Guest orb123 Posted May 25, 2013 Posted May 25, 2013 Hello, Last night I asked my friend to try and find a security flaw on my website. He was able to make every page on the site blank.. He will not release to me how he did this. If it is possible, Can you tell me how he hacked it? I'm on stevie and my account name is orb. I also checked the error log, nothing about it there. Thanks for your assistance. Orb
Guest orb123 Posted May 25, 2013 Posted May 25, 2013 I know, he un-did it. However, he won't tell me how he did it or how to fix it. I was wondering if you could tell me how he attacked it?
ExtremeGaming Posted May 25, 2013 Posted May 25, 2013 Probably got access to your file system by uploading not being validated properly.
Sove Posted May 25, 2013 Posted May 25, 2013 Any chance you're using a CMS like wordpress or joomla and have uploaded plugins to it? Many of the plugins are nothing but backdoors.
Guest orb123 Posted May 25, 2013 Posted May 25, 2013 Nope, I don't use Wordpress or anything. The thing is he only did it for a minute , he was able to make all pages blank then return to normal, so he isn't using SQL-Injection.. I also checked the file manager, nothing strange there...
Shinryuu Posted May 25, 2013 Posted May 25, 2013 Are you sure he wasn't just messing with you by opening the developer tab and deleting the <body>?
Guest orb123 Posted May 25, 2013 Posted May 25, 2013 I doubt it, it happened to every page. The only thing I noticed is that the title of the page showed up, nothing else.
Guest orb123 Posted May 26, 2013 Posted May 26, 2013 Is it possible if you can tell me how he hacked it?
Sove Posted May 26, 2013 Posted May 26, 2013 No, there is no way, especially when you don't even mention what stuff your account has.
Guest orb123 Posted May 26, 2013 Posted May 26, 2013 Like I said, I don't use Wordpress or anything. I just use html, PHP, CSS and Mysql.
Krydos Posted May 27, 2013 Posted May 27, 2013 My guess would be that he installed a key logger on your computer, and knows your password.
raymond01 Posted May 27, 2013 Posted May 27, 2013 I don't know how it did it but I have a question. If you type in the domain only the default page will show. If all the pages were blank I guess that there were no links on the pages. So how did he go from page to page?If the title of the page (I assume what is between the title tags) was showing up did you do a view source to see if there was code there? And to see if it was modified.My guess is that somehow he tricked your browser into not displaying the body of the page and did not change your site.
Guest orb123 Posted May 27, 2013 Posted May 27, 2013 -Kydros Impossible, you see I was communicating to him via a different website. As for the last post, he literally only did it for a minute, I did not get time to check the source. I don't believe he got directly into my files, none of my files were edited the day it happened.
Recommended Posts