Go Premium for a chance to win a PS4. Enter to Win


How to stop someone hacking into my website & changing the html code!

Posted on 2006-10-24
Medium Priority
Last Modified: 2013-12-04

Is there anyway of stopping someone from hacking into one of my member websites & changing & deleting the html codes for background images (wallpapers), images & music videos.
They keep messing with the above html formats I am not very good at html code but does the word 'none' in the code delete the html code? Is there any html code I can use to stop the hacking I have seen the word 'none' at the end of some of the html code but I don't know what it does, delete the html or no action at all?
I have changed my password to this particular website but they have my email address.
Changing my password does not stop them hacking into my website homepage?
I cannot change my email address to this website only the password?

Please help,
thankyou David39

Question by:David39

Expert Comment

ID: 17800158
Where is your website hosted?  Are you running your own web server, or is it at your ISP or domain host?
If your own server, what OS and web server?
If at your ISP or domain host, notify them because this probably indicates a big security hole in their system that they need to fix.
This cannot be fixed with html code and the word 'none' in the html does not have any meaning... except that someone is changing it if you didn't do it.
LVL 38

Expert Comment

by:Rich Rumble
ID: 17800718
Reinstall the OS from scratch, patch patch patch, turn on a firewall, and log everything you can, winXP and win2003 can log ip's with the firewall, and IIS will log IP's also. The event log can log other changes to the system. PHPbb is an exploit playground, and almost impossible to keep secure. IIS needs to be secured, try the lockdown tool http://www.microsoft.com/technet/security/tools/locktool.mspx
LVL 24

Expert Comment

ID: 17813805
One thing you can begin to try is to change the default directories to everything including the homepage, place similar things in common directories but separated from other areas of hard drive(s), even to a separate system. Secure the diectories and the systems, and as stated above, review the logs. Do not use default names in your convention. You can have images go to ../images or ../Images - pay attention to case and use it well. You can try too to leave some dummy files around with original default names like default.htm or index.html etc., secure them but be watchful.

What kinds of programs can you run on the servers? Have you some cgi? Is FTP enabled to the default html directory? Once you learn some rules better, you might consider changing the servers' addresses as well, since you are apparently know and sought after, possibly by a former Admin with a grudge. Reduce # of admins and have all change their password, while revisiting firewall to ensure allports are blocked but the ones needed for the business.
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 22

Expert Comment

ID: 17816602
Depending on where your website is, I would recommend Deep Freeze (http://www.faronics.com/html/choose.asp) You can change all the settings you want but once you restart your computer, everything will be reset to what it originally was when you first installed it.

Author Comment

ID: 17818114
Thank you for your answers.

The website I am refurring to is my friend's website. My friend had a dispute with somone on this website forum page. So he deleted some of her images & backgrounds etc. I don't want to give the name of the website for personal reasons.
The website is a login type email username & password from my personal pc using my ISP service.
I don't know how he hacks into the webpage using my email & my friends password.
Does he actually login to my friends personal webpage & changes the html code in the profile settings page. You see the profile settings page after you have logged in is where you can copy paste & type the html code for the background images, walllpapers etc.
Is there any software to stop html hackers entering & or changing my website?
I don't want to reinstall Windows XP home.
Thank you for your replies,


LVL 38

Expert Comment

by:Rich Rumble
ID: 17818421
Once compromised, you can't be sure of anything on the server anymore, I still say reinstall. Is the website running PHPbb, IIS, Apache? PHPbb forum software has many many vectors for attack, and you simply have to keep up with patches, and or move to another code base. You need to know how they are doing what they are doing, and plug that hole. make sure the pc is firewalled only allowing port 80 incomming, XP Home doesn't have a firewall builtin so you have to install one like ZoneAlarm or have the ISP block the ports for you. If you can find the attackers IP you can also block that.

Author Comment

ID: 17818570
I don't know what is PHPbb, IIS, Apache, I know IP is a series of numbers i.e internet provider address is that correct?
How do you find the persons IP address is there any software available to do this?
I am running Windows XP Home Firewall ON Avast Antivirus Software & Lavasoft Adaware Software.
Please advise,

LVL 38

Accepted Solution

Rich Rumble earned 1500 total points
ID: 17818616
The ip is your address on the internet, so data knows how to get to/from your pc. A firewall will typically log all the IP's and or the DNS names of the pc's that make connections to your pc. IIS and Apache are webservers, IIS is M$'s and Apache is a cross platform server, Mac, M$, Linux etc... Your firewall should only allow port 80 incomming for web traffic, and block all other ports. Unless you are also running a email server or ftp server etc... then you will want to allow those ports to be open as well. PHPbb is a forum program, you've probably seen this type of forum before on the net: http://www.phpbb.com/styles/demo.php that's PHPbb I assume your not running it, just a simple webpage. Does your source code contain any comments or reveal any username/passwords? (don't post website link or source code here, you'll just make yourself a bigger target)
What webserver do you use? What program renders your webpage?

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Loops Section Overview
Screencast - Getting to Know the Pipeline
Suggested Courses
Course of the Month13 days, 3 hours left to enroll

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question