Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Alexey Sklyarov2018-07-08 20:21:10
Information Security
Alexey Sklyarov, 2018-07-08 20:21:10

How did you manage to upload the nastiness to the site?

There is a website with a portfolio, which I visit once or twice a month. Going to the site again, Google marked it as a Fake site (with a red background, etc.). I climbed on the hosting, found the muck that was in the /js/ folder
/js/UPDATE~INFO/
There were some scripts and other garbage. Deleted the whole thing, checked all the files. Everything is in order, but the question remains: how could it appear there? there were as many as two folders, with 5-10 files. Nobody except me has access to FTP, and from the forms - only a feedback form, I certainly suspect that something could be broken there, but how? What things need to be done, what to pay attention to, and most importantly, what to read so as not to be a complete oak in this matter?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

6 answer(s)
Report
S
Sergey, 2018-07-09
@edinorog

FTP... wordpress... vulnerabilities? Her son! It's fantastic!

Report
C
CityCat4, 2018-07-09
@CityCat4

Website hoster/VDS? If yes, then merge all the logs (even seemingly unnecessary ones), the site itself (so that the timestamps are not damaged), delete everything, restore the backup.
- View logs, detect suspicious activity
- Be sure to pay attention to who owns the junk scripts - this will give information about under whose rights they were recorded - ftp, www or someone else.
- Perhaps they screwed up FTP - it's not so difficult if the user is guessable and the password is simple
- Perhaps they found an error in the code of the site itself or the engine (if the site is on the engine)

Report
J
jcmvbkbc, 2014-11-08
@jcmvbkbc

Hello, Nikita Vasiliev!
There is one request. While you're young, learn how to use search.
I hope it will be clear to the youthful mind.

Report
K
Kirill Zelensky, 2014-11-08
@DrunkPunk

You need to study and get fives. Then enter a good university, for example, at Moscow State University at the Faculty of Computational Mathematics, and there you will be taught how to be a programmer))
In general, it is better to learn how to write program algorithms right away along with some kind of language.
Try the book "C++ for dummies". Everything is very clearly described. If you master it and you like it, then the programmer is yours :)

Report
D
Dmitry Timofeev, 2014-11-08
@timda

Tell us why you want to become a programmer.

Report
A
Azim Kurt, 2014-11-08
@Symphony

Take to get started:
2.jpg

Similar questions
D
dm2015-05-29 13:19:38
The name of the Cyrillic font in the picture? 6Reply
A
asdasdqwe2022-04-14 10:58:12
Why doesn't CORS protect form submission? 1Reply
F
Flexonimus2022-04-17 18:03:59
How to get the MAC address of a router using a Python script? 1Reply
C
Chvalov2014-09-29 19:06:06
Where to download or buy amplia security assessment suite? 0Reply
D
Denis Goncharenko2019-03-04 10:34:43
What is the meaning of wp_nonce? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question