?
Solved

How to stop a hacker Arfaoui Firas?

Posted on 2009-07-10
11
Medium Priority
?
963 Views
Last Modified: 2012-08-14
Help, a couple of my sites, along with thousands of others have been hacked by Arfaoui Firas.  The hack seems to take over the homepage. How does this work?  And is there some vulnerability I can plug?
0
Comment
Question by:vstack
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 19

Expert Comment

by:daveamour
ID: 24837641
Show me your site and maybe we can identify some issues?
0
 

Author Comment

by:vstack
ID: 24839000
Hi,

One of the sites is at www.humberhydraulics.com.  It uses asp.net (VB) with membership for log in etc.  Also, I use a text editor so that admin can change page contact.  There may be vulnerability here.

Upon further research, it is possible that a keylogger was used to grab my ftp password.  Since I am in Canada now, I cannot scan my home machine to see if that is the case.  My home machine, while I am on vacation is shut down and unplugged.

Thanks

Vince
0
 
LVL 19

Accepted Solution

by:
daveamour earned 2000 total points
ID: 24839047
Firs thing I guessed was that there was an admin folder.
There is:
http://www.humberhydraulics.com/admin/
This  also has directory browsing enabled which isn't good.
At the very least rename the folder to something more obscure than just admin
I'm suspecting SQL injection may also be a possibility.  Do you know what that is?
You should also consider using SSL at least for your admin pages - you can do that for free.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:vstack
ID: 24839196
Dave, thank you so much.  I will take the directory browsing off immediately and rename the folder asap.

I know about sql injection.  I use all stored procedures.

There really isn't any dynamic sql created.
0
 
LVL 19

Expert Comment

by:daveamour
ID: 24839213
Ok then you may be right about ftp then.
Ftp is generally pretty insecure anyway  - would be better if you could find a better way of updating your seb server.
Would definatley recomend using SSL over your admin screens - want some help with that?
0
 

Author Comment

by:vstack
ID: 24839240
Yes.  I would love some help.  Can I award you the points and still keep our line of communication open?
0
 
LVL 19

Expert Comment

by:daveamour
ID: 24839250
Yes sure that's fine.
Tell me about your web server though - you may or may not be able to use SSL depending on what control you have over it.  Is it yours or hosted?
0
 

Author Comment

by:vstack
ID: 24839271
This site is hosted by DiscountASP.  I find them really good.  Just turned off directory browsing.  Will rename admin folder asap
0
 
LVL 19

Expert Comment

by:daveamour
ID: 24839289
I that these guys
http://www.discountasp.net/features.aspx
On there it says they do ftp over SSL so that would be good depending on price of course.
I probably can't help with SSL on there as you have no control over the servers.  They will be able to do it for you of course but will charge no doubt but get in touch with them and ask.
Do you know how SSL works?
0
 

Author Comment

by:vstack
ID: 24839335
I don't know how SSL works but I can research and find out.  I will check with discount.

Dave, I appreciate your help.  I have a very good grasp of ASP.Net but obviously, I have a lot to learn about security.  It's one of those things you leave till later.  Well, later, is now.

Is there a decent book or something I could read about securing ASP sites.  I mean, leaving on directory browsing?  That's pretty lame.  But you know, I never though about it.

Thanks

Vince  
0
 
LVL 19

Expert Comment

by:daveamour
ID: 24839458
I'm sure there must be loads of books but I haven't read any.  I've just picked stuff up over the years.  Also in my current contract I spent about 3 months identifying and fixing coding vulnerabilities left by a poor programmer so that helped me learn a lot.
Jut try googling around and read lots of articles and keep a nice list of bookmarks.  You should also be aware of cross site scripting as well as that's quite common.  Lots of it is a combination of common sense +  a healthy dose of paranoia!
For example if you have users who can register on your site then have a password policy  - eg passwords must be a certain length, contain at least 1 digit and at least 1 non alphanumeric character etc.
Then there is database access - only use an account with minimum permissions for example, do not use sa or anything like that.  Also if you store connection strings in your web.config then better to have that encryped.
SSL stands for Secure Sockets Layer and it is when a web address starts with https instead of http.  You will see a padlock somewhere depending on which browser + version you are using.  It basically encrypts network traffic from your pc to the server so anyone intercepting traffic cannot read it as it is not in plain text.  You can buy a SSL certificate and you can do them for free.  The latter normally would probably require that you have some control over your server though.  You will see SSL being used whenever you use an ecommerce site of course.
Personally I host at home as that gives me 100% control and with modern broadband speeds then it works pretty well.
This is hosted at home:
www.audacs.co.uk
 
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

IntroductionWhile developing web applications, a single page might contain many regions and each region might contain many number of controls with the capability to perform  postback. Many times you might need to perform some action on an ASP.NET po…
Problem Hi all,    While many today have fast Internet connection, there are many still who do not, or are connecting through devices with a slower connect, so light web pages and fast load times are still popular.    If your ASP.NET page …
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question