How Do I Prevent Hackers Attacking My Website?

Hello everyone,

I just spent the last month researching HTML, CSS, PHP, and a little bit of SQL and Javascript in order to put up my little website, www.supportgore.org. My website involves obtaining pledges to vote for Al Gore in order to inspire him to run in 2008. It involves a pledge form, which then gets sent to a MySQL database which then displays a list of pledges on my website.

Well, I am definitely no compuguru, and when I came across a negative comment on my website, I went to my database to check the IP address, only to discover that this address had already submitted four times, some were nice comments, as well. So I googled the IP number, (207.200.116.8) only to find to my great dismay that it was involved in a major wikipedia encyclopedia attack (http://en.wikipedia.org/wiki/User:Mboverload/vandalattack).

I did a little more research, and came across this forum where someone asked about ISP (sic) addresses, and saw that you guys know what you're talking about, and might be so kind as to give me some answers on what to do. So here are some questions:

IP addresses: How do they work? Does everyone have a unique address? What are dynamic IP addresses? So they can change? This user supposedly can change at least the last three digits of his address, based on the wikipedia article. How to deal with that? What about this proxy thing? Does that make it so he can have whatever IP address he wants (at least to my computer)? Is this guy tracable based on his IP address? I also came across another IP address (152.163.101.8) that pledged four times (all from different states). This address, as well as the first one, seems associated with aol. Because of this, could different people share/use this IP address?

This person sounds like he is a pretty good hacker, and may try to infiltrate my database, and also put offensive pics on my site, amongst other things. If you have any suggestions on what I can do to protect myself, I'd be greatly appreciative.

I also want to protect myself, and make sure that someone like this couldn't figure out where I am, which from your previous article, sounds like he could figure out my IP address if I emailed him. Are there ways to protect my privacy via email, and any other method where someone may be able to figure out info on me, my website, and my computer?

Thank You.

~Craig.

Comments

  • edited September 2006
    Oops! My link to the wikipedia article doesn't work because of the ) at the end. Hopefully this one will: http://en.wikipedia.org/wiki/User:Mboverload/vandalattack
    ~Craig.
  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited September 2006
    if your website has been attacked, you can ask your web host to block the IP, or the entire block of IPs that belong to that person. You can also file a complaint with the user's ISP abuse department.

    Your webhost is responsible for this kind of stuff.
  • ThraxThrax 🐌 Austin, TX Icrontian
    edited September 2006
    How do they work? Does everyone have a unique address? What are dynamic IP addresses? So they can change?

    There are, more or less, 4,294,967,296 unique IP addresses in the world right now. Any device connecting to the internet must have an IP address. IP addresses are distributed in blocks to major ISPs, universities, and very large companies by a couple organizations including ARIN, ICANN and many more; these IPs are eventually assigned to unique devices by the company/ISP/university/organization they were given to. Only the device that actually does the connecting to the internet uses up an IP address on the web. For example, a router may have 40000 PCs connected to it, but in theory it could only take one IP address. This is an extravagant example, but it shows the relationship between internet connectivity and IP assignment.

    An IP address can be "Static," or one that never changes. Websites like Short-Media.com, for example, has an IP address that will always be 209.124.56.70 until someone decides to change it. For home users, this is generally a service this must be paid for from the ISP. For businesses, universities, and other large websites, static addressing is almost always the rule. An IP address can also be "Dynamic," wherein users connecting to a service provider are assigned a random address from a block of IPs made available to a group of users by their ISP. The metric for IP reassignment, or when a user gets a new IP addressed, is determined entirely by the ISP: Some users get a new one every time they reconnect to the internet, some get a new one every two weeks, some wait years until they get a new one even though they're technically on a dynamic IP system. Users who get a new IP every time they reconnect can be a particular pain in the ass, as you've clearly begun to notice.
    This user supposedly can change at least the last three digits of his address, based on the wikipedia article. How to deal with that?

    You could ban his entire IP block. Since his last three digits change, you could ban everything from ###.###.###.--- and it wouldn't matter what his last three digits are. He'd never be able to get to your website without a proxy again. More carefully, however, you should research Access Control Lists (ACLs) to filter out specific IP ranges, without ban-sticking a morass of interweb users who might be amenable to your cause.
    What about this proxy thing? Does that make it so he can have whatever IP address he wants (at least to my computer)? Is this guy tracable based on his IP address?

