How to prevent this attack?

General technological topics without their own forum go here

How to prevent this attack?

Post by aloneattack on Tue Aug 21, 2012 10:18 pm
([msg=68898]see How to prevent this attack?[/msg])

Hi guys,

Could this attack be harmful to this site (link below) ? and how could we prevent it?

EDIT: In this image one 'hacker' inserted some codes in the search form and the site threw out an alert or something. And then he distributed this image (edited - censored the site name - added caption)

http://postimage.org/image/gxgvinvdf/

EDIT: Also they sent following link:
DANGEROUS!!! (maybe virus or trojan inside this file - we don't detect anything, but be careful! - click with your own risk) **link has been cleared**
http://i.imm.io/Bo04.bmp

Help please,
Thanks,
nei
Last edited by aloneattack on Tue Aug 21, 2012 10:41 pm, edited 1 time in total.
aloneattack
New User
New User
 
Posts: 4
Joined: Tue Aug 21, 2012 10:07 pm
Blog: View Blog (0)


Re: How to prevent this attack?

Post by wan26 on Tue Aug 21, 2012 10:31 pm
([msg=68900]see Re: How to prevent this attack?[/msg])

Je ne comprends pas
User avatar
wan26
Experienced User
Experienced User
 
Posts: 91
Joined: Sun Jan 22, 2012 6:46 pm
Blog: View Blog (0)


Re: How to prevent this attack?

Post by aloneattack on Tue Aug 21, 2012 10:41 pm
([msg=68901]see Re: How to prevent this attack?[/msg])

I added some information :)
aloneattack
New User
New User
 
Posts: 4
Joined: Tue Aug 21, 2012 10:07 pm
Blog: View Blog (0)


Re: How to prevent this attack?

Post by limdis on Tue Aug 21, 2012 10:53 pm
([msg=68902]see Re: How to prevent this attack?[/msg])

We are looking into this aloneattack. For future reference please don't post potentially dangerous links. Either verify them before posting or PM one of us mods first.
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1388
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: How to prevent this attack?

Post by wan26 on Tue Aug 21, 2012 11:16 pm
([msg=68903]see Re: How to prevent this attack?[/msg])

It may be that the search field, or any field in the forms that allow user input have not been properly sanitized to protect against javascript injection, i am speculating because the website is not in my native language and i cant check it out. If this is the case then a visitor could even post a comment with html meta tags and redirect every one or any number of things with javascript...
User avatar
wan26
Experienced User
Experienced User
 
Posts: 91
Joined: Sun Jan 22, 2012 6:46 pm
Blog: View Blog (0)


Re: How to prevent this attack?

Post by tremor77 on Tue Aug 21, 2012 11:28 pm
([msg=68904]see Re: How to prevent this attack?[/msg])

site has a boat load of javascript all declared in just a few linked .js files... global and common, with so much form processing, search, survey, comments, etc.. the site could be vulnerable to xss and xsrf. Webmaster needs to clean up that mess, validate form entries.. or a good hacker (not the skiddies that just hit it) could do some defacing, or even inject some malicious code into pages.
Image
User avatar
tremor77
Contributor
Contributor
 
Posts: 884
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: How to prevent this attack?

Post by wan26 on Tue Aug 21, 2012 11:36 pm
([msg=68906]see Re: How to prevent this attack?[/msg])

You could probably dox their username or group, im sure they included it in one of their pop ups, there may be websites and forums they contribute to or irc channels etc, may give extra info about what they are doing. But that may not be needed as the basic things the web'masters' have not considered could easily be googled anyway and should be known lol

i will take a look

Wow, pretty forum, there's also a blog that well, says it all.
User avatar
wan26
Experienced User
Experienced User
 
Posts: 91
Joined: Sun Jan 22, 2012 6:46 pm
Blog: View Blog (0)


Re: How to prevent this attack?

Post by aloneattack on Wed Aug 22, 2012 4:23 am
([msg=68910]see Re: How to prevent this attack?[/msg])

Thank you for your helps,
So the attack is XSS. That seem to be fixed now!
It might be the missing of validation input forms.

Yeah, a pretty forum and a blog with Anonymous guy.


nei

-- Wed Aug 22, 2012 4:24 am --

limdis wrote:We are looking into this aloneattack. For future reference please don't post potentially dangerous links. Either verify them before posting or PM one of us mods first.


yes, thanks
aloneattack
New User
New User
 
Posts: 4
Joined: Tue Aug 21, 2012 10:07 pm
Blog: View Blog (0)


Re: How to prevent this attack?

Post by limdis on Wed Aug 22, 2012 12:13 pm
([msg=68925]see Re: How to prevent this attack?[/msg])

Oh man I would be pissed if I was the OP.
Image

wan26, +1
They are a pretty easy dox target for those that are learning the dox trade. Just precede with caution considering their nature of work. Aloneattack, how is the recovery coming?
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1388
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: How to prevent this attack?

Post by wan26 on Wed Aug 22, 2012 12:40 pm
([msg=68926]see Re: How to prevent this attack?[/msg])

thanks i will be extra cautious by ending my curiosity now :] because they probably search that link looking for threads like this and maybe they have a stat counter on their websites recording visits or who knows what. I'd go through tor otherwise.

Also hope it works out for the op too

cod black ops: 'back out back out!' lol
User avatar
wan26
Experienced User
Experienced User
 
Posts: 91
Joined: Sun Jan 22, 2012 6:46 pm
Blog: View Blog (0)


Next

Return to General

Who is online

Users browsing this forum: No registered users and 0 guests