How Do I Prevent Hackers Attacking My Website?
Hello everyone,
I just spent the last month researching HTML, CSS, PHP, and a little bit of SQL and Javascript in order to put up my little website, www.supportgore.org. My website involves obtaining pledges to vote for Al Gore in order to inspire him to run in 2008. It involves a pledge form, which then gets sent to a MySQL database which then displays a list of pledges on my website.
Well, I am definitely no compuguru, and when I came across a negative comment on my website, I went to my database to check the IP address, only to discover that this address had already submitted four times, some were nice comments, as well. So I googled the IP number, (207.200.116.8) only to find to my great dismay that it was involved in a major wikipedia encyclopedia attack (http://en.wikipedia.org/wiki/User:Mboverload/vandalattack).
I did a little more research, and came across this forum where someone asked about ISP (sic) addresses, and saw that you guys know what you're talking about, and might be so kind as to give me some answers on what to do. So here are some questions:
IP addresses: How do they work? Does everyone have a unique address? What are dynamic IP addresses? So they can change? This user supposedly can change at least the last three digits of his address, based on the wikipedia article. How to deal with that? What about this proxy thing? Does that make it so he can have whatever IP address he wants (at least to my computer)? Is this guy tracable based on his IP address? I also came across another IP address (152.163.101.8) that pledged four times (all from different states). This address, as well as the first one, seems associated with aol. Because of this, could different people share/use this IP address?
This person sounds like he is a pretty good hacker, and may try to infiltrate my database, and also put offensive pics on my site, amongst other things. If you have any suggestions on what I can do to protect myself, I'd be greatly appreciative.
I also want to protect myself, and make sure that someone like this couldn't figure out where I am, which from your previous article, sounds like he could figure out my IP address if I emailed him. Are there ways to protect my privacy via email, and any other method where someone may be able to figure out info on me, my website, and my computer?
Thank You.
~Craig.
I just spent the last month researching HTML, CSS, PHP, and a little bit of SQL and Javascript in order to put up my little website, www.supportgore.org. My website involves obtaining pledges to vote for Al Gore in order to inspire him to run in 2008. It involves a pledge form, which then gets sent to a MySQL database which then displays a list of pledges on my website.
Well, I am definitely no compuguru, and when I came across a negative comment on my website, I went to my database to check the IP address, only to discover that this address had already submitted four times, some were nice comments, as well. So I googled the IP number, (207.200.116.8) only to find to my great dismay that it was involved in a major wikipedia encyclopedia attack (http://en.wikipedia.org/wiki/User:Mboverload/vandalattack).
I did a little more research, and came across this forum where someone asked about ISP (sic) addresses, and saw that you guys know what you're talking about, and might be so kind as to give me some answers on what to do. So here are some questions:
IP addresses: How do they work? Does everyone have a unique address? What are dynamic IP addresses? So they can change? This user supposedly can change at least the last three digits of his address, based on the wikipedia article. How to deal with that? What about this proxy thing? Does that make it so he can have whatever IP address he wants (at least to my computer)? Is this guy tracable based on his IP address? I also came across another IP address (152.163.101.8) that pledged four times (all from different states). This address, as well as the first one, seems associated with aol. Because of this, could different people share/use this IP address?
This person sounds like he is a pretty good hacker, and may try to infiltrate my database, and also put offensive pics on my site, amongst other things. If you have any suggestions on what I can do to protect myself, I'd be greatly appreciative.
I also want to protect myself, and make sure that someone like this couldn't figure out where I am, which from your previous article, sounds like he could figure out my IP address if I emailed him. Are there ways to protect my privacy via email, and any other method where someone may be able to figure out info on me, my website, and my computer?
Thank You.
~Craig.
0
Comments
~Craig.
Your webhost is responsible for this kind of stuff.
