I am the administrator of our website but we are not the host and last week our site has been defaced. Could us "admins" resort to something to prevent such defacement?
Printable View
I am the administrator of our website but we are not the host and last week our site has been defaced. Could us "admins" resort to something to prevent such defacement?
Without knowing how the defacement took place and who did it there isn't a lot to go on...
From an admin point of view you should be making sure the server is properly secured e.g. no write access to the server (unless specific folders require it), disabling extensions that could allow changes to be made remotely (ftp, webdav, front page etc) or at the very least properly secured, no direct access to databases that are serving up content.
If the server itself is properly locked down then this could be more of a developer issue; if the site is open to any of the common exploits, script injections, XSS, or isn't properly validating security then there isn't a lot that can be done from a pure admin point of view other than hoping you have suitable auditing in place and can at least identify the problem areas.
As an admin do you have any details regarding how the defacement took place?
If you're running a CMS or some other out-of-the-box software, make sure you're on the latest version and check the exploit db (https://www.exploit-db.com/) to see if you have any major vulnerabilities.
You could also run a metasploit scan against your server and it should give you some decent information on that the culprit may be.
Really there isn't much to tell you unless we know specifics about what version of webserver you're using (IIS, Apache, Nginx, etc.), the software loaded onto it, what ports are open, etc.
As I've stated in my first post, we are not the host of our website hence we are at their mercy. The host reported that the cause of the defacement was "file injections".
Given that I am only allowed to access the control panel to edit the files, is there something that I could do to at least prevent such defacement in the future?Quote:
The activities also led to file injections that allowed the hacker to modify defaced files.
Are there good "free" website vulnerability scanner out there?
I have a a hard time believing that a file injection infected a web server.
One of my clients recently got that virus that changes files to images and starts encrypting your system. It was brought in-house by someone sitting in the police dispatch center late at night as they were browsing around the internet. They downloaded something that then started to execute. Since the network was so tied down only two shares actually got infected - so the cleanup was easy.
If someone uploads a file using your web page to your web server nothing executes code in that file - right?
Your hosting company brought this virus in-house themselves, imo.
Look at http://phpsecurity.readthedocs.io/en...n-Attacks.html
A defacement exploit is nothing like a virus.