My web site hacked !!! [Archive] - DiscountASP.NET Forums

View Full Version : My web site hacked !!!

patrudu

09-09-2005, 01:06 AM

I was shocked to notice that my web site at www.FireCAD.net (http://www.FireCAD.net) was hacked today. I found the followingmessage instead of my home page.. .

What's the problem???????? I will be replacing the home page.

ith the hope you feel the pain before
that u have not realized until
teror had reached to you..

... s t o p ...
Site is Hacked
TURKISH HACKER by aLpTurkTegin
http://alpturktegin.sitemynet.com/csa/csa_12.gif

Eric

09-09-2005, 03:42 AM

Please open a support ticket. Let them know if you are using any third party applications and which ones.

DiscountASP.NET
http://www.DiscountASP.NET

bruce

10-06-2005, 01:26 AM

we have seen many of these type of hack caused by people using old 3rd party application. make sure you check for security issues w/ any 3r party software you are using.

Bruce

DiscountASP.NET
www.DiscountASP.NET (http://www.DiscountASP.NET)

waltsully

10-06-2005, 11:46 AM

XCOPY via ftp is an invitation for a hack!

I am concerned about the FrontPage and FTP publishing methods. I believe both use clear text passwords over the wire. Worse is the default ftp user is the same user/pswd that opens the control panel (Administrator).

Packet sniffers are free, and many have the ability to steam to grep, so hunting for logins isn't a high-tech challenge. A sophomore CS college student can figure it out.

Any chance of supporting scp or ssh. Windows versions availablein freeware and inexpensive commercial products. discountasp.net must embrace this technology before one worries about the client piece.

http://sully.faculty.tcnj.edu/courses/cmsc360/weekly_notes.htm

http://sully.faculty.tcnj.edu/courses/cmsc497/supplemental/ssh.htm (The College of New Jersey)

http://www.cites.uiuc.edu/security/scp.html (University of Illinois)

regards,

Walt Sully

waltsully

10-13-2005, 01:00 AM

Bruce,

does MS ftp.exe (ftp://ftp.exe) (command line ftp) use CHAP to login or does user/pswd move in clear text?

patrudu

10-30-2005, 06:14 AM

I am using the latest version of Snitz forum. I think even discountAsp was using this sometime back. So this may not be the reason.

bruce

10-31-2005, 10:09 AM

FTP uses Cleartext

patrudu, plse create a support ticket.

Bruce

DiscountASP.NET
www.DiscountASP.NET (http://www.DiscountASP.NET)