    A proxy masquerades, or hides, the originating IP address by launching a connection to your website from another PC that sits between the user and you. This PC could be any number of PCs that a dedicated proxy server might have, with any number of addresses it has under its ownership. By in large, it is very hard to trace IP addresses behind a proxy, but there may be modules for PHP/Apache to block proxy-based connections. Other people would have to chime in on that because I know very little about web-serving.
    I also came across another IP address (152.163.101.8) that pledged four times (all from different states). This address, as well as the first one, seems associated with aol. Because of this, could different people share/use this IP address?

    It's probably another proxy. Ban it and don't look back
  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited September 2006
    it's a tough call. You can ban proxied IPs, but then you basically shut out entire major ISPs such as AOL. And when you are trying to get people together for a cause, you can bet that a potentially enourmous audience can be found on AOL.

    Welcome to the headache that is webmastering ;)
  • zero-counterzero-counter Linux Lubber San Antonio Member
    edited September 2006
    This situation, IMHO, seems to be better left to your web hosting service and/or a professional security analyst...or a more competent webmaster. Please do not take offense, but if you are inquiring about IP addresses, more specifically what they are, then you may want to take a step back and re-evaluate your situation and when it may be time to call in someone with more knowledge in the area of expertise you are seeking.
  • edited September 2006
    Well I totally agree that I will probably need some greater expertise and/or helpers when (and if) my website gets bigger. I was anticipating having to deal with security issues down the road--just not in the first 26 pledges!!!

    All right, some responses to your guys' wonderful suggestions:

    I could just put some code in my php so that anyone submitting a pledge from the two aforementioned IP addresses just wouldn't go through. Do you think that would be an effective enough ban, or would it be better to go to my webhost and have them block them from my entire website?

    Will blocking someone with enough hacker expertise do anything at all??? I mean, with proxies, it sounds like that method won't really work. Which means, I am guessing, there must be other methods of protecting websites, probably on a level where I would have to hire a service or professional to do the job. Is that correct?

    I am really wondering about the email thing: If this hacker were to send me an email, and I didn't know it was him/her, and I responded back, couldn't he get my IP address, and from that (if skilled enough) figure out where I live, or worse, hack into my computer, finding potential passwords to manipulate my website? Am I being overly paranoid, here? And are there ways to send email so that my IP isn't revealed?

    And finally, if a hacker did what he did to wikipedia, and they knew his IP and the time he did his stuff, why can't they have him arrested and have charges pressed against him?

    Thanks for your help.
  • Dude-GuruDude-Guru St. Louis, MO
    edited September 2006
    This may be a little off-topic but I just checked out your website and I have a few questions for you.

    1. To "convince" Al Gore to run you'd have to do it in less than 2 months. Nov. of this year is when they will start to heavily campaign. So in order to get 65 Million people to sign your list (which you stated as the goal) you'd have to get more than 6 million a day and 45,000 an hour. And thats just signatures. That doesn't even count the people that visit your site and don't sign up witch would be about 3:1. I doubt your server would handle that much traffic ;-)

    2. Even if Gore did decide to run how would he even win the primary when he is no longer (if he ever was) the Democrats favorite son?

