The simplicity of hacking...

A32

I just had an idea (guaranteed not to be an original one, im very sure) and its kinda scary...

Lets say this script resides at hacker.com.

Hacker.com decides to publish a malformed link to his site containing this script:

<?php

$hak = file_get_contents("http://www.sony.com");
//Do whatever I want with links, take info from forms, etc etc and then:
echo $hak;
?>

Now, Im sure that this technique has been around for a while but when combined with a malformed link the whole thing gets just scary.

Lets say I owned sony.com... How would I go about knowing if this was happening to my site?

Thanks much.

kburger

How is that scary? All you get is the page source from http://www.sony.com. The same thing anybody with a browser gets.

Edit: Just to clarify -- You don't get the pre-processed contents of that file. You only get what their webserver has processed and sent to the browser.

A32

Doesnt matter! Whatever Sony.com decides to spit out at the browser, hacker.com can have and do whatever it wants with it. Including links, forms, you name it.

Its proxifying sony.com..

Is there a way for my scripts to know if this is happening? I did a test on my local server with this script and pointed it to my remote host. with a little toying around (absolute urls, etc) I could get it to look just like my site and nobody would be the wiser.

Please know what youre talking about if you reply. Im seasoned, just not seasoned on security issues.

kburger

A32 wrote:
... and nobody would be the wiser.

Sure they would. They wouldn't see the (hacker) modified page if they went to http://www.sony.com. They would only see it if they went to http://yourwebsite.com. You could only make it plausible for idiots if you sent the link in an email as something like

<a href="http://yourwebsite.com/">http://www.sony.com</a>

or the phishing scheme of

http://www.sony.com/index.php?somereallylongstring:someotherreallylongstring@yourwebsite.com

so that it only LOOKS like the link is going to sony.com.

A32

EXACTLY my point. Some idiot just might click on that hackified link and buy my product only its not me they bought it from. Now that were on the same track, how can I test if my site is being proxified?

Thanks...

From your sentence structure, it seems you might be thinking that I want to be the devious one.I am not devious and I do not want to do anything wrong. Im merely trying to protect my website from such things!

Is there a way to check the ouput that is rendered to the browser? I could easily check that against what is supposed to be there.. But how do I get the ouput that is on the clients side?

thorpe

what are you freaking out about? i could just as easily go to sony.com, click save as in my browser, upload it to my own host, and wallah! now i have a replica of sony.com

what's ur point?

LoganK

I think he means that an evil site will get the contents of a legit site, change stuff like form actions and etc., in an attempt to trick people a la "phishing".

Am I correct?

kburger

No, I didn't mean to imply that you would be the bad guy. Sorry if it seemed that way.

Well, you could check for the proper headers being sent by the browser, HTTP_USER_AGENT, and the like. But they're easily spoofed and you can't be sure that a legitimate user might not be locked out by your attempts to prevent your page source from being stolen and copied.

Bottom line -- IMHO, if somebody wants to mimic your site they can easily do it.

leatherback

kburger wrote:
Sure they would. They wouldn't see the (hacker) modified page if they went to http://www.sony.com. They would only see it if they went to http://yourwebsite.com. You could only make it plausible for idiots if you sent the link in an email as something like
<a href="http://yourwebsite.com/">http://www.sony.com</a>
or the phishing scheme of
http://www.sony.com/index.php?somereallylongstring:someotherreallylongstring@yourwebsite.com 
so that it only LOOKS like the link is going to sony.com.

Hm.. This actually exactly what happened in the Netherlands a while ago. A group of people spoofed the website of postbank.nl this way, and sent to thousands of people an email, asking to enter their login details because "their database had crashed". And it worked. I had a few of those emails, and do not respond to them, because no bank would perform such an action. But many many people lost their login details that way.

So.. Yes. It can & does happen.

Don't be stupid, and you do not have a problem..

A32

Yes, phishing.

And of course, someone could mirror sony.com and I couldnt do anything about that.

There's got to be a way (short of looking through log files for unusual ammounts of requests from certain IP's) to tell if this is happening.

Don't be stupid, and you do not have a problem..

Its not me I am worried about. I do online sales and want to be sure nobody is using my site as a phishing expedition ;-)

Like I said, scary. Maybe not to you, but to someone who depends on thier websites for income: scary.

leatherback

No it is not.
Not many people will actually do this. Besides. People will type in your web address. Not the spoofed one. SO.. there really is no huge risk, unless they are highly suyccesfull at copying your full website, which includes the full storefront and everything, and manage to get your client to go to a fake address. I am a parttime fotographer, and I have found my pictures in newspapers. They get stolen. Yes. I lose a buck. Yes. But you sue the guys ones, and you have no more problems. (Actually: Made a few hundreed on it.).

Don't worry too much about it.

My 2cts

LoganK

Re: my post - Firefox tab time-lag. When I opened up the thread I didn't get to posting a reply for a while so I didn't notice the new replies.

I meant my post for the original thread starter, because I think he meant exactly what we all know he meant now 😉

konsu

so, one can create a hash of a string of characters. this hash will have a different value for different strings. even if strings are almost similar. would making a hash of your html output with your original url concatenated to it help? the problem is, of course, how to present this to the user and make them use it to verify the validity of the site...

chrislive

the reality is that if you have your website on the internet somebody CAN copy your html/images etc and duplicate it on another site. this is a risk that everybody takes when they shop online.

If a web user can browse for your site, they can copy it.