Website Hacked Removal Services

Step 1. We will run reports to see how you’ve been hit.
Step 2. We will clean infected files.
Step 3. We will increase security within your website and work with your hosting company to increase security on your server.
Step 4. We will monitor your website from this day forward. Typically 90% of websites that have been hacked, will be hacked over and over until the underlying problems are fixed. We will fix the problems as they become revealed.

 

10 Common Types of Website Hacks

[efaccordion id=”06″ color=”a7afa0″ effect=”fade”] [efitems title=”URL MISINTERPRETATION” color=”a7afa0″ effect=”fade” text=”

  • The web server fails to parse the URL properly.
  • e.g. the Unicode / Superfluous decode attack.
  • Mismatched resource mappings in the configuration.
  • e.g. +.htr, .JSP, Java remote command execution, etc.

webOPTIMA FIX: Usually requires entirely new files (java, etc.), Thorough inspection of the web server configuration and bindings

“] [efitems title=”DIRECTORY BROWSING” text=”

  • Ability to retrieve complete directory listing within directories on the web server
  • Usually happens when the default document is missing
  • Not-so-strict Web server configuration

webOPTIMA FIX: Web server configuration lock-down, Disable serving of directory listings, Sometimes the error may require entirely new java scripting.

“] [efitems title=”RETRIEVING NON-WEB FILES” text=”

  • “Non-web” files can be: Archive files (.zip, .tar.gz, etc) Backup files (.bak, ~, etc) Header / Include files (.inc, .asa, etc) Text files (readme.txt, etc)
  • Can be retrieved with some guess work. e.g. if there is a directory called /reports/
    look for “reports.zip”

webOPTIMA FIX: Eliminate careless presence of such files. Disable serving certain file types by creating a resource mapping, Strict change control measures.

“][efitems title=”REVERSE PROXYING” text=”

  • Web proxy servers may work both ways!
  • Typically meant to allow users from within a network to access external websites
  • May end up proxying HTTP requests from the outside world to the internal network
  • e.g. Compag Insight Manager
  • Usually happens when the front end web server proxies requests to back end app servers

webOPTIMA FIX: Check the web server proxy configuration thoroughly, Check for created URL mappings to internal servers

“][efitems title=”JAVA DECOMPILATION” text=”

  • Java Bytecode can be decompiled quite effectively
  • May disclose sensitive information such as passwords, application paths, etc.
  • May also disclose application logic – such as generation of session IDs, encyrption, etc.
  • Java Archive files (.jar files) may contain files other than bytecode, such as configuration files.

webOPTIMA FIX: Java bytecode obfuscation, Elimination of sensitive configuration information within bytecode, Elimination of unnecessary files within .jar files

“][efitems title=”SOURCE CODE DISCLOSURE” text=”

  • Ability to retrieve application files in an unparsed manner
  • Attackers can recover the source code of the web application itself.
  • The code can then be used to find further loopholes / trophies
  • May be caused by many ways: Misconfiguration or vendor errors, poor application design, etc.

webOPTIMA FIX: Vendor (modules, etc) supplied fixes, Locking down the web server configuration, Secure coding practices

“][efitems title=”IMPUT VALIDATION” text=”

  • Root cause of most web hacks
  • All inputs received should be validated (data types, date ranges, buffer sizes and bounds, metacharacters)
  • Tampering with hidden files
  • Bypassing client side checking (e.g. javascript)

webOPTIMA FIX: These are the worst to deal with. This requires removal of files, rewriting of files, and proper coding practices in order to close the door.

“][efitems title=”SQL QUERY POSITIONING” text=”

  • Parameters from the URL or input fiuelds get used in SQL queries
  • An instance of Input Validation attacks
  • Data can be altered to extend the SQL query. (e.g. http://server/query.asp?item=3+OR+1=1)
  • Execution of stored proceedures
  • May even lead to back-end database server compromise

webOPTIMA FIX: Pretty in-depth thorough source code review, following the principle of least privilege for the database application, elimination of unnecessary database users and stored procedures, cleanup of all database files for basecode injections.

“][efitems title=”SESSION HIJACKING” text=”

  • HTTP is inherently a “stateless” protocol.
  • Many web applications are stateful
  • Poor mechanisms of state tracking: (Hidden fields carrying a session ID, Client side cookies, … with no server side session tracking)
  • Reverse engineering of the session ID leads to access of other users’ data

webOPTIMA FIX: Use server side session ID tracking, Match connections with time stamps, IP addresses, etc., Cryptographically generated session IDs (hard to sequence), Use web application server session management APIs when possible.

“][efitems title=”BUFFER OVERFLOWS” text=”

  • Poor bounds checking
  • Web server HTTP requests (e.g. ASP buffer overflow, .printer, etc.)
  • Application Input fields
  • Can cause: (Denial of service – crashing the app / service, Remote command execution – shellcode)

webOPTIMA FIX: Vendor supplied fixes, Bounds checking within applications, Source code reviews, Buffer overflow testing”][/efaccordion]

Call webOPTIMA!