Quote:
Originally Posted by gmax21
Do all these sites reside on the same server?
All it may require is someone with an ill programmed script and people can gain access to the server.
krazykat,
What else does this customer of yours have on the website, only HTML? or are there any forms, server side scripting?
If they do have forms and they are not correctly sanitised in what ever language it's written, then it's entirely possible for script kiddies to get in easily.
There is more than one way to skin a cat. (Not that I skin cats!) .
The question in my mind though, is why would they make subtle changes, most crackers (not hackers depending on your definition), script kidders would stick up a little page telling the world it was them or their alias. Seems strange they would make such minor changes.
And banning an IP won't do to much with so many easily accessible proxy servers available for free, and the type of people that do this to sites will know this and use them.
Sorry I can't offer much in the way of help here.
|
Hi gmax21,
To answer your questions, my customer has only html code...no forms, no scripts, no myspace-type graphics, and no back-door admins.
You make a valid point. Why would a hacker just make subtle changes? As it turns out, the suspected hacker is someone known to my customer...someone who has no personal access to my customer's computers, home or office. So this hacking is of a personal vendetta-type nature...and we can supply proof to support this.
The Abuse Dept has informed me that they are investigating this issue. I would like to give SurpassHosting the opportunity to address the issue of this security breach, before I divulge any more details about the circumstances.
I would like to thank everyone for their great suggestions/ideas. It's been quite an educational experience...nevertheless disturbing.