Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I am new to PHP and trying to learn if there is a way to catch websites that install programs in to your computer without your authorization. For example, when you visit some websites, your computer might catch a virus just by going to that web page. Just by looking at its html code, is there a way I can see if a webpage is trying to install something in to my computer? Any help would be greatly appreciated.
You are fundamentally mistaking about the concept of "infecting a computer" via a website.
Usually an attacker would use an exploit to target certain browsers, this will load a "payload" and from there the computer is powned. This "expoit" could be anything from crafted JavaScript to malicious flash files. This is a direct manner of infecting a computer, note that this is not effective unless you don't have an antivirus, up to date browser/software or the attacker is using a 0-day exploit.
The effective way an attacker could infect his visitors is by letting them download something and infecting them directly. Note that a website can't just install something on your computer unless the user downloads it and manually installs it.
It sounds like an anti-virus program is the solution, but how do they detect malicious code ?One of the techniques they use is scanning for certain "signs" of a program/code. The AV has a database of those signs, and scans against it.
To answer your question, it may be possible to do it with PHP but it's like using a fork to dig a cave. Note that you will need to develop a method to detect malicious code, this can be done by comparing hex codes(signs), you'll need a full database of it. And the most fun part is, the attacker could just change slightly his code and your scanner will fail. Also obfuscated code will let your scanner fail.
That's why one should never even think about building a virus scanner with PHP. Use an antivirus. They are smarter, faster and the people working behind it are hackers. Just one technique of my head they use heuristic analysis.
To run code without your consent (or install malicious software) in context of the whole system (not just web application / browser), coders use known or unknown bugs in browsers. Example of Javascript exploit: Help me understand this JavaScript exploit. My antivirus tries not to let me on that page ;)
To check with php if given page contains malicious code, you'd need to use php-based antivirus or one that has php bindings / lets scan files on demand from command line and works against web-based (html,css,js-based) malware.
Not really, antivirus, antispyware and that sort of software does that for you.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
Recently I found a hardware device that can prevent bot attacks by changing html DOM elements on the fly The details are mentioned here
The html input element id and name and also form element action will be replaced with some random string before page is sent to client. After client submit, the hardware device replace its values with originals. So the server code will remain on change and bots can not work on fixed input name, id.
That was the total idea, BUT they also have claimed that this product can solve the man in the browser attack.
http://techxplore.com/news/2014-01-world-botwall.html :
Shape Security claims that the added code to a web site won't cause
any noticeable delays to the user interface (or how it appears) and
that it works against other types of attacks as well, such as account
takeover, and man-in-the-browser. They note that their approach works
because it deflects attacks in real time whereas code for botnets is
changed only when it installs (to change its signature).
Theoretically is it possible that some one can prevent the man in the browser attack at the server?!
Theoretically is it possible that some one can prevent the man in the browser attack at the server?!
Nope. Clearly the compromised client can do anything a real user can.
Making your pages more resistant to automation is potentially an arms race of updates and countermeasures. Obfuscation like this can at best make it annoying enough to automate your site that it's not worth it to the attacker—that is, you try to make yourself no longer the ‘low-hanging fruit’.
They note that their approach works because it deflects attacks in real time whereas code for botnets is changed only when it installs (to change its signature).
This seems pretty meaningless. Bots naturally can update their own code. Indeed banking trojans commonly update themselves to work around changes to account login pages. Unless the service includes live updates pushed out to the filter boxes to work around these updates, you still don't win.
(Such an Automation Arms Race As A Service would be an interesting proposition. However I would be worried about new obfuscation features breaking your applications. For example imagine what would happen for the noddy form-field-renaming example on the linked site if you have your own client-side scripts were relying on those names. Or indeed if your whole site was a client-side Single Page App, this would have no effect.)
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
i am a senior developer and I'm trying to advance my knowledge of security to a deeper level. That is to say that i know what these hackers can do/what the risks are, but I'd like to know how they do it in general. On that note, if anyone can enlighten me on the following items, i would be most grateful:
Packet sniffing: I know that packets can be sniffed out and analyzed, but how do they do it? my understanding was that in order to do this, there would need to be actual software running on the server itself since it needs access to the network card to do so... is that accurate? If not, how can they remotely capture incoming packets to a server without access to that box directly?