There are, more or less, 4,294,967,296 unique IP addresses in the world right now. Any device connecting to the internet must have an IP address. IP addresses are distributed in blocks to major ISPs, universities, and very large companies by a couple organizations including ARIN, ICANN and many more; these IPs are eventually assigned to unique devices by the company/ISP/university/organization they were given to. Only the device that actually does the connecting to the internet uses up an IP address on the web. For example, a router may have 40000 PCs connected to it, but in theory it could only take one IP address. This is an extravagant example, but it shows the relationship between internet connectivity and IP assignment.
An IP address can be "Static," or one that never changes. Websites like Short-Media.com, for example, has an IP address that will always be 209.124.56.70 until someone decides to change it. For home users, this is generally a service this must be paid for from the ISP. For businesses, universities, and other large websites, static addressing is almost always the rule. An IP address can also be "Dynamic," wherein users connecting to a service provider are assigned a random address from a block of IPs made available to a group of users by their ISP. The metric for IP reassignment, or when a user gets a new IP addressed, is determined entirely by the ISP: Some users get a new one every time they reconnect to the internet, some get a new one every two weeks, some wait years until they get a new one even though they're technically on a dynamic IP system. Users who get a new IP every time they reconnect can be a particular pain in the ass, as you've clearly begun to notice.
You could ban his entire IP block. Since his last three digits change, you could ban everything from ###.###.###.--- and it wouldn't matter what his last three digits are. He'd never be able to get to your website without a proxy again. More carefully, however, you should research Access Control Lists (ACLs) to filter out specific IP ranges, without ban-sticking a morass of interweb users who might be amenable to your cause.
A proxy masquerades, or hides, the originating IP address by launching a connection to your website from another PC that sits between the user and you. This PC could be any number of PCs that a dedicated proxy server might have, with any number of addresses it has under its ownership. By in large, it is very hard to trace IP addresses behind a proxy, but there may be modules for PHP/Apache to block proxy-based connections. Other people would have to chime in on that because I know very little about web-serving.
It's probably another proxy. Ban it and don't look back
Welcome to the headache that is webmastering
All right, some responses to your guys' wonderful suggestions:
I could just put some code in my php so that anyone submitting a pledge from the two aforementioned IP addresses just wouldn't go through. Do you think that would be an effective enough ban, or would it be better to go to my webhost and have them block them from my entire website?
Will blocking someone with enough hacker expertise do anything at all??? I mean, with proxies, it sounds like that method won't really work. Which means, I am guessing, there must be other methods of protecting websites, probably on a level where I would have to hire a service or professional to do the job. Is that correct?
I am really wondering about the email thing: If this hacker were to send me an email, and I didn't know it was him/her, and I responded back, couldn't he get my IP address, and from that (if skilled enough) figure out where I live, or worse, hack into my computer, finding potential passwords to manipulate my website? Am I being overly paranoid, here? And are there ways to send email so that my IP isn't revealed?
And finally, if a hacker did what he did to wikipedia, and they knew his IP and the time he did his stuff, why can't they have him arrested and have charges pressed against him?
Thanks for your help.
1. To "convince" Al Gore to run you'd have to do it in less than 2 months. Nov. of this year is when they will start to heavily campaign. So in order to get 65 Million people to sign your list (which you stated as the goal) you'd have to get more than 6 million a day and 45,000 an hour. And thats just signatures. That doesn't even count the people that visit your site and don't sign up witch would be about 3:1. I doubt your server would handle that much traffic ;-)
2. Even if Gore did decide to run how would he even win the primary when he is no longer (if he ever was) the Democrats favorite son?
Since this is off topic, you can message me your answers if you wish.
I'll try to keep the "political" side of this as short as possible, as there actually IS a very valid point you bring up on the technical side of this, and that is: COULD my website handle 65,000,000 pledges? I am not expertise enough to know that answer. All I know is that my hosting plan is set up with 25 MySQL databases (which I could up to 50 and probably more), with each database supposedly being able to handle 50 users at once, which would only be for a quick transfer of information. As for bandwidth, my account is set up with one terabyte of data transfer per month. Still, I don't know, and maybe there are some gurus out there that could tell me whether that is enough. I am also prepared to go to a virtual or a dedicated server if my site were to get big enough, which I assume would help. As for the political side here (I'll be as brief as possible), I am no buff on this side either, but checking in wikipedia encyclopedia under United States presidential election, 2008, they say that it is rare for a candidate to declare his candidacy prior to (in this case) late in the year (like November) of 2007. Are you sure your estimates are not off by a year?
