 |
|
|
|
|
Home  Our News/Blog How web sites are hacked into and what they do next
|
How web sites are hacked into and what they do next |
Hi All
Welcome to this Newsletter, some of the info has been explained in the media, but there are other parts where I explain how they do it and what they use the results for. Every day one of my clients asks
- “Is there any way to stop spam”
- “Can we stop emails from the fake banks”
Or even worse
- “my bank keeps sending me emails but it’s a dead link”
This email is just to show you what is going on that the media brush over but haven’t told in details what is happening and where the spam actually comes from. Some of you may know all this, but I have to say, in almost 10yrs in this industry, I had never actually seen most of it first hand, so I thought I would show you all what is going on and how it works, to give you a good understanding of the way they send it. I have just caught somebody this morning in mid hack on my server, and taken from them some of their “tools”, and re-uploaded to my site for you to see. This allows you to see first hand how and where the spam comes from, and what they do with it. First of all they find a website that a writable directory/folder, these are almost always needed for images, so the website owner (my clients) can add images, which a talented hacker/programmer can use to gain entry to the server (a server is exactly like your computer where the website lives). They add one file, a small script made with web code called PHP. I have uploaded the exact one they tried to upload to one of my sites this morninghttp://www.newworlddesigns.co.uk/how-spam-is-made/bulksender/admin.php?MainPageI have adjusted this, so you can’t do anything with it at all and is completely safe for anybody to view. This script allows ANYBODY to
- Proxy Detect
This gives valuable info about the server (where the website lives), what it can and cant do, what features it has for them to use to the hackers advantage
- File Manager
Add other files to anywhere in that site, any other site on that server, or even worse any other site that maybe hosted on that server even if another client of that hosting company (another design company that also hosts websites with the same hosting company). They can even add files to un-writable folders this way, so no where is secure.
- PHP Shell
This gives info for the hacker to use; I have totally disabled this, so it can’t be used against me.
- Port Check
Another set of tools for them to find info about your server, to work out ways to hack it even further
- Mass Mailer
This allows anybody to send many millions of emails out (spam), I have explained this in more detail below.
- Delete Me
This then deletes this script at any time, allowing people to add this file, upload a load of hidden files into the site anywhere, then delete this one, so nobody knows how they gained access to the site stopping the webmaster securing it, so they have access again next time.
They set this type of thing up, and then post messages on hacker’s forums, telling people where the script it posted. This then allows anybody to visit that page, and do as they wish with your site. The mass mailer is one of the most expensive parts to the website owner. They add a fake name and email address at the top, add a subject for the email and then in the left white box, add the content of the email. In the right box they copy and paste a list of emails (many millions) they have “acquired”, and click on send emails. It can send millions of emails out per day, at the expense of the person who owns the site. The email can be selling you adult toys and pills, but more profitably it will be telling you that a bank has lost all of your details, and they would like you to click on the link and re-join. But when you enter your details, all it will do is take you to another page telling you there is a technical problem or a “thank you” page. But in real life it has collected your username and password, and sent the details to an email address stored in that page. I have uploaded a real mini site that was added to my website at the same time as the script abovehttp://www.newworlddesigns.co.uk/how-spam-is-made/bank/banking.htmlThis has been disabled completely and the form doesn’t work. The person who has had those details sent to them (usually in another country like Nigeria, or Vietnam where the government have more priority things to do than worry about middle class westerners being ripped off) then logs into your bank account and empties it. The problem is the email address that they send the spam from (the one they said it was coming from) are banned by different suppliers such as AOL and hotmail, because they receive emails from that email address saying its yours and think you sent it. That email company then bans your email address, and there is nothing anybody can do, except jump up and down and stamp your feet. What’s worse is the email company not only ban your email, they ban all other emails that come from the server (called IP Address) where your email is stored. There maybe thousands of people have emails on one server, and all are banned. So you can see that bank fraud is nothing to do with them hacking into the banks, they actually have your login details. The way to stop this is simple if your not sure, type the URL into your browser your self by hand, don’t ever click on links. http:// session- 593993. abbey.co.uk. alcov.cn/ customerdata/ abbeyportal/ appmger/ This is the sort of link that would be in the email (this is a real link I got this morning). People see the blue bit, and think it is really from the bank, but it’s actually the red bit that the link is taking you to. Best idea is even if you are pretty sure it is from the bank, never EVER click on the link in the email and always type it by hand into the browser, I.E. www.abbey.co.uk. I spend over 50% of my time on this subject, checking sites and securing them, this is why my clients have to call me if they want to add images or extras as all sites are secured as un-writable, to prevent anything being added by a hacker. I am also sent an email report from my server every time anything at all is added to my server, so I know exactly what is happening all the time. This is email is meant for everybody, not just my clients, as I think it is such an important piece of knowledge for anybody using the net to know. If you have any questions or worries please reply to this email or give me a call on either of the numbers below. All the bestIan
|
|
|
|
|
|
|
|
|
|
|
Play our
Flash intro video
This gives an introduction to the system we-build the websites from, which allows our clients to login to the administration system, and change the content of the site with out any technical knowledge.
Click on the logo above to view the video, you will be very impressed I guarantee it.
|
|
|
|
|
|