Session Hijacking: Once again, i am confused here. I know they can do it, but how? The session ID is issues by the server itself, and then returned to the browser based on what? the caller's ip address? mac address? what is used by these hackers to capture the session id from a web session? is it software on a pc that is infected?
Site Hijacking: again, i know they can do this, but from my current knowledge, this would mean that they would have to have hijacked/infected a DNS publishing server and redirecting queries for that site to their choice of IP address... again: is that accurate?
Hijacking a server: how is this possible? how can an open port, for example, allow any hacker to gain full fledged access yo a box so that they can infect it or install some piece of software that would enable 1, 2 and 3 above? My current understanding is that ports are used to communicate, but that unless some software/service is monitoring that port and waiting for commands, nothing would come of that port being open... is that accurate? and if so, why is so much importance given to ports being closed and such?
Hijacking some super secure site: i work every day with security in mind, and constantly use things like: SSL, RSA, SHA512, SSL TOKENS, IP restriction, etc... my question is: how in the crapper are they STILL able to get in with all of these things enabled?
i know that's a lot of stuff, but i really am curious and want to take my security knowledge to the next level. If you're a developer with the same mindset as me, you have issues just using some pre-built library or control without knowing what it does in the background in details, and you'll understand why I'm not happy just knowing which protocols, libraries or encryption methods to implement.
Know the enemy, right?
First of all, I love hacking (only for good), and I think the more people are educated about it the safer we all will be, so I applaud you for your curiosity.
These are great questions, but a good answer would literally require an entire book or two. I have read all of these books in my studies and I personally recommend them. I recommend the following to get you started:
This will get you started with basic tools and techniques. This book doesn't go very deep so if you're looking for the meat, skip it and read the other three unless you are very new to security: The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy, Patrick Engebretson (Full disclosure, the author was a professor of mine at DSU. The book rocks though)
For a relatively deep introduction to security, including an excellent background in OSes and networking:Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses (2nd Edition), Edward Skoudis (probably my favorite book of all time)
To dive very deep (Assembly language level) into how the attacks work:Hacking, The Art of Exploitation, Jon Erickson
To dive deeply into the Web app side of things:The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, Dafydd Stuttard, Marcus Pinto (Full disclosure, the technical editor was a professor of mine at DSU)
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have a WordPress site and the following link is accessible: www.domain.com/wp-admin/ (obviously not the real domain name). Someone told me that this is a security risk. Any truth to this?
In essence, the more information an attacker has about your setup, the worse off you are.
That being said, however, the information gained by knowing your admin login page is pretty trivial - as it's the default login location for all WordPress sites. Therefore, once an attacker figured out your site was a WordPress site, he/she would naturally try that link.
As long as you keep your WordPress files up to date, the only thing you're really vulnerable (that you would be protected from if that page was inaccessible) to is an 0day on that specific page...
So, really, it doesn't matter much either way. Personally, I would deny access to that as much as was convenient - but, on the other hand, you may like having that link always open so you can login and admin your site from anywhere. I dare say you'll be fine either way, so long as you have sufficiently strong passwords.
Update: Another thing to consider, the login pages of (well-written, tested)open-source software are rarely ever the point of failure for authentication attacks. Usually, compromising a system involves disclosure of credentials using another vulnerable page, and then using the login page as it was intended to be used. The WordPress devs have combed over the code in your login page because they know it's going to be the first place that anybody looks for an exploit. I would be more concerned about any extensions you're running than leaving the login page viewable by the public.
That's simply Wordpress. Nothing inherently wrong with it. But if you are concerned overall with security, see http://codex.wordpress.org/Hardening_WordPress and http://www.reaper-x.com/2007/09/01/hardening-wordpress-with-mod-rewrite-and-htaccess/ and http://www.whoishostingthis.com/blog/2010/05/24/hardening-wordpress/ etc., on protecting admin with .htaccess, removing some WP identifiable clues, changing the database prefix, SSL access, and on and on. Some things are more worthwhile to do than others, some more obscurity than security, but it's all a learning experience.
