Website security issue

[Mstr1mir]

hello everyone,

I have two question about website. the website is similar to priceline.com.

1. I get a telephone call from a customer indicating that one of the links of my web site took them to a sexual/pornographic web site? I am not sure if this was a "web-capture" incident as it seemed to happen only once and only with this customer.
what would the problem be?

2. I get a telephone call from a customer indicating that one of the links of my web site took them to a hate site that promotes violence against certain groups in society. In investigating this complaint, I discover that this seems to be the case between 11:00 p.m. and 3:00 a.m., but during the rest of the day the link works properly as coded.
what would the problem be?

i wish anyone can help me with this two problems.

Regards

 

[smah]

Seems a bit unusual (I would expect the redirected link to be active all the time), but the short answer is: In order for this to happen, your web host must have been comprimised in some way. What does the hosting company have to say? It might be worth trying Fiddler to see if you see anything interesting, but the first point to address should be your webhost.

 

[Mstr1mir]

i agree with you, however, it's kind of a brainstorming about these two issues and find the facts behind them.

imagine that there is no webhost, the company own a web-server and manage all the website by the company IT staff. the company recently hired students full time and part time.

so it's all about brain storming. would that be more helpful ?

Regards

 

[smah]

Again, in order for this to happen, the webhost (company managed web server) has been compromised. Reloading the server would be the best option, since it would be difficult to determine if there are other problems besides the webserver itself.

If you're trying to track down the responsible party, I suppose the first thing to look for would be the system logs - particularly user logins. Since you haven't mentioned operating system or webserver software, I'd also suggest at the very least researching the possible security vulerabilities that might exist in the particular versions of whatever software is running on that system and what additional unneccessary services might be running.

 

[Mstr1mir]

thank you.

 

[Diancecht]

I like brainstorming:

- Your client's computer has been infected with some DNS-changing stuff
- Your client's network has been compromised with some kind of ARP stuff
- Your client lies


Cheers,
Dian

 

[Mstr1mir]

Thanks for this brainstorming.

actually, I did brainstorm to this case and I found it lies on three issues:

1. the web host has been breached which can let hackers change some codes in the web pages.

2. the web server for the company has been breach by outsider hacker because some issues with the company's firewalls even though no details given in the case about the firewall.

3. the recent recruiting for student has created a security issue. some co-operative students might have used critical information from the company to their benefits.


Regards