Hack attack

Posted on July 3, 2009 - Filed Under Blog | Leave a Comment

You probably weren’t aware of this, but the AITP Richmond site was stolen on June 7. If you tried to go to the registration page Sunday evening (which was fortunate), you were directed to a hacker’s site. I worked with our host provider, hostek.com, to get the offending code off our server the next morning. The vendor got a little too carried away, and restored our data as of Saturday evening, so we did lose some registrations, but we didn’t lose anything we couldn’t recover from. Hostek is to be commended for their prompt actions, as this did occur late on a Sunday evening, and we got it resolved first thing Monday morning. Cherian Abraham gets the award for vigilance though, as he was the one that brought this to my attention.

The hacker used a simple trick that I wasn’t aware of, but Cherian figured it out immediately. The hacker used the comments section of the registration page to insert some ASP code (actually Visual Basic) in stream, as if it were part of some normal text. Once I realized this, I changed my code to intercept the use of certain characters in a comment, like an apostrophe, less-than symbol, etc. I tested it, and it seemed to work fine. And wouldn’t you know it, we got hit again about a week later. It didn’t work this time, though because of my code changes.

So, our web site is now a little more secure, and I gained a little knowledge about how to protect a site from hackers.

New web site

Posted on June 24, 2009 - Filed Under Blog | Leave a Comment

We have a new version of the Richmond AITP site. You can access it at aitprich.org/index.php. The extra index.php in the URL is a temporary address, and the URL will revert to just aitprich.org when we go live. Some of the new features are:

• It has a search facility—doesn’t work right now, because of the contention with our current site, but it will once we go live.
• RSS capability—people can get updates via an RSS feed page, like Google Reader.
• Older articles get automatically archived, so we always have old info built into the web site.
• Comments can be added by any of our readers, so we will get feedback on articles and events.
• Administration functionality is built in, so we can assign privileges by email id.
• Anti-hacking protection is built in.
• I’ve integrated the Members and Officers Only pages from our current web site into the new site so we still have the functionality of our database and email list.

• Categories

  • About
  • Blog
  • Calendar
  • EmailList
  • Events
  • MeetingDetails
  • MeetingIndex
  • MemberAccess
  • OfficerAccess
  • OfficerList
  • Register

• Links

  • AITP HQ
  • ISSA (Info. Systems Security Assoc.)
  • Kinko’s discount card
  • PayPal link for registration
  • Richmond Sharepoint User Group

• Recent Posts

  • March meeting–How Collaboration Brings Global Companies Closer Together
  • Peak10 Open House April 8
  • MSDN Mid-Atlantic Roadshow–Cloud Computing and Windows Azure
  • FREE SharePoint Training in Richmond on March 9
  • Calendar

• RSS

  • Events AND Blog
  • Feed for Blog
  • Feed for Events

• ITCulture

  • GRTC
  • IT Resource
  • Magazine
  • Richmond group

• Archives

  • March 2010
  • February 2010
  • January 2010
  • November 2009
  • October 2009
  • July 2009
  • June 2009