The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
XSS Attack
Hi there,
recently, my website has been the victim of an (apparent) xss attack. However, from what I gather about XSS, you need to have either PHP or Javascript on a page in order to execute an attack on it. There has been some javascript appearing on my pages which redirects to other pages; some being spyware websites. However, on my index.html, which I use to redirect to my forums, the only code in the whole page is this: PHP Code:
I have password protected my index.html with .htaccess, however the attacks keep coming and malicious javascript keeps getting injected into index.html. Is this an XSS attack or something different? If so, what would it be? The same code has also been injected into virtually every index.php and index.html I have on my server, mostly in directories which nobody even knows about - something I thought was only achievable by having server access. |
#2
|
|||
|
|||
If all your index.* files are affected, then it is most likely done by a script installed on your server. If you are on a ahsred server, it might even be running from a different account on the same server if the security is not setup correct for the server.
Please contact your host. |
#3
|
|||
|
|||
That is exactly what it was. After some fighting and them telling me it was an XSS attack multiple times, they finally (apparently) have fixed it. Ironic, because their support website was also affected by this issue.
This is what they told me (They said "Dear Blair".. I've got no clue who Blair is.): Quote:
|
#4
|
||||
|
||||
Look for a new host.
|
#5
|
|||
|
|||
I was thinking about that.. however, what put me off was the great deals that this host has. I get 500gb of diskspace, unmetered bandwidth, etc, all for a very, very, reasonable price. My site uses about 35gb of bandwidth per month, however we expect our traffic to rise somewhat in the next few weeks when we partner with a large company.
Do you know of anything comparable to what we have now? |
#6
|
||||
|
||||
lol, you're not paying enough to get that much.
I pay for a dedicated server and don't even get 500gb of storage. |
#7
|
|||
|
|||
How do you know how much we pay? :\
|
#8
|
||||
|
||||
Are you paying more than 300 dollars a month for that shared hosting account?
|
#9
|
|||
|
|||
Nope; we're not, and I agree - their plans are unrealistic.
We don't use 500gb of disk space anyway and I highly doubt we ever will - we only use about 400mb, if that. Can anyone recommend me a better host? Our website is not nearly large enough for a dedicated server; perhaps a VPS? I'm not even sure we're big enough for that :P |
#10
|
||||
|
||||
as the saying goes ...
"You get what you pay for." next attack - you will loose everything ... protect yourself and get a new host now |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|