Security Question

[Steve Beeston]

I have been approached by a friend whose website keeps getting hacked.

Example:

<p>Reliable proven technology for business cloud computing hasn't been around as long the consumer applications but it is certainly available now and at a surprisingly affordable cost. In fact when you compare in-house IT solutions with cloud equivalents not only is cloud based computing more <a href="http://www.rolexreplicaa.co.uk/rolex_deepsea.html" style="text-decoration: none;color:black" title="rolex deepsea">rolex deepsea</a> flexible its nearly always more affordable.</p>

His web hosting company is blaming the website code. However, the site is written in static HTML (with JS - it's a Bootstrap site) on a shared web host.

I can't see how an HTML website would allow someone write access to a web server. Surely they would need FTP access. My friend has changed the FTP password quite a few times but it keeps happening.

Any thoughts?

Steve

[Dan]

The machine from which he is changing the password is hacked...

Maybe 😀

Sent from my phone

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech+unsubscribe@googlegroups.com.
To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

[Steve Beeston]

FYI the site is www.activate-it.com. It's a very basic site.

--

[Steve Beeston]

I suppose it won't hurt to get him to run Antimalwarebytes.

[Neil Burgess]

There is a php script to handle the email form, so I'd have a look at that or anything similar.

On Fri, 18 Aug 2017, 21:32 Steve Beeston <steve....@gmail.com> wrote:

I suppose it won't hurt to get him to run Antimalwarebytes.

On 18 August 2017 at 20:59, Dan <d...@dankeeley.co.uk> wrote:

The machine from which he is changing the password is hacked...

Maybe 😀

Sent from my phone

On 18 Aug 2017 8:58 pm, "Steve Beeston" <steve....@gmail.com> wrote:

I have been approached by a friend whose website keeps getting hacked.

Example:

<p>Reliable proven technology for business cloud computing hasn't been around as long the consumer applications but it is certainly available now and at a surprisingly affordable cost. In fact when you compare in-house IT solutions with cloud equivalents not only is cloud based computing more <a href="http://www.rolexreplicaa.co.uk/rolex_deepsea.html" style="text-decoration: none;color:black" title="rolex deepsea">rolex deepsea</a> flexible its nearly always more affordable.</p>

His web hosting company is blaming the website code. However, the site is written in static HTML (with JS - it's a Bootstrap site) on a shared web host.

I can't see how an HTML website would allow someone write access to a web server. Surely they would need FTP access. My friend has changed the FTP password quite a few times but it keeps happening.

Any thoughts?

Steve

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech...@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech...@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech...@googlegroups.com.

[Steve Beeston]

Don't see any issues here

<?php 

if(isset($_POST['submit'])){

    $to = "enqu...@activate-it.com"; // this is your Email address

    $from = $_POST['email']; // this is the sender's Email address

    $first_name = $_POST['first_name'];

    $phone = $_POST['phone'];

$request = $_POST['request'];

    $subject = "New Call Back Request";

    $subject2 = "Welcome to Activate-it.com";

    $message = "Name: ". $first_name . "\n Phone: " . $phone . "" . "\n Request: " . $_POST['request'];

    $message2 = "Thank you very much for your enquiry. We will contact you within the next few hours to discuss your requirements in detail.";

    $headers = "From:" . $from;

    $headers2 = "From:" . $to;

    mail($to,$subject,$message,$headers);

    mail($from,$subject2,$message2,$headers2); // sends a copy of the message to the sender

     header("location:http://www.activate-it.com/contact.html");

    }

?>

On 18 August 2017 at 22:12, Neil Burgess <ne...@neilburgess.com> wrote:

There is a php script to handle the email form, so I'd have a look at that or anything similar.

On Fri, 18 Aug 2017, 21:32 Steve Beeston <steve....@gmail.com> wrote:

I suppose it won't hurt to get him to run Antimalwarebytes.

On 18 August 2017 at 20:59, Dan <d...@dankeeley.co.uk> wrote:

The machine from which he is changing the password is hacked...

Maybe 😀

Sent from my phone

On 18 Aug 2017 8:58 pm, "Steve Beeston" <steve....@gmail.com> wrote:

I have been approached by a friend whose website keeps getting hacked.

Example:

<p>Reliable proven technology for business cloud computing hasn't been around as long the consumer applications but it is certainly available now and at a surprisingly affordable cost. In fact when you compare in-house IT solutions with cloud equivalents not only is cloud based computing more <a href="http://www.rolexreplicaa.co.uk/rolex_deepsea.html" style="text-decoration: none;color:black" title="rolex deepsea">rolex deepsea</a> flexible its nearly always more affordable.</p>

His web hosting company is blaming the website code. However, the site is written in static HTML (with JS - it's a Bootstrap site) on a shared web host.

I can't see how an HTML website would allow someone write access to a web server. Surely they would need FTP access. My friend has changed the FTP password quite a few times but it keeps happening.

Any thoughts?

Steve

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech+unsubscribe@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech+unsubscribe@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech+unsubscribe@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech+unsubscribe@googlegroups.com.

