Message Board

Bugs & Development

Older Posts ]   [ Newer Posts ]
 WEBSITE HACKED AFTER INSTALL
Author: P.McFye   (23 Apr 07 11:39am)
Somebody please help me. After installing the honeypot stuff on my website my site has been seriously hacked. How can I completely remove honeypot??
 
 Re: WEBSITE HACKED AFTER INSTALL
Author: M.Prince   (23 Apr 07 4:15pm)
If you followed the instructions, the honey pot software does not have write access to your machine and runs in whatever sandboxed scripting environment you have setup. It is unlikely that the honey pot script caused your box to be hacked. However, if you provide more details (scripting language, server type, OS version, web server version, etc.) we will definitely look into it.

To remove the honey pot script from your site simply delete the script file. Again, the script should not have write access to your server and should only run when it is accessed by a visitor to your site.

Matthew.
 
 Re: WEBSITE HACKED AFTER INSTALL
Author: M.Prince   (23 Apr 07 4:18pm)
PS - While the honey pot software is published Open Source and has been reviewed by thousands of users for potential vulnerabilities, if you are concerned over installing the script software on your server, the QuickLinks program is a great alternative. QuickLinks merely requires you to include a line of HTML on your existing web pages. No software to install. Can be helping the Project in a matter of minutes.
 
 Re: WEBSITE HACKED AFTER INSTALL
Author: P.McFye   (26 Apr 07 4:03pm)
Ok, maybe it was just a coincidence that a week after running the honeypot scripts on my webserver we got hacked into. Something on my server opened WebDAV in IIS6.0 which is shut off by default. This opened a hole for a hacker to get in. I don't know if honeypot activates WebDAV, I doubt it but I've since removed the honeypot links on my webserver. Just for fun you might want to check and see if WebDAV is activated on your webserver. I won't explain how but this can allow hackers access to your site, trust me I know. I found out the hard way.
 
 Re: WEBSITE HACKED AFTER INSTALL
Author: M.Prince   (26 Apr 07 5:32pm)
Well, we don't run Windows Server/IIS... so I don't think WebDAV could be open on any of our servers even if it wanted to be.

You can look at the code of the Honey Pot since it's published completely Open Source. It's relatively straight forward. The only complication is that the ASP version includes an MD5 hash function since some old versions of ASP didn't support MD5. If anyone does find something in the ASP code that shouldn't be there, let us know immediately.

If you're concerned with installing software on your machine you can always participate in the QuickLink program which doesn't require you to add any software, just add a single linke of HTML to your web pages. I can't imagine any way in which that would create a security risk.



You may browse the discussion topics, but you must sign in to post. If you do not have an account, you can create one for free.

do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–24, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email