1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Tips for tracking hacker activities

Discussion in 'Security' started by bluemouse2, Apr 16, 2013.

  1. #1
    Today while looking at the stats for one of my websites I've discovered several searches related to one of the php scripts I'm using. I've made the search as well and I've discovered a link where it says this script has a vulnerability to be exploited by showing the configuration file. When I've search by my MD5 encrypted password in google it seems someone already asked for it to be decrypted. I've fixed the security issue now, the hacker can maybe decrypt the password but it will be no use for him, so I'm glad he will waste his time. Maybe this tip can help you as well, if you see visitors coming to your website by searching for your script name and not by your website's keywords. Don't let them trace you, you trace them before.
    SEMrush
    Other tips: scan your site's folders from time to time to watch for unusual activity like changed file size/date or file permissions. These hackers will hide their files in one of your site's folders. Also search for unknown .exe files. Change your passwords from time to time. It's better to prevent.
     
    Last edited: Apr 16, 2013
    bluemouse2, Apr 16, 2013 IP
    RonBrown and Steve202 like this.
    SEMrush
  2. RonBrown

    RonBrown Well-Known Member

    Messages:
    934
    Likes Received:
    55
    Best Answers:
    4
    Trophy Points:
    105
    #2
    That's good advice, but I fear it will fall on deaf ears.

    As a host we're seeing more and more open-source applications being exploited because the user is running older versions and one or more security patches have been released since the version they are using.

    We send regular messages to everyone reminding them to upgrade their applications and keep them up-to-date, but most people believe it will never happen to them. People are actively scanning for known applications and then scanning them for known expoits. It doesn't matter how small or large your company is, they will find you eventually.

    So, to echo bluemouse2, please keep your applications up-to-date and save yourself the heartache and potential criminal/civil prosecution of having sensitive data stolen and web sites trashed.
     
    RonBrown, Apr 17, 2013 IP
    bluemouse2 likes this.
  3. Steve202

    Steve202 Member

    Messages:
    59
    Likes Received:
    9
    Best Answers:
    1
    Trophy Points:
    45
    #3
    Excellent advice. Many moons ago I had one of my websites hacked and they created a new directory and was hosting their own stuff. My site wasn't affected so I wouldn't have noticed if it wasn't for me going through the directories.
     
    Steve202, Apr 17, 2013 IP
    bluemouse2 likes this.
  4. TiffanyJ.SSS

    TiffanyJ.SSS Member

    Messages:
    72
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    33
    #4
    Snort and OSSEC do wonders.
     
    TiffanyJ.SSS, Apr 18, 2013 IP