[Jeremy Pick]

Looks to me like it may be possible to inject malicious code into the email form as the variables in the php are not sanitised in any way.

[Neil Burgess]

It's not the one you are looking for, but you do have an issue in there. 

https://stackoverflow.com/questions/4834337/phps-mail-what-are-potential-issues-to-watch-out-for

In general it's dangerous to take any data given to you and use it with no validation.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech...@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech...@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech...@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech...@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech...@googlegroups.com.

[Steve Beeston]

I'm not sure how any of those issues would allow a hacker to change the HTML code on the site.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech+unsubscribe@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech+unsubscribe@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech+unsubscribe@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech+unsubscribe@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech+unsubscribe@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech+unsubscribe@googlegroups.com.

[Richie Hindle]

Hi Steve, 

Is the site on a shared host? Perhaps the machine itself has been compromised, giving access to all of the sites hosted on it? 

--
Richie Hindle
Sent from my mobile phone, so please excuse the typos!

[kybern...@gmail.com]

Yeah, it seems unlikely (although I could imagine far fetched possibilities).  Passwords for plain FTP are sent in the clear, so it could also be someone on the host network sniffing the ftp traffic if it's not SFTP or some other secure variant.

Who is running the host network?

It might be worth checking the credentials on https://haveibeenpwned.com/ to see if they are part of any well known breeches

Adam

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech...@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.

Visit this group at https://groups.google.com/group/hertfordtech.

For more options, visit https://groups.google.com/d/optout.

--

 

  kybern...@gmail.com

[Steve Beeston]

As I posted earlier, the web hosting company are blaming the website code, saying it is insecure. I cannot see how static HTML offers a route for the  site to be hacked.

The host host is Easyspace.

[kybern...@gmail.com]

There are a few people here with a similar problem: https://forums.digitalpoint.com/threads/please-help-i-have-found-a-mysterious-code-on-a-lot-of-my-websites-is-this-a-hack.1279288/page-2 from 2009, at least one of whom also hosts with easyspace.

According to that thread, one of them checked their logs and discovered that the attacker did know the username and password.  Is your friend able to get the ftp login logs and see if there were correctly authenticated ftp connections not coming from them?

Adam

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech...@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.

Visit this group at https://groups.google.com/group/hertfordtech.

For more options, visit https://groups.google.com/d/optout.

--

 

  kybern...@gmail.com

[Jonathan Atkinson]

Shared plans can often include other scripts and cgi-bin directories etc. that might be causing the vulnerability.

 

A quick look at the weblogs might show if any other scripts are running (by some bot that is looking for common security problems so it can exploit the site/server)

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech...@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech...@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech...@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech...@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech...@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech...@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech...@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech...@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech...@googlegroups.com.

[Steve Beeston]

I specifically want to rule out the HTML as the vunerability, as claimed by Easyspace. My friend has asked me to rewrite the site but I have told him this may make no difference as the website HTML code is not the problem IMHO.

I'm not looking for an answer as to how the site is being hacked. I just want to debunk the web hosting company's claim that it's the web site code that is causing the problem.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech+unsubscribe@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech+unsubscribe@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech+unsubscribe@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech+unsubscribe@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech+unsubscribe@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech+unsubscribe@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech+unsubscribe@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech+unsubscribe@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech+unsubscribe@googlegroups.com.

To post to this group, send email to hertfo...@googlegroups.com.
Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech+unsubscribe@googlegroups.com.

[ajrporrer]

Sorry a bit late to the party here. Could you check that the HTML file itself has actually been altered (get it back over FTP) just to check this isn't being inserted dynamically when the page is served. BT (yes, yes, I know) used to dynamically insert their own tracking code and massively slow the site down. I eventually figured out the served page was different to the one on the host by viewing the page source and then endless googling showed me how to switch this "feature" off.

Andrew

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech...@googlegroups.com.
To post to this group, send email to hertf...@googlegroups.com.

Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech...@googlegroups.com.
To post to this group, send email to hertf...@googlegroups.com.

Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech...@googlegroups.com.
To post to this group, send email to hertf...@googlegroups.com.

Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech...@googlegroups.com.
To post to this group, send email to hertf...@googlegroups.com.

Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech...@googlegroups.com.
To post to this group, send email to hertf...@googlegroups.com.

Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech...@googlegroups.com.
To post to this group, send email to hertf...@googlegroups.com.

Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech...@googlegroups.com.
To post to this group, send email to hertf...@googlegroups.com.

Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech...@googlegroups.com.
To post to this group, send email to hertf...@googlegroups.com.

Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech...@googlegroups.com.
To post to this group, send email to hertf...@googlegroups.com.

Visit this group at https://groups.google.com/group/hertfordtech.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Hertford Tech" group.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech...@googlegroups.com.

[Steve Beeston]

Yes, the source code has been changed.

To unsubscribe from this group and stop receiving emails from it, send an email to hertfordtech+unsubscribe@googlegroups.com.