Last post Feb 24, 2017 06:50 AM by rakesh4482
Apr 20, 2016 01:28 AM|ClarkNK|LINK
My asp.net site was hacked last week. I found a user I never put there that had administrative privileges, which I am pretty sure is how the site got sprinkled with a number of asp. php, and web.config files that were not supposed to be there, and also
the main web.config file had been altered with a redirecting thingy. The site uses asp.net controls for all queries (so they are parameterized), and has only aspx pages, and a couple of html pages.
The purpose of the hack was to redirect any links to my site generated by search engines to other sites.
I have cleaned out all the offending files and seem to have the site back in working order.
My site is low traffic -- maybe 50 visitors a day. So it seems to be to be a lousy target for a hacker, which makes me conclude that it was likely some kind of automated hack. I can't believe an individual would have sorted through the site adding files
here and there, and modifying some files. It just would not be worth their time.
My big question -- how would someone (or even more-so a bot) have been able to create a user with administrative privileges??
I'm thinking it is likely a host problem, but of course they say only my site has reported a hack.
Apr 20, 2016 05:20 AM|navneetmitawa|LINK
According to my point of view hacking of asp.net website it is not an easy task for any hacker.
i have check your website it used membership for authentication and it well and secure way to authenticate an user, &
i think someone create an administrator account in your website and for more hack proof consider below links.
or do an security audit for you application.
Few resources to test various security vulnerabilites at above source.
Apr 20, 2016 09:43 PM|ClarkNK|LINK
Thank you for taking the time to respond, those are some informative links you provided.
I still would like a better understanding of how an unauthorized user with administrative privileges could get created, especially if it was done by a bot which seems to me the most likely scenario by far, for reasons previously mentioned.
There seem only two possibilities: Either (1) a bot got my control panel credentials, or (2) a bot got some higher-level server credentials.
Even if a bot somehow got my control panel username in (1), it would still have to guess the control panel password which would require multiple trial and error attempts, which I assume would lock it out after some number of tries (something
that would be under the server admin's control if such a limit exists at all). As far as (2) goes, I have no idea what safeguards surround the shared server.
Any discussion around these thoughts would be welcome.
Feb 24, 2017 06:50 AM|rakesh4482|LINK
While surfing different site you might have seen the links saying click here to WIN pries etc. Once you click on such links a Script will be downloaded on your machine and this script is being created by the hackers and it can do the following:
1) It can steel the saved password (will send to hacker) from your browser, never save your password on browser.
2) When you login your site this script will send your session ID + form detail to Hacker.
Now hacker have your session id and Form value and they can login to your site(from their own machine) with the same privileges as you(admin) have & can do all which admin can do.
1) Always clear your cache cookie after surfing on internet and use valid antivirus.
2) CSRF- your web application should be enough capable to handle CSRF attack (Cross Site Request Forgery).