    Since this is off topic, you can message me your answers if you wish.
  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited September 2006
    Let's keep this discussion purely technical. :)
  • Dude-GuruDude-Guru St. Louis, MO
    edited September 2006
    Let's keep this discussion purely technical. :)
    Ok... Technically, how could he achieve the results he's looking for? lmao sorry, I couldn't help it. :wink:
  • edited September 2006
    OK Dude,
    I'll try to keep the "political" side of this as short as possible, as there actually IS a very valid point you bring up on the technical side of this, and that is: COULD my website handle 65,000,000 pledges? I am not expertise enough to know that answer. All I know is that my hosting plan is set up with 25 MySQL databases (which I could up to 50 and probably more), with each database supposedly being able to handle 50 users at once, which would only be for a quick transfer of information. As for bandwidth, my account is set up with one terabyte of data transfer per month. Still, I don't know, and maybe there are some gurus out there that could tell me whether that is enough. I am also prepared to go to a virtual or a dedicated server if my site were to get big enough, which I assume would help. As for the political side here (I'll be as brief as possible), I am no buff on this side either, but checking in wikipedia encyclopedia under United States presidential election, 2008, they say that it is rare for a candidate to declare his candidacy prior to (in this case) late in the year (like November) of 2007. Are you sure your estimates are not off by a year?
    ~Craig.
  • edited September 2006
    BTW, your estimate of pledges to website visits is pretty close; actually, more like 6:1. How did you come up with that estimate?
    ~Craig.
  • edited September 2006
    Does anybody know how the AOL IP proxy addresses really work? I am still wondering if it is possible for some of these addresses to just get placed from one computer to another each time a user logs in. I either have a few "good-intentioned" spammers who make pledges from the same IP address, and say they are from different states each time they pledge, or AOL just throws out their IP's every which way. I am guessing that they are spammers, but I want to be sure before I block honest users from my site. Any thoughts?
    ~Craig.
  • EnverexEnverex Worcester, UK Icrontian
    edited September 2006
    A quick and slightly hackish fix I can think of to help stop this for now would be that whenever a "pledge" is added to the site, it checks the previous pledges and just doesn't add it if that IP address has already pledged. I assume the rest of the data is being saved in a database when they pledge (name, state, etc) so I'd just add the users IP to be saved with each pledge and that way every pledge from that point could just search the current pledgers IP against previous pledgers. It's pretty simply to do and would stop people voting over and over (technically they could then start using proxies but that's longwinded and would take them a while anyway, and I doubt there are too many people that care 'that' much).
  • edited September 2006
    Thanks, I have already done that, actually. Made a Spam Table, that is. I am beginning to think that aol does a "blanket" proxy, so that there could be 1,000,000 aol users online, each with their own individual IP address, while aol sends in the header information the same IP proxy address for all 1,000,000 users. Wikipedia.org now is working with aol to get their XFF headers to help identify them. See: http://en.wikipedia.org/wiki/WP:AOL If anyone knows how I can do this for my website, I'd love to hear from ya!
  • edited December 2008
    Reading your post today, I sympathize... because I have a
    similar problem:

    I need a really simplified method of blocking countries
    like Turkey, Arabia, Malaysia, Malta, Netherlands, Sweden,
    Korea, Saudi Arabia, etc., from access to my website.

    In fact, I'd like to block EVERY country except USA,
    Canada, Australia, and United Kingdom, for now.

    Here is why...

    My website has suddenly come under attack from spammers,
    scrapers, and hackers. I see odd activity on my server log
    sheet. And, many of them come from a place called,
    "http://hackersdownload.com"

    Also, I get bogus email addresses from my online sign-up
    form, at least one or two, each and every day. Nearly all
    of them seem to fit a specific naming pattern...

    Here are some of them:

    Subscriber Name=====>tzuevhmhzp
    Subscriber EmailId====>dgmmsj@lccnbc.com
    IP Address====>98.227.177.191

    Subscriber Name=====>behjmhmjsr
    Subscriber EmailId====>zggqin@eiisah.com
    IP Address====>158.64.14.22

    Subscriber Name=====>owxmhklp
    Subscriber EmailId====>jracrk@ahprkp.com
    IP Address====>24.23.151.217

    (Notice above, in every single bogus email I've received,
    there are exactly SIX letters in the DOMAIN NAME segment.
    Is there a clue in this?)


    I have already gone to
    http://www.find-ip-address.org/ip-country/
    and retrieved the most recent lists of every country's IP
    address by IP RANGE, and changed my .htaccess file; typed
    in "deny from" every single address that comes from the
    CIS lists (took me hours to complete that, about 14,500
    lines of email addresses!)

    Much of this is to no avail because, these hackers and
    spammers seem to know more than I do about e-mail
    addresses and especially about how to find a newly
    available IP address that is NOT covered on all of the
    14,500 lines I already blocked.

    By the way, what do they want from my site anyway? What
    are they doing in there? Are they robbing my content,
    trying to undo my ClickBank or other affiliate pay codes?

    And, how does it benefit them to sign up on my web form
    with a bogus email address? What is the purpose of that?

    Whatever, these guys are undermining the integrity of my
    site.

    Can somebody please help me with this one?

    :mad:

    SOS!

