My website was hacked - Nothing to do with WebWiz
Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=23395
Printed Date: 07 April 2026 at 2:16pm
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: My website was hacked - Nothing to do with WebWiz
Posted By: yataylimit
Subject: My website was hacked - Nothing to do with WebWiz
Date Posted: 23 May 2007 at 8:24am
|
Hi guys.
Someone somehow uploaded an "index.html" file with a "Hacked by XXX" message to my space thereby causig the forum to malfunction. Is this a new hacking method? Has anyone ever experienced it? What should I do?
You can find the "index.html". file http://www.maltadilokullari.com/deneme/index.html - here if could be of any help, because it has a strange form.
Thanks.
|
Replies:
Posted By: WebWiz-Bruce
Date Posted: 23 May 2007 at 8:33am
|
Web Wiz Forums itself is extreamly secure and a hacker can use many methods to place such a file on the server if your web site is not setup securely. Before writting a 10 page esay on the many 1000's of different ways a hacker could have done this the best thing to do is have a look through your sites log files to findout exactly how the hacker has done this and what path through your site they took. Also other information would be helful such as; Web Wiz Forusm version? Database type? Are uploads enabled? Have you disabled write permissions to your public folders? (This would certainly stop this type of thing) Are your passwords sufficiently strong? (FTP, Frontpage, Forum Admin login) ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: yataylimit
Date Posted: 23 May 2007 at 9:37am
|
Ok Borg, thanks I will try them. Sorry for the missing info:
- I use the latest Access version.
- Uploads were enabled but now I disabled them by removing all file extensions that can be uploaded.
- Write permissions were disabled now.
- Passwords are OK
|
Posted By: WebWiz-Bruce
Date Posted: 23 May 2007 at 9:48am
|
If you are using the Access version make sure that the database is in a secure folder without public access. Incase the hacker has got hold of your database, if it was not properly secured, update any admin passwords straight away (you should do this anyway). To disable uploads you should update the permissions system, although uploads are pretty secure, so I doubt they got in this way, more likely exploited the IIS web server by not have write permissions disabled. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: yataylimit
Date Posted: 23 May 2007 at 10:15am
|
Database is in a secure db folder above the root Borg. I have also contacted to the person responsible for the server to see if it has something to do with any possible hack on the server.
Thanks again.
|
Posted By: WebWiz-Bruce
Date Posted: 23 May 2007 at 10:55am
|
The best way is to look at your log files, you should be able to get from the modify or creation date of the file an estimate of the time the file was placed on the server. Then it is just a case of looking in your log files for activity around this time, and the IP address of the hacker. By following the IP addresses back through your log files you should be able to see the files that the hacker has viewed and from these tell how, or what part of the site the hacker used to place the file on the server, or what method they used. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: yataylimit
Date Posted: 23 May 2007 at 12:30pm
|
Well, I examined log files and found that: 2007-05-23 00:40:07 W3SVC5125 HAYATSERVER 80.93.208.116 HEAD /index.html - 80 - 65.36.241.79 HTTP/1.1 InternetSeer.com - - "My Domain Name" 200 0 0 326 93 125
This occurs in every few hours with index.htm, index.asp and other similar extensions. However, the relevant IP has no other activity. By the way, I don't know what this internetseer.com is...
Now, I limited my starting page to be only default.asp. I don't know if it helps.
Thanks.
|
Posted By: ruycnd
Date Posted: 26 May 2007 at 10:32am
 |
Posted By: WebWiz-Bruce
Date Posted: 26 May 2007 at 11:44am
|
I would not be to worried I don't believe that this is a security hole in Web Wiz Forums, but rather the hacker did this some other way through a hole in the server security or some other hole on the site. If it was a security hole in Web Wiz Forums hackers usually like to show off and will usually inform us before publishing their findings on a security web site for the world to know how clever they are. Neither of these things have happened. If a security hole is found you will get allot of forums hacked, they don't usually only attack one forum, they go on a hacking spree. The fact that no-one else has reported any hacking attempts suggests that this is isolated and not related to Web Wiz Forums. Your hosting company can tell you the location of log files if they allow you access to them, but the main thing to do to prevent hackers is simply disabling write and modify permissions on your site accept for the upload directory (if you are allowing uploads in your forum). Once write and modify permissions are disabled for your site it would not be possible for a hacker to change or place files on the server in this way. I have a sneaky suspicion as the log files didn't say much that this hacker has a site on the same shared server, and because the web host has not locked down permissions the hacker was able to place files using a script onto other sites on the same server. If the server like in this case reads a index.html page before a default.asp or index.asp then all the hacker needs to do is place an index.html file into any directory on the server and his page will come up first whenever anyone navigates to that directory with a web browser. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: yataylimit
Date Posted: 26 May 2007 at 8:13pm
|
Yeah, I think the same as Borg, at first I thought it had something to do with WebWiz forum but it is not the case as log files say. Now, I will also change the title as it may cause misconceptions like this.
Bye
|
Posted By: ruycnd
Date Posted: 27 May 2007 at 12:03pm
|
|
Posted By: WebWiz-Bruce
Date Posted: 27 May 2007 at 1:01pm
|
The location of your log files depends on where your web host decides they want to put them, so you would need to contact your web host about this. With our own web hosting we place them in a folder called logfile which is accessible when you connect via FTP to your site, but other web hosts choose different locations and many do not have a way to access your sites log files. If you run your own web server then have a look in IIS. Click on properties for your web site and under the 'website' tab make sure that 'Enable Logging' is checked. By clicking on the 'properties' button in the log file section you can select what data your log files will hold and where on the server your log files will be stored, by default the location is 'C:\WINDOWS\system32\LogFiles'. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |