|
| |
|
|
JacieClaeys
Posts: 148
Joined: 7/13/2004
From: Henderson,TX
Status: offline
 |
RE: Please critique my swan song - 10/9/2007 9:53:32
quote:
ORIGINAL: Tailslide
Good god Jacie - how on earth did that happen?
Hey Tailslide...Good Morning.
Nobody seems to know for sure. I talked to a lot of different people in the course of my trying to fix it. The general consensus seems to be that these guys are so good that as soon as you plug one hole in the dike they find another. I am hosted on a Windows 2003 server with a dedicated IP. They had to get into the server because one of the pages they hijacked wasn't accessible any other way.
The really interesting part was that the day before this all started, a customer called me and said she had just put in an order and wanted to change it. I went to retrieve it, and the entry page to do so was GONE. Nada....ZIP. I called my host to see if they had done maintenance and they hadn't. So I uploaded the page and went in and retrieved her order. After 5 days of hunting for the second code they had implanted, I remembered this incident and sure enough it was on this page. So the question is..... Did they get through the firewall and other programs on MY machine , plant the code which I then uploaded OR did they get through the security on the server and do it themselves on the server.
We will never know for sure. Front page itself has it's vulnerabilities, Win XP on my machine has it's vulnerabilities, and WIN 2003 on the server has it's own vulnerabilites.
The first thing I am going to do is take all my pages into Web Expression. While my web host is not planning on getting rid of FP extentions (for now anyway) it is a place to start.
The second thing I am going to do is change my cart set up. While in this instance, they weren't looking to break into my customer information, that is certainly a possibility on the horizon. The makers of my current cart have a new set up, where everything from the cart forward can go on their server. They become responsible for all security, upgrades, SSL certs, gateways and credit card security compliance. So I can host anywhere I want, and just point my cart pages to their server.
From a liability and expense stand point this may be the way to go. SSL Certs are going to $1000 next year. Add to that, a half mil to 1 mil of fines the Visa/MC will get you for if someone steals your information, and it may be how all small business owners are going to have to go.
Identity and credit card theft has become monumental business and a HUGE loss to the CC companies so that it will be imperative that they do some really tough things to stop the bleeding.
Since they can't catch the hackers, they will go after the guy they can catch... the victim business owner. I will guarantee one thing for sure......they will not continue to absorb the losses themselves. They are in business to make money not lose it and crap ALWAYS rolls downhill.
IMO, the small business/web site owner in the next five years is going to be faced with growing security costs or going to a place that provides it for them. No one is going to care how pretty your site is ....only if it is safe.
My brother-in-law had his identity stolen last month to the tune of $25,000 in 2 days. Multiply that times thousands a day world wide and it is apparent that it won't be sustained forever.
_____________________________
Jacie
---------------------------------
"It's never the tigers that get you...it's always the gnats"
|
|
|
|
Tailslide
Posts: 5915
Joined: 5/10/2005
From: Out here on the raggedy edge
Status: offline
|
RE: Please critique my swan song - 10/9/2007 11:27:37
It's infuriating. Security is an enormous issue and very frightening at times. Trouble is that, as you said, you plug one hole and they find another somewhere down the line. I just don't understand the mindless damage that many of these site hijackers do. Presumably these are the same people who grafitti buildings and key cars "for a laugh".
I'm guessing that they accessed the site via the webserver rather than via your desktop. I have heard that FP extensions can represent a security issue but to be honest I have no real idea if that's true or just an excuse hosts use to no longer offer them.
_____________________________
"My strategy is so simple an idiot could have devised it"
Little Blue Plane Web Design | Blood, Sweat & Rust - A Land Rover restoration project
| |
|
|
|
JacieClaeys
Posts: 148
Joined: 7/13/2004
From: Henderson,TX
Status: offline
|
RE: Please critique my swan song - 10/9/2007 13:11:52
I agree that is was probably the web host server.
I have a better understanding of the whole scenario than I did before it happend to me.
First of all, I now understand it is no longer just malicious pranksters. Germany and Pakistan have a huge industry in hijacking. It is not a matter of just seeing what you can do anymore.
They are paid big bucks for their ability to do these things. Since it is illegal to send spam (at least here) the spammers have gone to hijacking other sites and email addresses in order to avoid detection.
There is also the industry of economic terrorism especially in the west and western Europe.
I believe my instance was a combination of the two. Since they placed a virus on my page it was designed to chase visitors away because that is how I knew the code was there. All my virus alerts went off when I entered my home page.
If I deleted just part of the code I could get about 3 inches of pharmaceutical terms to come up across the bottom of the page. So I believe they were also using my email account to send out spam for viagra, cialis etc. My web log showed 10 htm files so I think they intended to use me for 10 days (since the loop caused it all to come back every day at 12:01) and then move on to the unlucky next guy.
So this is no longer "just for grins" this is about following the money.
_____________________________
Jacie
---------------------------------
"It's never the tigers that get you...it's always the gnats"
| |
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts
|
|
|
Printable Version 
