Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 11-15-2007, 12:08 AM
Awjvail Awjvail is offline
 
Join Date: Jun 2007
Location: Canada
Posts: 297
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default XSS Attack

Hi there,

recently, my website has been the victim of an (apparent) xss attack.

However, from what I gather about XSS, you need to have either PHP or Javascript on a page in order to execute an attack on it.

There has been some javascript appearing on my pages which redirects to other pages; some being spyware websites. However, on my index.html, which I use to redirect to my forums, the only code in the whole page is this:

PHP Code:
<meta http-equiv="refresh"content="0;URL=/forums/index.php"
Is it possible to execute an XSS Attack on this? Some how they are sticking javascript onto that page.. the page has no exploitable things on it.. it is just a meta refresh bringing you to my forums homepage.

I have password protected my index.html with .htaccess, however the attacks keep coming and malicious javascript keeps getting injected into index.html.

Is this an XSS attack or something different? If so, what would it be?

The same code has also been injected into virtually every index.php and index.html I have on my server, mostly in directories which nobody even knows about - something I thought was only achievable by having server access.
Reply With Quote
  #2  
Old 11-15-2007, 05:05 AM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If all your index.* files are affected, then it is most likely done by a script installed on your server. If you are on a ahsred server, it might even be running from a different account on the same server if the security is not setup correct for the server.

Please contact your host.
Reply With Quote
  #3  
Old 11-15-2007, 03:17 PM
Awjvail Awjvail is offline
 
Join Date: Jun 2007
Location: Canada
Posts: 297
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

That is exactly what it was. After some fighting and them telling me it was an XSS attack multiple times, they finally (apparently) have fixed it. Ironic, because their support website was also affected by this issue.

This is what they told me (They said "Dear Blair".. I've got no clue who Blair is.):

Quote:
Dear Blair,

We have investigated the root cause of the issue and it is a type of iframe hacking from an Serbian IP which got into one of the customised php scripts of one of the clients and then got FTP access of domains and modified the pages.

We have removed that script and the banned the IP and process of removing that hacked script from the domains in under process.

We have also added some strong mod_security and firewall rules to prevent this .


Please feel free to contact us back in case of any other information.


Please feel free to contact us back in case of any other information.


Regards,

Alan
Reply With Quote
  #4  
Old 11-15-2007, 04:49 PM
Analogpoint's Avatar
Analogpoint Analogpoint is offline
 
Join Date: Feb 2007
Posts: 656
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Awjvail View Post
their support website was also affected by this issue.
Look for a new host.
Reply With Quote
  #5  
Old 11-15-2007, 05:42 PM
Awjvail Awjvail is offline
 
Join Date: Jun 2007
Location: Canada
Posts: 297
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I was thinking about that.. however, what put me off was the great deals that this host has. I get 500gb of diskspace, unmetered bandwidth, etc, all for a very, very, reasonable price. My site uses about 35gb of bandwidth per month, however we expect our traffic to rise somewhat in the next few weeks when we partner with a large company.

Do you know of anything comparable to what we have now?
Reply With Quote
  #6  
Old 11-15-2007, 05:44 PM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

lol, you're not paying enough to get that much.

I pay for a dedicated server and don't even get 500gb of storage.
Reply With Quote
  #7  
Old 11-15-2007, 05:48 PM
Awjvail Awjvail is offline
 
Join Date: Jun 2007
Location: Canada
Posts: 297
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

How do you know how much we pay? :\
Reply With Quote
  #8  
Old 11-15-2007, 05:59 PM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Are you paying more than 300 dollars a month for that shared hosting account?
Reply With Quote
  #9  
Old 11-15-2007, 06:03 PM
Awjvail Awjvail is offline
 
Join Date: Jun 2007
Location: Canada
Posts: 297
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Nope; we're not, and I agree - their plans are unrealistic.

We don't use 500gb of disk space anyway and I highly doubt we ever will - we only use about 400mb, if that.

Can anyone recommend me a better host? Our website is not nearly large enough for a dedicated server; perhaps a VPS? I'm not even sure we're big enough for that :P
Reply With Quote
  #10  
Old 11-16-2007, 12:23 PM
Princeton's Avatar
Princeton Princeton is offline
 
Join Date: Nov 2001
Location: Vineland, NJ
Posts: 6,693
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

as the saying goes ...
"You get what you pay for."

next attack - you will loose everything ...
protect yourself and get a new host now
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 09:11 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.09927 seconds
  • Memory Usage 2,252KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_php
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete