Solved

How to stop a hacker Arfaoui Firas?

Posted on 2009-07-10
11
953 Views
Last Modified: 2012-08-14
Help, a couple of my sites, along with thousands of others have been hacked by Arfaoui Firas.  The hack seems to take over the homepage. How does this work?  And is there some vulnerability I can plug?
0
Comment
Question by:vstack
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 19

Expert Comment

by:daveamour
ID: 24837641
Show me your site and maybe we can identify some issues?
0
 

Author Comment

by:vstack
ID: 24839000
Hi,

One of the sites is at www.humberhydraulics.com.  It uses asp.net (VB) with membership for log in etc.  Also, I use a text editor so that admin can change page contact.  There may be vulnerability here.

Upon further research, it is possible that a keylogger was used to grab my ftp password.  Since I am in Canada now, I cannot scan my home machine to see if that is the case.  My home machine, while I am on vacation is shut down and unplugged.

Thanks

Vince
0
 
LVL 19

Accepted Solution

by:
daveamour earned 500 total points
ID: 24839047
Firs thing I guessed was that there was an admin folder.
There is:
http://www.humberhydraulics.com/admin/
This  also has directory browsing enabled which isn't good.
At the very least rename the folder to something more obscure than just admin
I'm suspecting SQL injection may also be a possibility.  Do you know what that is?
You should also consider using SSL at least for your admin pages - you can do that for free.
0
Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

 

Author Comment

by:vstack
ID: 24839196
Dave, thank you so much.  I will take the directory browsing off immediately and rename the folder asap.

I know about sql injection.  I use all stored procedures.

There really isn't any dynamic sql created.
0
 
LVL 19

Expert Comment

by:daveamour
ID: 24839213
Ok then you may be right about ftp then.
Ftp is generally pretty insecure anyway  - would be better if you could find a better way of updating your seb server.
Would definatley recomend using SSL over your admin screens - want some help with that?
0
 

Author Comment

by:vstack
ID: 24839240
Yes.  I would love some help.  Can I award you the points and still keep our line of communication open?
0
 
LVL 19

Expert Comment

by:daveamour
ID: 24839250
Yes sure that's fine.
Tell me about your web server though - you may or may not be able to use SSL depending on what control you have over it.  Is it yours or hosted?
0
 

Author Comment

by:vstack
ID: 24839271
This site is hosted by DiscountASP.  I find them really good.  Just turned off directory browsing.  Will rename admin folder asap
0
 
LVL 19

Expert Comment

by:daveamour
ID: 24839289
I that these guys
http://www.discountasp.net/features.aspx
On there it says they do ftp over SSL so that would be good depending on price of course.
I probably can't help with SSL on there as you have no control over the servers.  They will be able to do it for you of course but will charge no doubt but get in touch with them and ask.
Do you know how SSL works?
0
 

Author Comment

by:vstack
ID: 24839335
I don't know how SSL works but I can research and find out.  I will check with discount.

Dave, I appreciate your help.  I have a very good grasp of ASP.Net but obviously, I have a lot to learn about security.  It's one of those things you leave till later.  Well, later, is now.

Is there a decent book or something I could read about securing ASP sites.  I mean, leaving on directory browsing?  That's pretty lame.  But you know, I never though about it.

Thanks

Vince  
0
 
LVL 19

Expert Comment

by:daveamour
ID: 24839458
I'm sure there must be loads of books but I haven't read any.  I've just picked stuff up over the years.  Also in my current contract I spent about 3 months identifying and fixing coding vulnerabilities left by a poor programmer so that helped me learn a lot.
Jut try googling around and read lots of articles and keep a nice list of bookmarks.  You should also be aware of cross site scripting as well as that's quite common.  Lots of it is a combination of common sense +  a healthy dose of paranoia!
For example if you have users who can register on your site then have a password policy  - eg passwords must be a certain length, contain at least 1 digit and at least 1 non alphanumeric character etc.
Then there is database access - only use an account with minimum permissions for example, do not use sa or anything like that.  Also if you store connection strings in your web.config then better to have that encryped.
SSL stands for Secure Sockets Layer and it is when a web address starts with https instead of http.  You will see a padlock somewhere depending on which browser + version you are using.  It basically encrypts network traffic from your pc to the server so anyone intercepting traffic cannot read it as it is not in plain text.  You can buy a SSL certificate and you can do them for free.  The latter normally would probably require that you have some control over your server though.  You will see SSL being used whenever you use an ecommerce site of course.
Personally I host at home as that gives me 100% control and with modern broadband speeds then it works pretty well.
This is hosted at home:
www.audacs.co.uk
 
0

Featured Post

Enroll in June's Course of the Month

June's Course of the Month is now available! Every 10 seconds, a consumer gets hit with ransomware. Refresh your knowledge of ransomware best practices by enrolling in this month's complimentary course for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In an ASP.NET application, I faced some technical problems. In this article, I list them out and show the solutions that I found.  I hope it will be useful. Problem: After closing a pop-up window, the parent page should be refreshed automaticall…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question