0
rehman
7y

Somebody's messing with our site again. I thinks he's tha hacker who pulled the code from a demo version of our site now every other day he's running malicious script to do damage.
Currently we are monitoring site traffic and one user is active from 4 days and 10 hour long everyday with UK location.
Do anyone knows how to catch him and what to do?
Currently he was able to delete all images from a folder.

Comments
  • 5
    Not to be that guy, but you need to hire a php security guy. While php is not an insecure language on its own, the fact that it will not fail even on a failing instruction opens up a host of exploits. You need to get a php security guy and a trainer to teach the team safe php programming practices.

    Or stop using php because it is a terrible language.
  • 1
    @projektaquarius alright Yea, but I'm just curious that is there a way to get to know who's that guy behind this.
    Somebody must have proxy and all and they maybe using bash script to hit urls.
    Is there any way we can figure out who's the person?
  • 1
    In France, if your services are under attack, the only legal defense other than denying the attacker access to your network is asking the police to defend you.

    Block him using your firewall. If he persists, write a script to watch for suspicious behavior, and when one is detected, block it also.
  • 1
    @projektaquarius Don't agree with it being an awful language. Altough earlier versions weren't that great, it's still awesome imo :)
  • 0
    Guys all I want to know atm is there any way we can stop traffic from proxies/vpn?
  • 0
    There are probably lists of detected proxy/VPN that you can use for your firewall. Other than the amount of queries from a single ip, there's not much you can use to differenciate VPN traffic from legitimate traffic, and some VPN traffic can indeed be legitimate.
  • 0
    @CptFox just by searching I came to know about clodeflare.
    Do you have any knowledge about it?
  • 0
    @linuxxx gotta disagree. I will give it credit that it fixed a lot of what was inherently wrong with it. But the whole "it doesn't break even when it should" thing is awful and part of the reason why most vulnerabilities in web programs are found in php sites. I wish I had the php hammer image ready. I would continue but I would just be repeating everything said about php ever.
  • 0
    @projektaquarius Fair enough, opinions are opinions :). I've never heard about that breaking and well yeah, php runs about 90 percent of the web or something so that would be quite logical. You can program non-secure easily in a lot of languages. (yes, have experience with that myself). But anyways, let's agree to disagree!
  • 1
    @rehman I did forget about third party protection. I had heard of cloudflare for DDOS protection. I must say I don't have much experience, since I just graduated.

    They seem to use the fact that they protect a lot of sites to run behaviour analysis and keep tabs on suspicious IPs.

    I've had good feedback from the director of my CompSec master about these mutualised protection services, so unless someone here can share some bad experiences with them, my guess is they should be worth a try.
  • 1
    @linuxxx awww I wanted a flame war (j/k). For some entertaining reading though you should read PHP: a fractal of bad design.

    But I will agree to disagree. Php is one of those things I hate but have grown to accept. Like tourists and people who pronounce gif wrong.
  • 1
    @projektaquarius People who pronounce gif as jif should just die right away. At least we agree on something (PLEASE DON'T SAY YOU PRONOUNCE IT LIKE JIF)
  • 1
    @linuxxx yes I do. I also pronounce graphics as jraphics and Google as Joojle /sarcasm
  • 1
    (@projektaquarius) fair enough @progectaquarios!
Add Comment