• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Free Web Site Pen test?

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

    Free Web Site Pen test?

    Morning,

    A mate of mine has a small site for his photography business.
    It appears to have been hacked and a folder has appeared full of images - nothing nasty. There is no e-commerce on the site.

    His hosting co said a remote shell appears to have been installed and shut down the site. It's all running on a LAMP box by the look of it.

    He got them to reset his passwords and FTP'ed in, deleted everything and re-uploaded so it works again.

    Are there any free tools he can use to test the site to try and work out if it is likely to happen again.

    He's only at the FrontPage level of web authoring and I'm not much better so something with a nice big "click here to test" button is what we need!

    Any advice?

    #2
    Originally posted by ctdctd View Post
    Morning,

    A mate of mine has a small site for his photography business.
    It appears to have been hacked and a folder has appeared full of images - nothing nasty. There is no e-commerce on the site.

    His hosting co said a remote shell appears to have been installed and shut down the site. It's all running on a LAMP box by the look of it.

    He got them to reset his passwords and FTP'ed in, deleted everything and re-uploaded so it works again.

    Are there any free tools he can use to test the site to try and work out if it is likely to happen again.

    He's only at the FrontPage level of web authoring and I'm not much better so something with a nice big "click here to test" button is what we need!

    Any advice?
    Two questions, firstly is security other than for home use something you want to do on a free basis?

    Secondly, if he is using FrontPage that might be the problem in itself, quite a few professional tog's are using wordpress sites which might be a better option
    Originally posted by Stevie Wonder Boy
    I can't see any way to do it can you please advise?

    I want my account deleted and all of my information removed, I want to invoke my right to be forgotten.

    Comment


      #3
      Originally posted by SimonMac View Post
      Two questions, firstly is security other than for home use something you want to do on a free basis?

      Secondly, if he is using FrontPage that might be the problem in itself, quite a few professional tog's are using wordpress sites which might be a better option
      Well, it's his site and his choice how much he wants to pay!

      Yes, the original site was created with FrontPage so this could well be the problem.
      However it would be nice to know how it was hacked instead of just assuming a site rewrite using a different product would fix it.
      It could be his FTP password was compromised in which case it would not matter how the web site was created?

      Comment


        #4
        I would start by checking who has write permissions on the files/folders the site contains.

        Comment


          #5
          I hate to say this, but FrontPage Server Extensions are insecure. Here's just one article you can look at Web Server Security Issues and Front Page Server Extensions. I would suggest using some proper WebDev application, or use a template like Wordpress, Joomla or Drupal to design the website and ditch FPE.

          As the web hosting company is hosting the site, it is most likely a shared site, so doing a pen test against their server without their permission, knowledge and consent could well be in violation of their terms and conditions and could also fall foul of the Computer Misuse Act, so be careful about doing a Pen Test of any form.
          If your company is the best place to work in, for a mere £500 p/d, you can advertise here.

          Comment


            #6
            Ta all,

            I'll read up on FrontPages issues and see if he's using the extensions - it's a very simple site.

            I'll also suggest it's time for a redesign but suspect it will fall on deaf ears!

            Comment


              #7
              To be honest if a machine gets hacked then by default you should wipe the machine and start again you have no idea what has happened.

              Comment

              Working...
              X