~Craig.
~Craig.
~Craig.
similar problem:
I need a really simplified method of blocking countries
like Turkey, Arabia, Malaysia, Malta, Netherlands, Sweden,
Korea, Saudi Arabia, etc., from access to my website.
In fact, I'd like to block EVERY country except USA,
Canada, Australia, and United Kingdom, for now.
Here is why...
My website has suddenly come under attack from spammers,
scrapers, and hackers. I see odd activity on my server log
sheet. And, many of them come from a place called,
"http://hackersdownload.com"
Also, I get bogus email addresses from my online sign-up
form, at least one or two, each and every day. Nearly all
of them seem to fit a specific naming pattern...
Here are some of them:
Subscriber Name=====>tzuevhmhzp
Subscriber EmailId====>dgmmsj@lccnbc.com
IP Address====>98.227.177.191
Subscriber Name=====>behjmhmjsr
Subscriber EmailId====>zggqin@eiisah.com
IP Address====>158.64.14.22
Subscriber Name=====>owxmhklp
Subscriber EmailId====>jracrk@ahprkp.com
IP Address====>24.23.151.217
(Notice above, in every single bogus email I've received,
there are exactly SIX letters in the DOMAIN NAME segment.
Is there a clue in this?)
I have already gone to
http://www.find-ip-address.org/ip-country/
and retrieved the most recent lists of every country's IP
address by IP RANGE, and changed my .htaccess file; typed
in "deny from" every single address that comes from the
CIS lists (took me hours to complete that, about 14,500
lines of email addresses!)
Much of this is to no avail because, these hackers and
spammers seem to know more than I do about e-mail
addresses and especially about how to find a newly
available IP address that is NOT covered on all of the
14,500 lines I already blocked.
By the way, what do they want from my site anyway? What
are they doing in there? Are they robbing my content,
trying to undo my ClickBank or other affiliate pay codes?
And, how does it benefit them to sign up on my web form
with a bogus email address? What is the purpose of that?
Whatever, these guys are undermining the integrity of my
site.
Can somebody please help me with this one?
SOS!
(P.S.) by the way, I contacted my web host and told them
all about it. My web host's response is, "We do not
provide support on programming issues such as this."
We need to know more about your platform: and what kind of access you have to your server equipment: Are you on a shared server and only have access to upload files to your webserver, or do you have a dedicated box / virtual server that you can access the OS level to?
A good webhost should be able to block bots, spiders and allow you to specify IP ranges or domain (.ru for example) from getting to your site. That's the hosts job. The rest is on you. Using CAPTCHA or an email verify are also about all you can do without making it more hassle then it's worth for legitimate people.
Also through the power of the net it's pretty much impossible to prevent people from voting multiple times if they want to. Even using email verify most people have at least 2 or 3 email addresses they could pose as. Oh speaking of email verifying there are many 1 shot email providers so that's not even really any proof. Essentially you just have to accept that a pole like you are doing is suseptable to tampering and only a fraction of the truth at best.
As for other threats like overflows and cross site scripting, you need to reference your PHP educational materials about these things as they fall under common practices. We used to use PHP-Nuke on our site for content management. Then one day we look at the site and the Turkish Jyhad queen team had defaced us. How embarrassing for a security expert to have his site defaced right? Thats what we got for being lazy and trusting someone elses code. We took a week and designed our own content manager that was faster and had built in security features that we came up with. You should be able to do the same for your sites. Any well coded interface can stand in the face of hackers all day.
Contact me via e-mail at dan@nerdnos.net and we'll see what we can do for you, and what costs would be like. Toss me your number, and I'll give you a ring.
Thanks,
Dan