Hackers Doing Their Business

Filed in Security on Sep.02, 2010 By Keith Lunt

It is extremely annoying, but a couple of my customers’ websites have been attacked by hackers over the last few weeks.

Today’s discovery turned out to be quite a huge puzzle. With absolutely nowhere to discover the password, the hacker has either randomly guessed the password or the owner has given away the password, through lack of security.

Either way, hackers cause a major problem. In all cases they have accessed the admin and then started uploading files, which they have used to then upload backdoors into the website to do their nasty work.

The fix seems quite ‘simple’ and multi pronged.

First, change the password and the admin location. Then send a warning for ever failed logon attempt whilst also adding a user id to the logon form. This way the attacker has to guess user id and password and I am being told of every attempt.

That should help to stop them getting on, but what if there is a virus problem and they can get at the details again? Well for that the file upload is checking that the files loaded are jpg or gif files. Nothing else will upload. But, just in case somehow someone works out a way of executing one of these files, they are also in a hidden directory.

Usually it is quite easy to see where an image is stored – just right click on it and show the properties! But, if you first pass the image through a resize routine, such as aspjpeg, then the uploads folder (which is given a daft name) is hidden. So even if a hacker gets on and uploads a file, they cannot then find where it is uploaded to to be able to run it.

Belt, braces and a few more bits. Hopefully, tricks such as not directly accessing the uploaded files should put hackers off when they know that they will not be able to run their devious files.

Hopefully! I’ve lost most of today cleaning up the pieces after this attack and still keep checking that the site is OK.