    (P.S.) by the way, I contacted my web host and told them
    all about it. My web host's response is, "We do not
    provide support on programming issues such as this."
  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited December 2008
    My initial response is this: Find a new webhost. One that will listen to you and be able to give you support at the hardware level to block IP blocks.

    We need to know more about your platform: and what kind of access you have to your server equipment: Are you on a shared server and only have access to upload files to your webserver, or do you have a dedicated box / virtual server that you can access the OS level to?
  • EnverexEnverex Worcester, UK Icrontian
    edited December 2008
    I work for a company that would give you exactly the same response, why? Because it IS a coding issue. All you need to do is put some sort of human element response into it and the problem will go away. One example would be captcha, another would be the system I use on my site which simply says "Write CHEESE in this box" and checks that they have done so, both of which result in these bots unable to use the form. Blacklisting huge chunks of the world wont really help in the long run.
  • kryystkryyst Ontario, Canada
    edited December 2008
    You can't prevent real people hackers if they are picking you as a target, you can deter them. But deterring them means making it more difficult for others so you need to find a balance.

    A good webhost should be able to block bots, spiders and allow you to specify IP ranges or domain (.ru for example) from getting to your site. That's the hosts job. The rest is on you. Using CAPTCHA or an email verify are also about all you can do without making it more hassle then it's worth for legitimate people.

    Also through the power of the net it's pretty much impossible to prevent people from voting multiple times if they want to. Even using email verify most people have at least 2 or 3 email addresses they could pose as. Oh speaking of email verifying there are many 1 shot email providers so that's not even really any proof. Essentially you just have to accept that a pole like you are doing is suseptable to tampering and only a fraction of the truth at best.
  • edited January 2009
    I'm in the field of security. What you need is a more clever way of breaking bots. If you add in some form of CAPTCHA method or other clever user interaction then you disable the bots ability to trash your setup. This leaves you with the individual A-holes tht like to sit around and trash peoples stuff by hand. You need to add in your php a few lines to compare the host IP to a list that YOU maintain. This isn't too hard to do.

    As for other threats like overflows and cross site scripting, you need to reference your PHP educational materials about these things as they fall under common practices. We used to use PHP-Nuke on our site for content management. Then one day we look at the site and the Turkish Jyhad queen team had defaced us. How embarrassing for a security expert to have his site defaced right? Thats what we got for being lazy and trusting someone elses code. We took a week and designed our own content manager that was faster and had built in security features that we came up with. You should be able to do the same for your sites. Any well coded interface can stand in the face of hackers all day.
  • foolkillerfoolkiller Ontario
    edited February 2009
    Security Expert eh? I remember that I didn't want to use PHP Nuke because it was too hackable, but you convinced me to be lazy, which really wasn't all that hard tbh.
    I'm in the field of security. What you need is a more clever way of breaking bots. If you add in some form of CAPTCHA method or other clever user interaction then you disable the bots ability to trash your setup. This leaves you with the individual A-holes tht like to sit around and trash peoples stuff by hand. You need to add in your php a few lines to compare the host IP to a list that YOU maintain. This isn't too hard to do.

    As for other threats like overflows and cross site scripting, you need to reference your PHP educational materials about these things as they fall under common practices. We used to use PHP-Nuke on our site for content management. Then one day we look at the site and the Turkish Jyhad queen team had defaced us. How embarrassing for a security expert to have his site defaced right? Thats what we got for being lazy and trusting someone elses code. We took a week and designed our own content manager that was faster and had built in security features that we came up with. You should be able to do the same for your sites. Any well coded interface can stand in the face of hackers all day.
  • edited February 2011
    Ok so basically, I run a habbo hotel retro. but i keep being hacked :l or dosed. Sometimes they delete my htdocs files and make index.cfm say somethin like You just got hacked by so one so. Anyways,Im hiring someone that can hack proof this site. Its on a VPS and i need help like ASAP. Can pay with $$ or staff you're choice. Thanls, iVision.
  • edited February 2011
    Oh almost forgot... My site is coded in coldfusion too :l
  • foolkillerfoolkiller Ontario
    edited February 2011
    iVision wrote:
    Oh almost forgot... My site is coded in coldfusion too :l

    Contact me via e-mail at dan@nerdnos.net and we'll see what we can do for you, and what costs would be like. Toss me your number, and I'll give you a ring.

    Thanks,

    Dan
Sign In or Register to comment.