How to prevent website from hacking

Question

1.00/5 (1 vote)

See more:

Hi All,
Hope you are doing well.

I've suffering from hacker attack for one of my client website.
Each and ever time anonymous user adding unwanted code and hyperlink on my website home page(default.aspx).
These hyperlinks he added bottom of my default.aspx page.Due to above code web page getting compilation error.Every day I am removing these unwanted code from the webpage on webserver.
My web site is running Medium trusted level on shared hosting web server.
It has following permission for following user:
Permission attributes

--Full control
--Modified
--Read & Execute
--List Folder Content
--Read
--Write

User Groups & names

*Administrators
 --All permissions check
*System
 --All permissions check
*FTP accounts (ftp_subaccounts)  [No permission for this user]
 --Full control uncheck
 --Modified uncheck
 --Read & Execute uncheck
 --List Folder Content uncheck
 --Read uncheck
 --Write uncheck
*Plesk IIS Anonymous Account (IUSR_sadgutn8)
 --All permissions check
*Plesk IIS Worker Process Identity Account (IWPD_2677(sadgutn8))
 --All permissions check
Plesk FTP subaccount (sadguru)
 --Permission for "List Folder Contents" check
* Plesk Domain user (sadgutn8)
 --All permissions check

Earlier it has permission for Everyone (full control) but I've removed that; also I've change all C panel and FTP account password.But still hacker continuously attack.

Can anyone please suggest me how can I prevent my website from these attacks.

Any help would much appreciate.

Following code he added recently:

XML

<a href="http://www.ebk8.com/amdc/">ç½‘ä¸ŠèµŒåš</a>
<a href="http://www.ebk8.com/qxws/">å…¨è®¯ç½?/a>
<a href="http://www.ebk8.com/zqbf/">èµŒçƒç½?/a>
<a href="http://www.ebk8.com/pjdc/">æ¾³é—¨è‘¡äº¬èµŒåœº</a>
<a href="http://www.ebk8.com/ssc/">æ—¶æ—¶å½?/a>

Posted 16-Nov-15 20:48pm

Devendra lodha

Updated 16-Nov-15 21:02pm

George Jonsson

v5

Add a Solution

4 solutions

Solution 4

C#

Thanks for the help.
I have checked the vulnerabilities and removed all unwanted filed from the root directory and changed the all Access credentials of C Panel including FTP.
Currently site is safe.
Thanks.
Have a good day.

Posted 25-Nov-15 18:33pm

Devendra lodha

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

F-ES Sitecore · Accepted Answer · 2015-11-16T22:14:00

The main things to look for are SQL Injection attacks, and possibly XSS, as well as other issues like weak passwords etc. Ultimately it's a massive subject, far too big for here. If you're serious then get the code scanned using a tool like HP's Fortify, and there will be others. You can also get the site penetration tested, or "pen tested", which is when a security firm runs a suite of common attacks against your site to see if they can gain access.

AdamASPGeek · Accepted Answer · 2015-11-18T17:32:00

Solution 3

Just find yesterday post on social media, it is good explanation and maybe it will be helpful for you, just readt http://bit.ly/1lhLnHh

Posted 18-Nov-15 17:32pm

AdamASPGeek

Afzaal Ahmad Zeeshan · Accepted Answer · 2015-11-16T21:02:00

This is a very broad question.

But, start by revoking any "write" access to your users, unless they are admin and then try to secure your control panel. Unless that is someone from within, he won't be able to access it. Also, try to see who makes changes, thus "source control" is always a preferred tool in the teams. It gives you information about the user who made a change in the system. You can then catch them, if they are from within your system. Otherwise, ban their IP address.

Hackers usually try to access your website from any input field, if you do not provide them a way, they won't be able to enter. SQL Injection, cross-site forgery or scripting may also be a reason. They may try to enter an invalid field to see if that works, and invalidated data, concatenated SQL commands are very attractive to them.

https://en.wikipedia.org/wiki/SQL_injection[^]
https://en.wikipedia.org/wiki/Cross-site_scripting[^]

I recommend that you, at once, contact the system administrator and/or network administrator and ask them to solve this problem.

How to prevent website from hacking

4 solutions

Solution 2

Solution 3

Solution 4

Solution 1

Add your solution here

Preview 0