Forums

The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums CSS Website Hacking. I Have A Question

  • This topic is empty.
Viewing 15 posts - 1 through 15 (of 19 total)
1 2
  • Author
    Posts
  • July 16, 2013 at 12:37 pm #46451
    CodeGraphics
    Participant

    Please I want to know if a static website (no CMS, no Database, no registration form, no log in form, no file upload) could be hacked and defaced. If yes. What type of malicious attack is a static website vulnerable to and how can one prevent such attack. The static website however has a contact form that sends data to a gmail account.

    July 16, 2013 at 12:52 pm #143148
    chrisburton
    Participant

    Although you can take steps to make it harder for hackers to gain access, no site is safe from intrusions. Since you stated that you have an input form, you might want to learn about common attacks and how to prevent them. @traq mentioned this in a similar discussion on the front page in the forums.

    July 16, 2013 at 1:15 pm #143156
    Senff
    Participant

    If there is FTP access to the site/server, or Telnet or anything, files could be overwritten. Not sure if that should be called “hacking”, but it’s a way to deface a site.

    July 16, 2013 at 1:22 pm #143158
    jurotek
    Participant

    Good practice is to change passwords on regular basis in FTP and Cpanel. Few months ago someone got access to my htaccess and redirected our URL to several dozen of porn sites.

    July 16, 2013 at 1:30 pm #143160
    Alen
    Participant

    > however has a contact form that sends data to a gmail account.

    !?

    Are we talking about SPAM here? or are we talking about if someone can hijack the actual code and “hack” the website? what would be their motive? how is important customer info shared? how does that page relate to other pages in that directory? what are the permissions? security, hacking etc are loaded words, be more specific.

    July 16, 2013 at 1:56 pm #143167
    CodeGraphics
    Participant

    I have a normal contact form with only three fields (Name, Email and Message). I set all of the three fields to html5 require. I used input type=”email” on the email field. I set maxlength of 40 to Name and Email input fields and 350 to Message textarea field. The contact form is located in the contact us page. When the form is filled and sent, the data will simply be sent to a gmail account and a thank you page will be echoed to the user.

    This is the contact page: http://www.ctrlshiftstudios.com/contact

    I want to know if the website as a static html website is still vulnerable to attcaks. If yes, what type of attack and how can I prevent it.

    I am not talking about users using the contact form to spam my email. I am talking about hijacking the website and deface it. As for my cpanel password, it’s very strong and very hard to guess. I used a word in my native dialect (which is impossible to guess) with uppercase and three special characters like #^!

    July 16, 2013 at 10:51 pm #143244
    CodeGraphics
    Participant

    Here is the script of my thank-you.php. I hope sharing this here is not risky.

    if(isset($_POST)){
    $to=”[email protected]”;
    $subject=’Online Contact’;
    $name=$_POST;
    $email=$_POST;
    $message=$_POST;
    $body=”Name: $namen Email: $email n Message: $message”;
    include (‘thanks.php’);
    mail($to,$subject,$body);
    }
    else {
    include (‘index.php’);
    }
    ?>

    July 17, 2013 at 2:52 am #143263
    CodeGraphics
    Participant

    Name: a

    Email: [email protected]

    Message: test

    I think a static website cannot be hacked if the attacker doesn’t have access to one’s cpanel.

    July 17, 2013 at 3:01 am #143265
    chrisburton
    Participant

    Not true.

    July 17, 2013 at 3:09 am #143267
    Kitty Giraudel
    Participant

    > Please I want to know if a static website (no CMS, no Database, no registration form, no log in form, no file upload) could be hacked and defaced. If yes. What type of malicious attack is a static website vulnerable to and how can one prevent such attack. The static website however has a contact form that sends data to a gmail account.

    It really depends on what you mean by “hacked”. Your credentials for the hosting provider you use could be stolen, then the whole content of your website could be duplicated and erased.

    July 17, 2013 at 3:56 am #143270
    CodeGraphics
    Participant

    > It really depends on what you mean by “hacked”. Your credentials for the hosting provider you use could be stolen, then the whole content of your website could be duplicated and erased.

    Exactly what I mean. That means since my credentials could not be stolen, my cpanel will remain safe and thereby my website.

    July 17, 2013 at 3:58 am #143271
    Kitty Giraudel
    Participant

    > That means since my credentials could not be stolen

    Wait… wat?

    July 17, 2013 at 4:51 am #143248
    CodeGraphics
    Participant

    I know one’s password can be stolen. But I hardly click on links in spam mails to avoid been phished.

    July 17, 2013 at 5:08 am #143250
    Kitty Giraudel
    Participant

    > I know one’s password can be stolen. But I hardly click on links in spam mails to avoid been phished.

    Haha, that’s so sweet. :)

    July 17, 2013 at 5:13 am #143251
    chrisburton
    Participant

    Servers can be hacked. Your site resides on a server.

  • Author
    Posts
Viewing 15 posts - 1 through 15 (of 19 total)
1 2
  • The forum ‘CSS’ is closed to new topics and replies.