close ad
Databridge V2 with MySQLi support IS Now Available!
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Site Hacked - Security Assist

Thread began 6/11/2011 7:28 pm by dlovas275157 | Last modified 6/17/2011 6:02 am by iansheldon422428 | 2960 views | 16 replies |

dlovas275157

Site Hacked - Security Assist

I have built a custom cms for a website with DataAssist and other extensions secured with Security Assist. Yesterday, my site was hacked in the following ways:

1. Hacker uploaded images - I assume via backend insert/update forms.
2. Added text - again i assume using insert/update form.

They could have done a lot more damage, but luckily did not.

All forms are password protected via security assist, so I need to understand how/why this happened.

Could someone from support please open a ticket, at which time I can provide urls and access to my site for you to take a quick look.

I was reading another thread here regarding setting up read-only database users for front end pages, but I really would like someone to look at me site and let me know if the see any holes and if this is sql injection:
showthread.php?t=7587&highlight=hack&page=2

Thanks.

-Dan

Using
Mac OSX
DW CS5
DataAssist 2.0.8
SecurityAssist 1.1.9

Sign in to reply to this post

tom92909Beta Tester

Do you have your administrative back end also secured behind a protected directory on the server?

I run Linux on all my sites and I create a very obscure directory name and I place all my admin tools behind the protected directory in addition to placing Security Assist on those pages. It does create (2) levels of security, but the admin pages need that extra level.

My gut tells me your might be a victim of a Keylogger (malware) attack.

Sign in to reply to this post

iansheldon422428

Also.... Are you hiding your admin directories from the search engines / spiders / robots with a correctly configured robots.txt file?

Cheers
Ian

Sign in to reply to this post

tom92909Beta Tester

yes I place all of those directories in my robots.txt file as well.

Sign in to reply to this post

tom92909Beta Tester

Sample robots.txt

# Keeps Googlebot out of private files
#
User-agent: Googlebot
Disallow: /_Admin
Disallow: /WA_DataAssist/
Disallow: /WA_eCart/
Disallow: /WA_Globals/
Disallow: /webassist/
Disallow: /Connections/

Sign in to reply to this post

Jason ByrnesWebAssist

I have created a support ticket so we can look into this issue further.

To view and edit your support ticket, please log into your support history:
supporthistory.php

If anyone else is experiencing this same issue, please append to this thread.

Sign in to reply to this post

Ray BorduinWebAssist

It would be interesting to see the insert and update pages they were able to access. Perhaps you don't have the security code properly applied.

Another possibility is that the person had a username and password and was able to log in. Security Assist will help make it so that login is required, but if someone has login information it won't help.

Sometimes a SQL injection hole on the site front end can allow someone to get username and password information they can use to log in on the back end... but how would they even find your admin section?

If you have SecurityAssist properly applied, then the only way to get to those pages is to log in. So you should probably be trying to figure out how they got that login information and I'd say a sql injection hole is the most likely place.

Sign in to reply to this post

dlovas275157

Ray,

I double-checked all the pages for security, and all appear to be setup with Security Assist properly. I have used Security assist on many sites before for years and never had a problem.

You mentioned a SQL Injection Hole. How could I tell if there is a SQL Injection Hole on the front end?

Sign in to reply to this post

superpac250441

I am watching this thread with serious concerned. It seems that security assist cannot be used simply as a plug 'n play, more needs to be done to ensure security.
If this is indeed the case, please can someone provide a full list of what other measures must be carried out to ensure rock-solid security.

Sign in to reply to this post

Miguel

To check the holes on your site check how you call your ids and try to do injections on any contact fiorm you got for example

Sign in to reply to this post
loading

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...