trojans

by unforgiven • 2 Apr 2011, 13:49 • Journals

Let s assume u have a site hosted on a free domain.One day u find that a prick infected your site with a trojan/worm virus ,and some content and scripts on site are damaged.How can u protect your site against this kind of attacks?

get non-free hosting :)

and u never heard about payed sites being infected?so this makes no difference.

Parent

well, the non -free hosting auto provides protection (sometimes)

Parent

seems like not since some1 with proxy managed to put a trojan in one of my sub menus on site

Parent

stop downloading trojans/pw-stealer
use a secure forum/cms script

pw stealer rofl.what would i do with other ppl paswords:S?

tell me more about this secure forum/cms script?

define pls secure forum(let s assume the site in question is hosted by ucoz.)what is cms script?

Parent

rofl.. stop download pw-stealers and executing them (like a fucking crack.exe which steals all your passwords.. including the ones of your domain/ftp)

dont use shit scripts.. use the newest versions of them.. e.g. phpbb, vbulletin,...

Parent

dude i m not using any pw stealer,why i would fuck up my own thing?.u already talking stuff which i dont understand.i can barely remember my email pw...more details about the scripts pls.does ucoz support what u said?

Parent

Quote.u already talking stuff which i dont understand.i can barely remember my email pw

you probably can't make your stuff more secure at this point then

paid hosting would actually allow you to secure stuff yourself but you would need TECHNICAL KNOWLEDGE you should go read some basic web security articles i guess :/

anyway if you're using a CMS you can usually get updates and patches to protect against exploits as they are discovered

Parent

i m using ucoz free webdomain host.what is CMS?

Parent

either the site code is not secured against sql injections or maybe some option on your site allows php upload of some sort which is how they get in.

the actual "free host" shouldnt matter for hackers since they still need an admin passw to control ur site content.

I guess the code is just not secured, if its free coding like webspell then its definitely not secure

well something match with what u say.u see we have a demos sub menu on main page where we upload the demos of those banned for hacking.and we found that the trojan was there,and that guest was able to watch this section and upload files as well

and we talking about ucoz.com here .is this good?

Parent

dont know ucoz.com. When you upload a file to that section, does it allow all file extensions or anything else besides demo extensions? Cos if it does then any1 could just upload a hacker script via there, it would be stored on your server and create a backdoor for that hacker into your system

Parent

yes any kind of file type.as much as i know ucoz don t have option "don t put hacks there".how can u prevent a mad member for example ,to upload a hack,since thereis no option to tell him u can t upload but demos?

Parent

well u put a validator on page when pressing submit to check the extension or you just create a filechooser with only *.dm as file filter, its easy if you know a thing or two of coding but if you use a free tool to build your site then i dont know ^^

If the page is accessable to guests then I'm pretty sure thats how he got in

Parent

well only thing i understand from what u say is what i already did.i restricted uploading just for users.at least this way i can see who register on site.the rest i have to show to the administrator and ask for his help :D

Parent

its a start, now he needs to register an acc before he can hack u ahaha :D

Parent

i hope i can stop him before do it twice

Parent

pm Kamz m8

don t think he would help me...

Parent

Thompson	35.2 % (19 votes)
MP40	64.8 % (35 votes)


Happy Birthday BoRi!!	adze
ET Anniversary 6on6 ODC	Sebhes
ET Anniversary Winter League	Sebhes
Merry Christmas Crossfire	ohurcool
Prosoma 500 Mg Tablet Can Help you Get Rid of Muscle Pain	amytriots
ET Anniversary LAN Announcement	Sebhes


ET Anniversary LAN Announcement	Sebhes	27
ET Anniversary Winter League	Sebhes	3
Merry Christmas Crossfire	ohurcool	4
ET Anniversary Fall Cup Play Offs	Sebhes	2
ET Anniversary Fall Cup Groups & Schedule	Sebhes	15
RTCW: Tavern Rush - Purmerend 2023	Graecos	5


ET on steam	overdrive	26
All good things must come to an end?	TosspoT	592
Happy Birthday BoRi!!	adze	0
ET Anniversary 6on6 ODC	Sebhes	0
ET Anniversary Fall Cup 3on3 Qualifiers	Sebhes	5
Script to download private messages	Kimi	5
Vote Pansy for Esports Award	TosspoT	12
Graphic designer	Sebhes	2
cheater confession journal	mama	33
4 years later...all good things must actually come to an end	TosspoT	119
The dust is starting to settle in	Sebhes	13
3on3 adlernest	andyouok	1


Public Servers	dorian1	7
Frag Movie Database	fumble	294
Looking for old FM	ght	9
ET in 4k despite windows scaling at 200%?	Patrick_70	1
Онлайн игры	hilomod	0
australian cheater	pengirl	9
cybergames old servers	barbiekiller	12
objtrack.lua script	dorian1	4
infected event	barbiekiller	0
new file data base for wolfenstein	barbiekiller	8
HIDE AND SEEK EVENT	barbiekiller	14
RS_KROOK.exe	im_constructing	23