I am writing this post to explain how accounts on server get hacked. Many times it happens that cpanel accounts on server are hacked. Most common hacks are like index page is replaced with some other code thus defacing your website. Some times this types of hacks happen on all accounts including backup on server. Many times it is also an Iframe Hack where hacker puts an extra code to your website and whoever accesses that website, a virus enters their computer thus infecting it. We are not going deep in to the types of hacking but what I am going to explain here is how can we stop this from happening or at least prevent or avoid from happening.

Now one would ask “How does this hacking takes place?” Such defacing hacking takes place and we get victim of it because we are careless or we don’t have basic knowledge of keeping our site secure. It is us who give a way for any hacking to take place. Any hacking which is taking place by browser happens due to weak permissions. Many common php applications we use like a picture gallery, forum etc are start point of hacking if and only if they are insecure or are of older versions or some files or directories of that applications are having weak permissions like 777 or 755. For example I have a application which has option of uploading a file. Now if that uploaded file is going in directory for example “images” and “images” is having 777 permissions. Now if I upload any defacing script using that options to images directory say “deface.php” then I can easily access that script using link:

http://domain.com/images/deface.php

as the images directory is having 777 permissions I can easily execute that script and can deface that account or website. If the permissions on other directories of server are really weak then I can deface the files in other locations of server also. After uploading the script I find more accounts on server who are having weak permissions then I can run my script from its current location and can hack other accounts too. So in this way your account, some other accounts or even whole server is hacked due to weak permissions. To clear this point I have attached a small php script with this post. Just upload it to your account and access it from browser you will see that you can browse other files on server whose permissions are weak.

Download test file: webadmin.zip‎

Author: W H Robert

The number and sophistication of phishing scams sent out to consumers is continuing to increase dramatically. While online banking and e-commerce is very safe, as a general rule you should be careful about giving out your personal financial information over the Internet. The Anti-Phishing Working Group has compiled a list of recommendations below that you can use to avoid becoming a victim of these scams.

• Be suspicious of any email with urgent requests for personal financial information
  • unless the email is digitally signed, you can’t be sure it wasn’t forged or ‘spoofed’
  • phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately
  • they typically ask for information such as usernames, passwords, credit card numbers, social security numbers, date of birth, etc.
  • phisher emails are typically NOT personalized, but they can be. Valid messages from your bank or e-commerce company generally are personalized, but always call to check if you are unsure
• Don’t use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don’t know the sender or user’s handle
  • instead, call the company on the telephone, or log onto the website directly by typing in the Web adress in your browser
• Avoid filling out forms in email messages that ask for personal financial information
  • you should only communicate information such as credit card numbers or account information via a secure website or the telephone
• Always ensure that you’re using a secure website when submitting credit card or other sensitive information via your Web browser
  • Phishers are now able to ‘spoof,’ or forge BOTH the “https://” that you normally see when you’re on a secure Web server AND a legitimate-looking address. You may even see both in the link of a scam email. Again, make it a habit to enter the address of any banking, shopping, auction, or financial transaction website yourself and not depend on displayed links.
  • Phishers may also forge the yellow lock you would normally see near the bottom of your screen on a secure site. The lock has usually been considered as another indicator that you are on a ‘safe’ site. The lock, when double-clicked, displays the security certificate for the site. If you get any warnings displayed that the address of the site you have displayed does NOT match the certificate, do not continue.
• Remember not all scam sites will try to show the “https://” and/or the security lock. Get in the habit of looking at the address line, too. Were you directed to PayPal? Does the address line display something different like “http://www.gotyouscammed.com/paypal/login.htm?” Be aware of where you are going.
• Consider installing a Web browser tool bar to help protect you from known fraudulent websites. These toolbars match where you are going with lists of known phisher Web sites and will alert you.
  • The newer version of Internet Explorer version 7 includes this tool bar as does FireFox version 2
  • EarthLink ScamBlocker is part of a browser toolbar that is free to all Internet users – download athttp://www.earthlink.net/earthlinktoolbar
• Regularly log into your online accounts
  • don’t leave it for as long as a month before you check each account
• Regularly check your bank, credit and debit card satements to ensure that all transactions are legitimate
  • if anything is suspicious or you don’t recognize the transaction, contact your bank and all card issuers
• Ensure that your browser is up to date and security patches applied
• Always report “phishing” or “spoofed” e-mails to the following groups:
  • use the form on this page or forward the email to reportphishing@antiphishing.org
  • forward the email to the Federal Trade Commission at spam@uce.gov
  • forward the email to the “abuse” email address at the company that is being spoofed (e.g. “spoof@ebay.com”)
  • when forwarding spoofed messages, always include the entire original email with its original header information intact
  • notify The Internet Crime Complaint Center of the FBI by filing a complaint on their website: www.ic3.gov/

For more information, check some of the following sources:

For more information about how to protect yourself, see our Fact Sheet 17a Identity Theft: What to do if It Happens to You athttp://www.privacyrights.org/fs/fs17a.htm. Read the information and tips put out by the Federal Trade Commission about phishing athttp://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt127.shtm. Read the Department of Justice’s recent whitepaper “Special Report on Phishing” at http://www.apwg.org/reports/DOJ_Special_Report_On_Phishing_Mar04.pdf

Information :http://www.antiphishing.org/consumer_recs.html