My site was hacked. Most html and javascript files in my site were modified to included the link in the question title. What strategies should I employ to reduce the likelihood of my site being hacked again? 1) Restore from a known good backup 2) Change all passwords, this includes passwords for any service accounts you might have. 3) Double check your firewall config and disable any services you aren’t actually using This is to [...]

I am reading up on IPSec, and was wondering if I could use wireshark to decrypt ESP packets from IPSEC transport mode sessions that are using a preshared key . From reading this thread, I have gathered that even if the preshared key is already known, it still isn’t trivial to decrypt ESP packets because of the ISAKMP process. It looks like a core dump of the router is needed to get the Encryption and [...]

How should I protect my website from hackers adding malicious code to my html files and js files There is no one solution, security comes in layers – like an onion ;p Follow best-practices for configuring the software suites and platforms you’re using, keep everything updated (patch management) and design for robustness. Servers and operating systems have hardening guides, use them. Learn, stay up to date in the industry of new and old threats, get [...]

Final Update: Things have been peaceful for the past few weeks and taught me much more about website security and risks. Here’s my version of story – I was using an older version of wordpress and probably this person caught me from google. I think it was a script attack. Its difficult to say how and when the security was actually compromised, it came to my notice on Nov 5, 2009. While I took some [...]

If I identify an anonymous attempt to hack my servers is there an appropriate response? Or is it a case of look at what they were attempting and make sure we’re covered against it and similar attacks? Cheers, Robin The appropriate answer depends on a lot of things. First, it’s important to realize that the vast majority of attacks against servers are not performed directly by a malicious “hacker”, but by a compromised machine. Your [...]

Today I noticed that I was unable to get a website to load up consistently, so I decided to look at the log files generated on the server. To my amazement, almost all of the files requested were having their paths modified, and not by the php-code that the site consists of. The site is hosted with GoDaddy. Requests to /stories/rss was instead being made to VOadK/stories/rss or VgpUU/stories/rss. The random characters at the beginning [...]

Hello Im using Windows Server 2008 R2, yesterday I notice that my AD was not working propertly cause I cant manage users and mmc console dont allow me to work with any ad, dns relative consoles. So I found unknows IPs on DNS Propertyes (in the tab where are two radio buttons : all ips and select ips) so I notice that my Domain Administrator has become a “GUEST” and I lost my Local Administrator [...]

Some strange things are happening with my Ubuntu box today as a regular (non-root user): As soon as I log in, I can sudo without typing my password (normally, I believe I always have to type my password to sudo?) When I type cd ~, it tells me that I don’t have permission to go to /root. Similarly, my bash prompt displays something like: user@host:/home/username instead of the more familiar user@host:~ that I’m used to. [...]

Lately I’ve been finding a lot of strange requests like this coming to my rails app: Processing ApplicationController#index (for 189.30.242.61 at 2009-12-14 07:38:24) [GET] Parameters: {“_SERVER”=>{“DOCUMENT_ROOT”=>”http://www.usher.co.kr/bbs/id1.txt???”}}ActionController::RoutingError (No route matches “/browse/brand/nike ///” with {:method=>:get}): It looks like it’s automated as I get a lot of them and notice the strange parameters they’re trying to send: _SERVER”=>{“DOCUMENT_ROOT”=>”http://www.usher.co.kr/bbs/id1.txt??? Is this something malicious and if so what should I do about it? If you open up the referenced document [...]

I realize the answer to this question will vary, which is why I’m asking it. If you’ve suffered a DDoS attack before – how long did it last? Just trying to get an idea of how long we’ll have to continue to wage this battle (going on a couple weeks now). The short answer is, “until it stops”. Afaik, there aren’t any good statistics on averages, and intensities – most attacks go unreported publicly. As [...]