Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 9 of 9
  1. #1
    Regular Coder
    Join Date
    Nov 2007
    Posts
    108
    Thanks
    14
    Thanked 0 Times in 0 Posts

    Spam appears inside HTML files

    I'm having a problem where on a periodic basis, spam links for viagra, xanax, etc. gets added inside a div on some of my HTML pages.

    It's not on a form page. I have captcha logic to prevent form spammers. This is actual href links within a non-visible DIV getting appended to an HTML page. I removed them the first time, then a few weeks later they came back.

    I don't see any javascript code on that specific page either.

    Any ideas on how something like this might happen? I'm wondering if this is more of a network, rather then HTML, problem...

  • #2
    Senior Coder
    Join Date
    Nov 2003
    Location
    Minneapolis, MN
    Posts
    2,879
    Thanks
    2
    Thanked 65 Times in 56 Posts
    HTML is only a markup language. So the hackers are getting in through some other channel, maybe through a vulnerability of a script you are using on the site (maybe an outdated CMS?) or via an insecure server. Lots of possibilities, but not the HTML by itself.

    Also, just because the spam isn't on the form page doesn't mean the form isn't secure…the malicious script could be getting access through that page and then writing on the others.

  • #3
    Regular Coder
    Join Date
    Nov 2007
    Posts
    108
    Thanks
    14
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by rmedek View Post
    HTML is only a markup language. So the hackers are getting in through some other channel, maybe through a vulnerability of a script you are using on the site (maybe an outdated CMS?) or via an insecure server. Lots of possibilities, but not the HTML by itself.

    Also, just because the spam isn't on the form page doesn't mean the form isn't secure…the malicious script could be getting access through that page and then writing on the others.
    The page in question doesn't get written to via the CMS, or via any other form on the site.

    However, the site isn't https, so that one would be one thing to remedy, yes?

    Any idea if this is possible via malicious javascript code?

  • #4
    Senior Coder
    Join Date
    Nov 2003
    Location
    Minneapolis, MN
    Posts
    2,879
    Thanks
    2
    Thanked 65 Times in 56 Posts
    Quote Originally Posted by loamguy1 View Post
    The page in question doesn't get written to via the CMS, or via any other form on the site.
    It doesn't matter. The malicious script could access your entire directory if it can breach another part of your website.

    As for your other questions—not really, at least as far as hacking your server goes. Most malicious site-altering scripts attack a vulnerability of a server-side script, or poor password choices.

  • #5
    Regular Coder
    Join Date
    Nov 2007
    Posts
    108
    Thanks
    14
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by rmedek View Post
    It doesn't matter. The malicious script could access your entire directory if it can breach another part of your website.

    As for your other questions—not really, at least as far as hacking your server goes. Most malicious site-altering scripts attack a vulnerability of a server-side script, or poor password choices.
    Yikes, that's scary and eye-popping...

    This might be a more complex discussion, but if a malicious script somehow accessed, let's say an old CMS form that didn't have captcha logic, how exactly could it write HTML to another page on the site?

    I do know that the passwords in the CMS could be more secure...

  • #6
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    2,960
    Thanks
    2
    Thanked 304 Times in 296 Posts
    rmedek does not appear to be online at the moment, so I'll jump in with some info.

    Any server side script that does not validate all external input could allow externally supplied code to be executed by your script (in the case of a page include() function), could allow files containing code to be put anywhere on your server (in the case of an upload function), or could allow code to be put into a known file (in the case of a blog or guest book... that saves content to a .php file.) For these last two cases, you could run the php code in the file by simply browsing to the file the code is in (or having a bot script request it.)

    For any of these cases, the code that is executed could alter or replace any other file.
    Last edited by CFMaBiSmAd; 05-14-2008 at 07:05 AM.
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.

  • #7
    Regular Coder
    Join Date
    Nov 2007
    Posts
    108
    Thanks
    14
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by CFMaBiSmAd View Post
    rmedek does not appear to be online at the moment, so I'll jump in with some info.

    Any server side script that does not validate all external input could allow externally supplied code to be executed by your script (in the case of a page include() function), could allow files containing code to be put anywhere on your server (in the case of an upload function), or could allow code to be put into a known file (in the case of a blog or guest book... that saves content to a .php file.) For these last two cases, you could run the php code in the file by simply browsing to the file the code is in (or having a bot script request it.)

    For any of these cases, the code that is executed could alter or replace any other file.
    I'm confused.

    For example, the affected page on my site is "index_main.cfm." The mysterious DIV gets appended to the bottom of the page right before the end of the <BODY> tag.

    This page has some ColdFusion includes that run database select queries, but nothing that allows external user input such as a form.

    Do you mean that if there's another page on the site that allows user form entry without captcha logic, that this could somehow lead to href links to appear on the index_main.cfm page?

    I'm just failing to grasp the concept of how this happens I guess...

  • #8
    Senior Coder
    Join Date
    Nov 2003
    Location
    Minneapolis, MN
    Posts
    2,879
    Thanks
    2
    Thanked 65 Times in 56 Posts
    Quote Originally Posted by loamguy1 View Post
    I'm confused.

    Do you mean that if there's another page on the site that allows user form entry without captcha logic, that this could somehow lead to href links to appear on the index_main.cfm page?
    Once again—yes.

    There are a lot of ways a hacker can get into your site, a form only being one of them. The problem is you are thinking of your site as static, standalone pages separate from the world. All of your ColdFusion pages are served by and interacting with the server. The malicious script, once it's breached a page, has access to the server. It can write anything it wants anywhere it wants to.

    It may not even be a breach of a page — it could be something as simple as someone cracking your FTP password.

    Also, a CAPTCHA also has very little to do with form security. If you're using a poorly coded form, no amount of CAPTCHA is going to stop a hacker from accessing your server.

    I'm just failing to grasp the concept of how this happens I guess...
    Well, for starters, you're asking in the wrong place. This is the HTML forum. If you want real help, you'll have to start posting code, a link to the page, and ask to have this moved to a more appropriate forum, like the ColdFusion forum.

  • Users who have thanked rmedek for this post:

    loamguy1 (05-14-2008)

  • #9
    Regular Coder
    Join Date
    Nov 2007
    Posts
    108
    Thanks
    14
    Thanked 0 Times in 0 Posts
    Ok, makes more sense. Thought I'd try posting in this forum first, but thanks all for your info and suggestions. I do apreciate it.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •