Software, your way.
burger menu icon
WillMaster

WillMasterBlog > Content Protection

FREE! Coding tips, tricks, and treasures.

Possibilities weekly ezine

Get the weekly email website developers read:

 

Your email address

name@example.com
YES! Send Possibilities every week!

Revealing a Hidden Hack

Once in a great while, I find a site has been hacked and the owner doesn't know about it. The site works just fine — for them.

Generally, in those cases, a sophisticated hacker has caused a cookie to set so that whatever the hack is supposed to do gets done only once. (A hack to redirect the browser to a malware site, for example. If it doesn't work the first time, it won't the second, and the hacker doesn't want to alarm more than necessary.)

The site owner is likely to have noticed something unusual — once. But upon loading the site again, it didn't repeat.

"Maybe it was an anomaly," the site owner might think. "Maybe something weird I typed in. Or I clicked the wrong bookmark, or inadvertently clicked an AdSense ad and ended up at someone else's site."

There's a shrug of the shoulders. And because it doesn't happen again — to the site owner — it's forgotten.

Just because the site owner forgets the incident doesn't mean the site becomes un-hacked.

The hack is still there affecting unwary site visitors.

It's good to test your site occasionally, perhaps once a week. The test is in two steps.

  1. The first step relates to cookies.

    1. Dump your site's cookies from your browser to use for viewing your site afresh. Or use a different browser, one that has none of your site cookies.

    2. Set your browser so it won't automatically accept all cookies it's sent. Have it notify you of attempts, or ask you whether or not a cookie may be accepted.

    3. Connect to your site and observe whether or not something unusual happens. Also notice whether or not cookies you don't expect are sent to your browser. (Accept only cookies you expect.)

Although the above might pass inspection — nothing weird happens and no unexpected cookies are set — there is still one more test.

You see, a hacker can get more sophisticated still, especially when they really, really want their hack to be as unnoticed as possible. The longer a hack is in place, the longer the hacker benefits.

In those cases, the hacker can record the IP address of the first attempt — instead of or in addition to using cookies. From that point on, no browser from that IP address will experience the hack.

There is a way to test your site with a different IP address even when you have a static IP address.

One way is to use someone else's computer, maybe one available at your public library, or borrow a friend's mobile device to access your site (after letting them know there's a risk, of course). But that method is optional.

There's also a method you can utilize right from your own office without those hassles.

  1. The second step relates to your IP address.

    1. Use the Tor Browser to access the site from a different IP address.

    2. The Tor Browser connects you to websites with an IP address that's different than the one you use to connect to the internet. It's unlikely you've ever used the Tor Browser-assigned IP address in the past.

    3. Connect to your site and observe whether or not something unusual happens. The Tor Browser may render your site slightly different than expected, removing Flash elements for example. It also has other protections built in, so take any messages it presents seriously.

If you are still suspicious, then using someone else's computer and a normal, popular browser may be an option for testing.

Some hacks might not necessarily affect a browser directly. But all I've encountered do.

If your site is hacked, you need to know. Just using your site won't necessarily reveal a hack. Occasional testing is prudent.

Will Bontrager

Was this blog post helpful to you?
(anonymous form)

Support This Website

Some of our support is from people like you who see the value of all that's offered for FREE at this website.

"Yes, let me contribute."

Amount (USD):

Tap to Choose
Contribution
Method

All information in WillMaster Blog articles is presented AS-IS.

We only suggest and recommend what we believe is of value. As remuneration for the time and research involved to provide quality links, we generally use affiliate links when we can. Whenever we link to something not our own, you should assume they are affiliate links or that we benefit in some way.

Recent Articles in the Library

Extracting Dates From the Unix Timestamp

The UNIX timestamp can be used to determine the represented time for any time zone on Earth.

Submit Form Data Without Bothering User

To silently and effectively submit a form on a web page, Ajax with FormData() can be used.

CSS Dots

CSS dots can be used for interactions between web page and website user.

Email Testing

One thing to test when email doesn't get sent or doesn't arrive is whether the server actuall sends email.

Tap to Select

Find out how to make a link or button to select the content in a div or other HTML element.

Capitalizing the First Letter of Words

Here, find both PHP code and JavaScript code to capitalize the first letter of a word.

Fixed-position Table Header

During a vertical scroll, the table header scrolls out of view -- unless the header is fixed in position.

How Can We Help You? balloons
How Can We Help You?
bullet Custom Programming
bullet Ready-Made Software
bullet Technical Support
bullet Possibilities Newsletter
bullet Website "How-To" Info
bullet Useful Information List

Blog Article Categories

© 1998-2001 William and Mari Bontrager
© 2001-2011 Bontrager Connection, LLC
© 2011-2024 Will Bontrager Software LLC