1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
  • Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Reply to: Free Web Site Pen test?

Collapse

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

  • You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
  • You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
  • If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Previously on "Free Web Site Pen test?"

Collapse
  • Sockpuppet
    replied
    To be honest if a machine gets hacked then by default you should wipe the machine and start again you have no idea what has happened.

    Leave a comment:

  • ctdctd
    replied
    Ta all,

    I'll read up on FrontPages issues and see if he's using the extensions - it's a very simple site.

    I'll also suggest it's time for a redesign but suspect it will fall on deaf ears!

    Leave a comment:

  • pmeswani
    replied
    I hate to say this, but FrontPage Server Extensions are insecure. Here's just one article you can look at Web Server Security Issues and Front Page Server Extensions. I would suggest using some proper WebDev application, or use a template like Wordpress, Joomla or Drupal to design the website and ditch FPE.

    As the web hosting company is hosting the site, it is most likely a shared site, so doing a pen test against their server without their permission, knowledge and consent could well be in violation of their terms and conditions and could also fall foul of the Computer Misuse Act, so be careful about doing a Pen Test of any form.

    Leave a comment:

  • Pondlife
    replied
    I would start by checking who has write permissions on the files/folders the site contains.

    Leave a comment:

  • ctdctd
    replied
    Originally posted by SimonMac View Post
    Two questions, firstly is security other than for home use something you want to do on a free basis?

    Secondly, if he is using FrontPage that might be the problem in itself, quite a few professional tog's are using wordpress sites which might be a better option
    Well, it's his site and his choice how much he wants to pay!

    Yes, the original site was created with FrontPage so this could well be the problem.
    However it would be nice to know how it was hacked instead of just assuming a site rewrite using a different product would fix it.
    It could be his FTP password was compromised in which case it would not matter how the web site was created?

    Leave a comment:

  • SimonMac
    replied
    Originally posted by ctdctd View Post
    Morning,

    A mate of mine has a small site for his photography business.
    It appears to have been hacked and a folder has appeared full of images - nothing nasty. There is no e-commerce on the site.

    His hosting co said a remote shell appears to have been installed and shut down the site. It's all running on a LAMP box by the look of it.

    He got them to reset his passwords and FTP'ed in, deleted everything and re-uploaded so it works again.

    Are there any free tools he can use to test the site to try and work out if it is likely to happen again.

    He's only at the FrontPage level of web authoring and I'm not much better so something with a nice big "click here to test" button is what we need!

    Any advice?
    Two questions, firstly is security other than for home use something you want to do on a free basis?

    Secondly, if he is using FrontPage that might be the problem in itself, quite a few professional tog's are using wordpress sites which might be a better option

    Leave a comment:

  • ctdctd
    started a topic Free Web Site Pen test?

    Free Web Site Pen test?

    Morning,

    A mate of mine has a small site for his photography business.
    It appears to have been hacked and a folder has appeared full of images - nothing nasty. There is no e-commerce on the site.

    His hosting co said a remote shell appears to have been installed and shut down the site. It's all running on a LAMP box by the look of it.

    He got them to reset his passwords and FTP'ed in, deleted everything and re-uploaded so it works again.

    Are there any free tools he can use to test the site to try and work out if it is likely to happen again.

    He's only at the FrontPage level of web authoring and I'm not much better so something with a nice big "click here to test" button is what we need!

    Any advice?
    Tags: None

Advertisers

  1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
Working...
X