code!

Posted on 2006-10-24
Last Modified: 2013-12-04

Is there anyway of stopping someone from hacking into one of my member websites & changing & deleting the html codes for background images (wallpapers), images & music videos.
They keep messing with the above html formats I am not very good at html code but does the word 'none' in the code delete the html code? Is there any html code I can use to stop the hacking I have seen the word 'none' at the end of some of the html code but I don't know what it does, delete the html or no action at all?
I have changed my password to this particular website but they have my email address.
Changing my password does not stop them hacking into my website homepage?
I cannot change my email address to this website only the password?

Please help,
thankyou David39

Question by:David39
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 17800158
Where is your website hosted?  Are you running your own web server, or is it at your ISP or domain host?
If your own server, what OS and web server?
If at your ISP or domain host, notify them because this probably indicates a big security hole in their system that they need to fix.
This cannot be fixed with html code and the word 'none' in the html does not have any meaning... except that someone is changing it if you didn't do it.
LVL 38

Expert Comment

by:Rich Rumble
ID: 17800718
Reinstall the OS from scratch, patch patch patch, turn on a firewall, and log everything you can, winXP and win2003 can log ip's with the firewall, and IIS will log IP's also. The event log can log other changes to the system. PHPbb is an exploit playground, and almost impossible to keep secure. IIS needs to be secured, try the lockdown tool
LVL 24

Expert Comment

ID: 17813805
One thing you can begin to try is to change the default directories to everything including the homepage, place similar things in common directories but separated from other areas of hard drive(s), even to a separate system. Secure the diectories and the systems, and as stated above, review the logs. Do not use default names in your convention. You can have images go to ../images or ../Images - pay attention to case and use it well. You can try too to leave some dummy files around with original default names like default.htm or index.html etc., secure them but be watchful.

What kinds of programs can you run on the servers? Have you some cgi? Is FTP enabled to the default html directory? Once you learn some rules better, you might consider changing the servers' addresses as well, since you are apparently know and sought after, possibly by a former Admin with a grudge. Reduce # of admins and have all change their password, while revisiting firewall to ensure allports are blocked but the ones needed for the business.
MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

LVL 22

Expert Comment

ID: 17816602
Depending on where your website is, I would recommend Deep Freeze ( You can change all the settings you want but once you restart your computer, everything will be reset to what it originally was when you first installed it.

Author Comment

ID: 17818114
Thank you for your answers.

The website I am refurring to is my friend's website. My friend had a dispute with somone on this website forum page. So he deleted some of her images & backgrounds etc. I don't want to give the name of the website for personal reasons.
The website is a login type email username & password from my personal pc using my ISP service.
I don't know how he hacks into the webpage using my email & my friends password.
Does he actually login to my friends personal webpage & changes the html code in the profile settings page. You see the profile settings page after you have logged in is where you can copy paste & type the html code for the background images, walllpapers etc.
Is there any software to stop html hackers entering & or changing my website?
I don't want to reinstall Windows XP home.
Thank you for your replies,


LVL 38

Expert Comment

by:Rich Rumble
ID: 17818421
Once compromised, you can't be sure of anything on the server anymore, I still say reinstall. Is the website running PHPbb, IIS, Apache? PHPbb forum software has many many vectors for attack, and you simply have to keep up with patches, and or move to another code base. You need to know how they are doing what they are doing, and plug that hole. make sure the pc is firewalled only allowing port 80 incomming, XP Home doesn't have a firewall builtin so you have to install one like ZoneAlarm or have the ISP block the ports for you. If you can find the attackers IP you can also block that.

Author Comment

ID: 17818570
I don't know what is PHPbb, IIS, Apache, I know IP is a series of numbers i.e internet provider address is that correct?
How do you find the persons IP address is there any software available to do this?
I am running Windows XP Home Firewall ON Avast Antivirus Software & Lavasoft Adaware Software.
Please advise,

LVL 38

Accepted Solution

Rich Rumble earned 500 total points
ID: 17818616
The ip is your address on the internet, so data knows how to get to/from your pc. A firewall will typically log all the IP's and or the DNS names of the pc's that make connections to your pc. IIS and Apache are webservers, IIS is M$'s and Apache is a cross platform server, Mac, M$, Linux etc... Your firewall should only allow port 80 incomming for web traffic, and block all other ports. Unless you are also running a email server or ftp server etc... then you will want to allow those ports to be open as well. PHPbb is a forum program, you've probably seen this type of forum before on the net: that's PHPbb I assume your not running it, just a simple webpage. Does your source code contain any comments or reveal any username/passwords? (don't post website link or source code here, you'll just make yourself a bigger target)
What webserver do you use? What program renders your webpage?

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question