Comments on: Website Security

By: Dave Smith

Dave Smith — Wed, 27 Apr 2011 18:13:35 +0000

Thanks Jake,
That is excellent advice and I will look into ‘libwhisker’ you mentioned, any other snippets of advice or sources welcome.
I like your site too, will be reading the posts more fully as I like boats (but don’t have one!) and work in electronics so the marine gps posts definitely interest me.
Thanks for your comment and useful advice.

Cheers

Dave

By: Jake Howard

Jake Howard — Wed, 27 Apr 2011 14:16:34 +0000

Web security comes from code and server configuration, not 3rd party software. Security is not expensive, it’s common sense and thinking about what you are doing. Once you have a site built, test it. Throw some heuristic queries through each injection point. See if you can sneak useful characters through. Look at the error codes generated. Run libwhisker against the site.There are hundreds of useful tools that can test web application security for free.

By: Dave Smith

Dave Smith — Sun, 17 Jan 2010 01:49:56 +0000

Hope the post helps Ray (and sorry for the late reply). Still trying to find time to do the proper web security report, will post here as soon as I do.

Regards,

Dave

By: klaverjassen

klaverjassen — Sat, 16 Jan 2010 23:32:17 +0000

Your site security depends mostly on your hosting provider and server settings as well as to the constant updates and patches of open source CMS such as Joomla, WP… Forums counted too PHPBB i.e.

By: Ray

Ray — Tue, 03 Nov 2009 09:36:28 +0000

Hi Dave , I was interested to read your post,and have printed off a copy for future reference!

Regards, Ray

By: Dave Smith

Dave Smith — Sat, 24 Oct 2009 14:36:09 +0000

Hello Jacinta,
Just goes to show how careful we have to be, updated my zone alarm (normal updates) and it found an infection. This just shows how we have to have the latest virus/spyware programs and ensure we install all updates regularly. I try to be careful and still end up with problems. There is a lot of bad stuff out there.

Regards

Dave

By: Dave Smith

Dave Smith — Sat, 24 Oct 2009 14:07:43 +0000

Hello Jacinta,
When you mentioned my site having problems I realised it sounds like your computer. I usually use linux but just booted up windows and double checked and neither my site (this one) nor your’s (www.creatingmybusinessonline.com) has any popups.
What virus/spyware scanning software are you using. I use Zone Alarm which is supposed to be the best but a few weeks ago I accidentally allowed access by 2 .exe programs (I wasn’t paying attention to the alerts and pressed ‘accept’). this caused both viruses and spyware programs to install. My software was completely up to date as far as updates were concerned but was not the latest zone alarm program. This meant when I scanned it missed things. I then upgraded to the latest Zone Alarm Extreme Security and it found viruses and spyware and eliminated them. I haven’t had any problems since. You may need to upgrade your own protection as it sounds likely you have something on your computer that your virus protection isn’t finding.
Definitely doesn’t sound like the website, I would have seen the same problem.
Hope that helps.

Regards

Dave

By: Jacinta Dean

Jacinta Dean — Sat, 24 Oct 2009 12:02:38 +0000

Hi Dave,

Thank you so much for your reply. I have read the stopbadware site and checked my site but it isn’t listed with them. Plus I have done a full virus check, spybot and adaware check on my computer as well. I sent an email to D9 but they can tell if anything is wrong.

I am still getting the popups, I got when I loaded your blog website as well.

I am not good at html and have no idea where to begin there. I have done a back up of my blog from the wordpress admin. I am seriously thinking of reinstalling the blog. Was it difficult to do?

Did you find D9 helpful at all? They don’t think there is a problem, however I am still getting the popups going to a gambling site.

Let me know what you think.

Jacinta
P.S Thanks for the help I really appreciate it!

By: Dave Smith

Dave Smith — Sat, 24 Oct 2009 07:38:17 +0000

Hello Jacinta,
One thing I should have mentioned, if you download the index page for viewing make sure you check it with your virus/spyware program, if possible download it to a separate hard drive to view (just in case there is anything in there that could affect your computer-again I’m not an expert but better to be safe). If your ftp program allows viewing of the code while it is still on the website then that is the best option.

Regards

Dave

By: Dave Smith

Dave Smith — Sat, 24 Oct 2009 07:26:09 +0000

Hello Jacinta,
The first I realised I had been hacked was when I received a message from Google when I tried to log in to the site that there was a problem with ‘badware’. My site (actually several as I was running several subdomains from the same site) was blocked and these messages came up from Google to say that the site was a problem.
There was a link to get further information and it explained that it is often not the site owners fault but either links to other sites containing badware (such as adverts) or that someone may have hacked and inserted their own code in the html to either insert the badware themselves or direct the site to another.

In my case I had a look at the html of the site itself and saw some code I didn’t think belonged there (I’m not an expert on html but the code also contained a russian website link ‘.ru’ so made me suspicious). As I badly needed to review how my sites were set up anyway and as this website and subdomains had not been earning money and were mainly being used to host products for giveaways etc, I decided to delete the entire website and contents and reload from either new or previously saved material on my hard drive.

However, you don’t necessarily have to do this if you think your site has been hacked.
The first thing to do is to check the html code (or php code) of your index pages in the site against your original code with dreamweaver or some other html editor (I use a free program called Kompozer). Even if you don’t know too much about html you can still look for differences. You will need to download the websites index pages for viewing or you may be able to view the site’s code using your ftp program. Mine allows you to right click on the file and select ‘view’. You can then compare with the copy on your hard drive. Just look for any differences.
If you see something you don’t think should be there in the site copy, try uploading the original copy and overwriting the site copy, and then see if the suspicious behaviour is still there.
If you can’t find anything different the problem may be in the links (including adverts) and it may be necessary to start either checking the adverts or links or removing them to see if the problem disappears. This is what is suggested in the stop badware site.

Also it would be sensible to check the link I put in the post to the site ‘www.stopbadware.org’ as this has some good information on and it can do a check of your site to see if it has been reported for suspicious behaviour (This site was recommended via the message from Google and it is a voluntary site that is trying to help with this type of problem). However your site may have been affected without yet being reported. In this case have a look at the code as above and in the stop badware site and try to eliminate the suspicious behaviour (such as a popup that you didn’t put in there.

I am still looking into how to better protect my sites. The stop badware site recommends auditing your sites to check for vulnerabilities and there are several companies that have services like that, however as some charge a lot I am still trying to find theee best choice, there are supposed to be some free services, and when I find a good service will make a post about it.

Hope this helps a bit.

Best of luck, and let me know if you need any other information and if I can I’ll try to help.

Regards

Dave