A Service To Check Website Security?
-
Ok so my site has been having problems off and on for the past two years with spambots or hackers or something always uploading crap, viruses, random things - it's usually not that bad, I just take care of it myself and delete it. It's really weird. After having my webhost shut me down again because of weird activities (I'm still fighting with them to get it back up), I've decided that there has to be some way I can check my website's security? Does anyone know of some kind of company that offers a service where, if I give them money, they'll analyze my website/code/script/whatever and tell me what the hell is wrong with my website so that it allows so many bots/hackers to get through? I have to figure this out somehow.
There's got to be someone somewhere who offers this kind of service. -
Bueller?
...
Bueller? -
Bueller.
-
What did they write was specifically wrong with your site?
-
Ok so I think I figured it out. Some spambot or something is using my website as a relay to send out emails (that's what I suspect). I have no idea how it's doing it, which is why I want to get someone to help me out.
I got my webhost to unsuspend my account for a few hours to try and fix it. I think I found a problem... in my web_users account, there's some files in there I didn't put in that were put in there the day my account got suspended. Specifically, a CTG.rar file and some html files. I can't delete them, for some reason. I try deleting, editing, everything, my FTP says "permission denied." WTF, it's my website, why can't I delete files on my server?
I don't know what to do. I'm only moderately familiar with website semantics so I have no idea what the web_users folder is in the first place. -
if your webhosting company is running Apache webserver, there should be few (if any) ways for anyone to manipulate or take advantage of your box for vulnerabilities.
most of the time, you're hosting on a shared box. there are other people who use the same box that you do. if someone has root access to the box your site is hosted on, they can put files in your directories and take ownership of those files meaning you cant delete them. it could be someone at the hosting company itself that is taking advantage of your box, someone with root access or privileges that allow them to do this. that's my best guess without knowing more.
either that or someone has hacked the root account on your box and is using your directories to do whatever nastiness is occurring. is your website hosting Windows 2000/2003 Server or Linux/Apache? -
Someone else used to own my website two years ago before I took over and I just found out that they had given two people FTP accounts on my site, so that's why I couldn't delete them, I guess. It was on an obscure part of my control panel I've never paid attention to, but now that I did some searching, I figured out what to do and I deleted the bad files. I deleted the web accounts as well so I'm the only person with access.
This is still something (the uploading of virus/spam files) that happens to my site quite often though, usually once a week or so. The website is Apache/ 1.3.29 (Unix)... I'm not sure what that means, that's just what I read.
That would suck if someone had root access to my box and I couldn't do a thing, because my webhost Globat would not do a damn thing about it. They have worst customer service of any webhost and as soon as my contract runs out in April, I'm switching to someone else. I've had enough of Globat's bullshit. -
how are they uploading these viruses/spam to your website? do you have advertisers on your site that might be redirecting traffic to your site automatically? i ran into that problem and eventually went to an ad-free blog as a result.
there is no way to "upload" to your website directly, they would have to be going thru your mail port on your server or uploading to your ftp. -
I have no idea, I'll be honest. I don't really do advertisements anymore, so I don't think that's it. All I know is that every once in a while, random files will show up on my website and I didn't put them there. Sometimes they're html files, sometimes they're images, a lot of times they are zip or rar files. That's why I wanted to see if I could find someone to analyze my site and figure out how they're doing it.
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Categories
- All Discussions3,267
- General2,523
- Band Promotion217
- Blog Promotion259
- MP3 Blog Tips148
- MP3 Blog Tools120
- Private Messages0