No - if you are hacked, the home page is available, but it includes a javascript that does bad things to the visitors. The most common way is a sql injection attack, where they insert the javascript into some fields in the database, (in my case, they appended the javascript to all vchar fields in every table) so when you display information on the website from the database, you inadvertently are also adding that javascript to the page. The recent attack that is being talked about has the attacker editing the index.cfm page and directly adding javascript to it.
In both types of attacks, the home page is available and you might not notice anything just by looking at it. So my idea to detect it is to set up a cfhttp call to the index.cfm page. I add a url parameter that signifies that the page should also display my own personal information from one of the tables. I do this because I know I won't change the information in the table, and if it does change, there was a problem. So the first time I do the cfhttp call, I save the page, then all subsequent calls get compared to it. If it changes, or is not available, I send an alert to my cell phone. I do this as an automated task from a different server so I can test if the website is up also. One problem I had was my banner ad changes.. so I put a comment around the banner ad that says "start banner" "end banner", and snip that section out before comparing it. At 12:34 PM 4/14/2009, you wrote: >this sounds like a good idea. when a hack is taking place would the >home page not be available? is this because they are running >multiple scripts which takes all the resources? > >can you explain this a little more as i feel like it is a good idea, >and would like to understand how to implement it > >thanks > > > > >To test if I have been hacked: I run an automated task from my > >home computer that requests my home page every 15 minutes. I use a > >URL variable that tells my home page to display a footer (which only > >appears when this particular url variable is present) which shows my > >name, address, phone, email address and a few other fields taken from > >my "members" table. I then compare what is displayed to what I know > >belongs there. (The only part that changes is the banner ad, which I > >ignore) IF the page isn't available, or if any of the text > >changes, I send an alert to my cell phone. When I was hacked last > >year, every table in my database had a javascrpt inserted into it. > >This will alert me if that happen again. I do this for my 3 most > >important web sites. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321601 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
