Solved

How to stop a hacker Arfaoui Firas?

Posted on 2009-07-10
11
913 Views
Last Modified: 2012-08-14
Help, a couple of my sites, along with thousands of others have been hacked by Arfaoui Firas.  The hack seems to take over the homepage. How does this work?  And is there some vulnerability I can plug?
0
Comment
Question by:vstack
  • 6
  • 5
11 Comments
 
LVL 19

Expert Comment

by:daveamour
ID: 24837641
Show me your site and maybe we can identify some issues?
0
 

Author Comment

by:vstack
ID: 24839000
Hi,

One of the sites is at www.humberhydraulics.com.  It uses asp.net (VB) with membership for log in etc.  Also, I use a text editor so that admin can change page contact.  There may be vulnerability here.

Upon further research, it is possible that a keylogger was used to grab my ftp password.  Since I am in Canada now, I cannot scan my home machine to see if that is the case.  My home machine, while I am on vacation is shut down and unplugged.

Thanks

Vince
0
 
LVL 19

Accepted Solution

by:
daveamour earned 500 total points
ID: 24839047
Firs thing I guessed was that there was an admin folder.
There is:
http://www.humberhydraulics.com/admin/
This  also has directory browsing enabled which isn't good.
At the very least rename the folder to something more obscure than just admin
I'm suspecting SQL injection may also be a possibility.  Do you know what that is?
You should also consider using SSL at least for your admin pages - you can do that for free.
0
 

Author Comment

by:vstack
ID: 24839196
Dave, thank you so much.  I will take the directory browsing off immediately and rename the folder asap.

I know about sql injection.  I use all stored procedures.

There really isn't any dynamic sql created.
0
 
LVL 19

Expert Comment

by:daveamour
ID: 24839213
Ok then you may be right about ftp then.
Ftp is generally pretty insecure anyway  - would be better if you could find a better way of updating your seb server.
Would definatley recomend using SSL over your admin screens - want some help with that?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:vstack
ID: 24839240
Yes.  I would love some help.  Can I award you the points and still keep our line of communication open?
0
 
LVL 19

Expert Comment

by:daveamour
ID: 24839250
Yes sure that's fine.
Tell me about your web server though - you may or may not be able to use SSL depending on what control you have over it.  Is it yours or hosted?
0
 

Author Comment

by:vstack
ID: 24839271
This site is hosted by DiscountASP.  I find them really good.  Just turned off directory browsing.  Will rename admin folder asap
0
 
LVL 19

Expert Comment

by:daveamour
ID: 24839289
I that these guys
http://www.discountasp.net/features.aspx
On there it says they do ftp over SSL so that would be good depending on price of course.
I probably can't help with SSL on there as you have no control over the servers.  They will be able to do it for you of course but will charge no doubt but get in touch with them and ask.
Do you know how SSL works?
0
 

Author Comment

by:vstack
ID: 24839335
I don't know how SSL works but I can research and find out.  I will check with discount.

Dave, I appreciate your help.  I have a very good grasp of ASP.Net but obviously, I have a lot to learn about security.  It's one of those things you leave till later.  Well, later, is now.

Is there a decent book or something I could read about securing ASP sites.  I mean, leaving on directory browsing?  That's pretty lame.  But you know, I never though about it.

Thanks

Vince  
0
 
LVL 19

Expert Comment

by:daveamour
ID: 24839458
I'm sure there must be loads of books but I haven't read any.  I've just picked stuff up over the years.  Also in my current contract I spent about 3 months identifying and fixing coding vulnerabilities left by a poor programmer so that helped me learn a lot.
Jut try googling around and read lots of articles and keep a nice list of bookmarks.  You should also be aware of cross site scripting as well as that's quite common.  Lots of it is a combination of common sense +  a healthy dose of paranoia!
For example if you have users who can register on your site then have a password policy  - eg passwords must be a certain length, contain at least 1 digit and at least 1 non alphanumeric character etc.
Then there is database access - only use an account with minimum permissions for example, do not use sa or anything like that.  Also if you store connection strings in your web.config then better to have that encryped.
SSL stands for Secure Sockets Layer and it is when a web address starts with https instead of http.  You will see a padlock somewhere depending on which browser + version you are using.  It basically encrypts network traffic from your pc to the server so anyone intercepting traffic cannot read it as it is not in plain text.  You can buy a SSL certificate and you can do them for free.  The latter normally would probably require that you have some control over your server though.  You will see SSL being used whenever you use an ecommerce site of course.
Personally I host at home as that gives me 100% control and with modern broadband speeds then it works pretty well.
This is hosted at home:
www.audacs.co.uk
 
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

User art_snob (http://www.experts-exchange.com/M_6114203.html) encountered strange behavior of Android Web browser on his Mobile Web site. It took a while to find the true cause. It happens so, that the Android Web browser (at least up to OS ver. 2.…
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now