close ad
WARNING: Do Not Install the DREAMWEAVER CC 2017 or 2018 Update »
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

Site Hacked - Security Assist

Thread began 6/11/2011 7:28 pm by dlovas275157 | Last modified 6/17/2011 6:02 am by dlovas275157 | 2607 views | 16 replies

Ray BorduinWebAssist

All of the feedback here seems valid. Security Assist does a good job of making sure someone needs to enter a username and password before accessing a page that is secured with SecurityAssist code.

However if you have database update pages that aren't secured, have sql injection holes on pages that aren't secured, or if someone gets a hold of a username and password in some other way there isn't much security assist can do.

I worked with the user that reported this issue directly today. I showed him how to use SecurityAssist for IP blocking, discussed how to add UserID fields to his database so that if someone uses a web page you know what user it was and therefor what account has been compromised, and suggested adding google analytics to the admin section so that if it does happen again he will know what user account they logged in with and can track their path and page views to see if SQL injection attempts were made. I also suggested making passwords so that they contain numbers and special characters so that a reverse lookup couldn't be used to determine the password from the encrypted string.

We never found the actual security hole, but based on what we found it appears that someone logged in. So what we don't know is whose account they used, or how they got the login information to begin with, but following my suggestions should help prevent it and/or track down the issue better if it happens again. I also suggested forcing admins to update their passwords and backing up the database often since we weren't able to necessarily correct the problem.

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...