Solved

How to stop a hacker Arfaoui Firas?

Posted on 2009-07-10
11
938 Views
Last Modified: 2012-08-14
Help, a couple of my sites, along with thousands of others have been hacked by Arfaoui Firas.  The hack seems to take over the homepage. How does this work?  And is there some vulnerability I can plug?
0
Comment
Question by:vstack
  • 6
  • 5
11 Comments
 
LVL 19

Expert Comment

by:daveamour
ID: 24837641
Show me your site and maybe we can identify some issues?
0
 

Author Comment

by:vstack
ID: 24839000
Hi,

One of the sites is at www.humberhydraulics.com.  It uses asp.net (VB) with membership for log in etc.  Also, I use a text editor so that admin can change page contact.  There may be vulnerability here.

Upon further research, it is possible that a keylogger was used to grab my ftp password.  Since I am in Canada now, I cannot scan my home machine to see if that is the case.  My home machine, while I am on vacation is shut down and unplugged.

Thanks

Vince
0
 
LVL 19

Accepted Solution

by:
daveamour earned 500 total points
ID: 24839047
Firs thing I guessed was that there was an admin folder.
There is:
http://www.humberhydraulics.com/admin/
This  also has directory browsing enabled which isn't good.
At the very least rename the folder to something more obscure than just admin
I'm suspecting SQL injection may also be a possibility.  Do you know what that is?
You should also consider using SSL at least for your admin pages - you can do that for free.
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 

Author Comment

by:vstack
ID: 24839196
Dave, thank you so much.  I will take the directory browsing off immediately and rename the folder asap.

I know about sql injection.  I use all stored procedures.

There really isn't any dynamic sql created.
0
 
LVL 19

Expert Comment

by:daveamour
ID: 24839213
Ok then you may be right about ftp then.
Ftp is generally pretty insecure anyway  - would be better if you could find a better way of updating your seb server.
Would definatley recomend using SSL over your admin screens - want some help with that?
0
 

Author Comment

by:vstack
ID: 24839240
Yes.  I would love some help.  Can I award you the points and still keep our line of communication open?
0
 
LVL 19

Expert Comment

by:daveamour
ID: 24839250
Yes sure that's fine.
Tell me about your web server though - you may or may not be able to use SSL depending on what control you have over it.  Is it yours or hosted?
0
 

Author Comment

by:vstack
ID: 24839271
This site is hosted by DiscountASP.  I find them really good.  Just turned off directory browsing.  Will rename admin folder asap
0
 
LVL 19

Expert Comment

by:daveamour
ID: 24839289
I that these guys
http://www.discountasp.net/features.aspx
On there it says they do ftp over SSL so that would be good depending on price of course.
I probably can't help with SSL on there as you have no control over the servers.  They will be able to do it for you of course but will charge no doubt but get in touch with them and ask.
Do you know how SSL works?
0
 

Author Comment

by:vstack
ID: 24839335
I don't know how SSL works but I can research and find out.  I will check with discount.

Dave, I appreciate your help.  I have a very good grasp of ASP.Net but obviously, I have a lot to learn about security.  It's one of those things you leave till later.  Well, later, is now.

Is there a decent book or something I could read about securing ASP sites.  I mean, leaving on directory browsing?  That's pretty lame.  But you know, I never though about it.

Thanks

Vince  
0
 
LVL 19

Expert Comment

by:daveamour
ID: 24839458
I'm sure there must be loads of books but I haven't read any.  I've just picked stuff up over the years.  Also in my current contract I spent about 3 months identifying and fixing coding vulnerabilities left by a poor programmer so that helped me learn a lot.
Jut try googling around and read lots of articles and keep a nice list of bookmarks.  You should also be aware of cross site scripting as well as that's quite common.  Lots of it is a combination of common sense +  a healthy dose of paranoia!
For example if you have users who can register on your site then have a password policy  - eg passwords must be a certain length, contain at least 1 digit and at least 1 non alphanumeric character etc.
Then there is database access - only use an account with minimum permissions for example, do not use sa or anything like that.  Also if you store connection strings in your web.config then better to have that encryped.
SSL stands for Secure Sockets Layer and it is when a web address starts with https instead of http.  You will see a padlock somewhere depending on which browser + version you are using.  It basically encrypts network traffic from your pc to the server so anyone intercepting traffic cannot read it as it is not in plain text.  You can buy a SSL certificate and you can do them for free.  The latter normally would probably require that you have some control over your server though.  You will see SSL being used whenever you use an ecommerce site of course.
Personally I host at home as that gives me 100% control and with modern broadband speeds then it works pretty well.
This is hosted at home:
www.audacs.co.uk
 
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Delete HTML table rows 12 35
Output Caching in IIS 2 35
How come this regular expression allows "e"? 14 45
Client Validating 2 date fields, required & comparison 1 42
A quick way to get a menu to work on our website, is using the Menu control and assign it to a web.sitemap using SiteMapDataSource. Example of web.sitemap file: (CODE) Sample code to add to the page menu: (CODE) Running the application, we wi…
User art_snob (http://www.experts-exchange.com/M_6114203.html) encountered strange behavior of Android Web browser on his Mobile Web site. It took a while to find the true cause. It happens so, that the Android Web browser (at least up to OS ver. 2.…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question