The Auswine Forum

firstly, a belated merry christmas to all - i hope you all had a good one and enjoyed some great food and wine!

Just wanted to see if anyone has had any experience with hackers getting into their website? yum.org.au recently got hacked by some turkish hackers... does anyone have any software recommendations etc they could usggest to stop this from happening in future?

many thanks!

cheers
max

Max,

My hacker was from the Ukraine. Just hacked my guestbook and subscriber base, so I had to switch them off for a while and make a few adjustments. Pain in the butt really, hopefully they will trun their attention to something else soon, I note through the traffic details that they are still trying to do the same thing, albeit unsuccessfully.

Can't help with any software info, sorry, but good luck with the search.

Cheers

Hi Max,

I have been hacked twice.

The first was my Guest Book and I just turned off the HTML script and installed a patch to fix it.

The second was more serious. Some **** hacked my Tasting Notes Search Results page with a malicious script that screwed up one readers PC (their virus stuff could not have been up to date.)

Craig fixed it for me.

Max,

Making sure you keep the forum software up to date is important. The latest version is 2.0.18 and this fixes known security problems with earlier versions like the one you are running. There is also a mailing list you can join to be told of any updates here -> http://www.phpbb.com/support/

I think a few systems have been hacked in the last few days. Since Christmas day I've received a ton of fishing emails trying to score NAB details - almost all of them aren't even addressed to my actual address, suggesting there's a bug in dodo's system.

As usual guys keep your antivirus, spyware & firewall up to date and delete any emails (without opening) where you're unsure of the sender.

Cheers,
Ian

back in the office and back to it!

Thanks for the advice guys - esp yours Cam.. wasn't actually aware there was the need to update security patches, but will know from hereon in!

Hope everyone enjoyed their breaks!

cheers
max

Max

The security of your web site starts much lower than just security patches for the software.

You really need to consider the actual server platform, what oeprating system it is running, the actual web server software, user accounts. There is a real need to harden and tighten security at all the levels. Then you will get the benefit from a regular application of security patches. Som of this is the closing of unnecessary ports and stopping some protocols and services on the servers.

An often forgotten part of security is regular backups, because any server out in the Internet must be considered expendable and so you need an easy and quick recovery procedure.

If at some time you want to send some information on your set up both myself and my work colleaque who is still IT security, (I have moved into another area of IT) we could offer some very specific recommendations for you.

Wayne

Wayne,

While your suggestions are fine in general, I would suggest that it is unlikely yum is running on a dedicated web server, rather I imagine it is a shared setup and the things that you mention would be looked after entirely by Max's hosting company.

Security patches for the software are likely close to the only thing that Max would be responsible for.

Cam/Wayne,

Having sadly inadequate IT skills, can either of you tell me how I might be able to block the individual user who is trying to hack the site? I see on my stats site that there are 60 visits a day from the one hacker, obviously on automatic delivery.

Any ideas would be appreciated.

Thank you

Grant wrote:Cam/Wayne,

Having sadly inadequate IT skills, can either of you tell me how I might be able to block the individual user who is trying to hack the site? I see on my stats site that there are 60 visits a day from the one hacker, obviously on automatic delivery.

Any ideas would be appreciated.

Thank you

Grant,

Looks like you are using IIS 6.0, how much access do you have to the server that the site is hosted on?

If you have full access (ie you can connect with something like Terminal Services and use it like a regular desktop to install/configure software) then have a look at the instructions on this site -> http://www.hostmysite.com/support/dedic ... S/blockip/

Otherwise, you may have access to a site control panel through your hosting provider. On your providers web site it mentions CTControlCenter which I'm not familiar with - if you have access to this (it may be the same way that you access your stats), then there may be an option in there under IIS Permissions to block IP ranges.

It may be a case that if neither of the above two options or what Wayne suggests works, that contacting your hosting provider is your best bet since they will be familiar with your particular hosting details and exactly what software you have access to.