Well a lot of sites have open wp-admin , however you can put in a .htaccess file and password protect the directory, provided you are on apache.
it's not a big deal... there's a lot of stuff to avoid it being there... you could even have your whole wp install in a subdirectory of the server
Not sure for WordPress, but I know at least two e-commerce softwares (Zen Cart and PrestaShop) recommending to rename the admin directory to some other name (and not to print the URL in orders...).
Perhaps there are some known exploits using this information...
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
Let's say I have designed s very important system, and this system costs thousands dollars. I want to protect my system with a serial number as I know crackers will try to edit the binary code to bypass the serial number.
I have read about using a checksum function and apply it over my binary code and check the value if changed, but again, we are talking about a condition a cracker can avoid by editing the code.
My question is: what's the most used technique to protect important programs?
I have yet to see a "protected" digital product that had not been cracked pretty quickly after its publication (or in some cases, before its publication). Sorry, but it's the reality. You have to get the revenue by making a good product. Most of those who want to use it and can afford, will pay.
There will be a few dickheads, but that's life. You better be kind towards the legit users of your software and not bully them with weird copy protection attempts that don't work anyway.
If your app is working offline, whatever checks you do (check sums, serial code validity, etc), do them often, repeating verification code, in many routines of your software. Obfuscate your code, to make reverse engineering a more difficult task, and, if you have the possibility, implement an online check, part of the core functionality of your app residing on your server, and being serviced only to those installations that you have checked server-side for valid license key. Associate the license key to some form of unique identifier of the hardware the app is running on, and if you check online, have statistics concerning the IPs that make the verification request: if you encounter more IPs trying to verify the same license key, contact the buyer and approve a list of IPs they usually log on from, whilst blacklisting any other until specific request from them, either by mail or by phone.
The most used technique is serial numbers. But your customers will have access to the code, so they will be able to bypass your serial number check, no matter how much work you put into obfuscating it.
However, if you can provide your software as a subscription-based or one-time-payment web application, then people will not be able to do this. Whether this is feasible or not depends on the type of application you're writing.
I would always recommend to build a custom software protection before applying any kind of commercial protector such as a Packer.
In any case just a serial validation and a checksum check are not going to keep crackers away.
I would recommend you to visit my new blog www.anti-reversing.com and take a quick look at the anti-piracy tips & tricks page just to have an idea about what I am talking about.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 3 years ago.
Improve this question
I'm in the process of opening up a company that will eventually hire 2-5 developers to work on a large web app.
My main concern is that one or more developers could steal the code. I could make them sign contracts against this type of thing, but I live in a country where the law is "bendable".
Is my only option to lock them up in a room without inet access and usb ports?
I'd love to know how others have solved this problem.
Don't hire people you can't trust.
Break the app into sections and only let people work on a subset of the app, never getting access to the whole thing.
Make it worth their while - you're opening a company, hire people and give them some stock options. Make sure it's more attractive for them to make you succeed than otherwise.
How about keeping them all happy and show that you appreciate their work?
You may find that you think your source code is the valuable part of your business, but you can always build that again. Your real advantage over your competitors is usually in the people you hire, and in the business relationships that you establish in the course of naturally doing business.
My suggestion is not technical but social: Make them feel good.
Most human beings have a moral base that prevents them from hurting other people who have treated them with respect and generosity.
There's a slim chance you'll wind up hiring a psychopath, in which case this approach won't work -- but then, it's likely to be the least of your worries.
The only thing that occures to me is to make them sign a contract where you explicit that if they share any code outside the project ambient, they'll compromise to pay you a large amount of money. But there's no guarantee they'll not do it anyway ..
You can create a vitual environment (a virtual machine) with limited internet connection (only to specific servers - git/svn server, database server, etc) and no copy/paste possibilities.
This virtual machine would be a standard environment with common developer tools.
At the office a developer would remotely connect to the virtual machine and start developing without being able to steal the code.
Of course he could print the screen or type the code on another computer but it's still very hard to steal.
There are many encrypting softwares available to encrypt the code. Here is an example http://www.codeeclipse.com/step1.php
In other words you can hide the code of one developer(one module) from the other developer and he will not be able to take the whole code himself in any case if you follow this approach.
Thanks
Sunny