Interesting one for the techies

[Third Sector Lab]

A contact at a Scottish charity has got in touch with me about a recent website issue which I'm hoping a techie on here will be able to provide advice on.

Below is the info they sent me, the name of the charity and the website design firm in question have been removed.

What's your thoughts SBFers?

Basically, what has happened is that we had images, hosted on photobucket, displayed on our homepage. Somehow, someone has hacked into the site ( I am told because this was because of the photobucket image) and told it to spam people about drugs that help people to make love.

I don't know how long this has been going on, but we have been kicked off google because of it. We show up if you google "charity X" but not if there are spelling errors or if you're looking for content within the site e.g 'charity X fundraising ball'

Designer A from Webdesign Firm A says he has identified the rogue code and removed it from the front page, but I've now been asked to remove all the images that are hosted from photobucket. This is taking ages, making our site look rubbish, and I feel it is kind of unnnecessary

Essentially, we have been burgled. Someone smashed a window and came into our house, so we're responding by taking all the windows off our house.

Also, we have other third party content on our site, obviously. We have things from the bbc, from christmas card companies, freedback, youtube, slide.com, rss feeds etc. I find it hard to believe that it's just photobucket that's the problem. If the third party principle holds true, should we be removing all of this stuff?

 

[stuarty]

OK...more information needed. The site is not kicked off Google if it is being indexed for "Charity X". Deranked/Devalued yes.

The web designer needs a kick up the a*** too if I'm reading into it correctly.

It looks very much like the site is "Scraping" content and that's BAD in Google's eyes. If the site is pulling in 3rd party content from all those sites then it's really no wonder that there's been a hack. But as I say I would need to look at the site to give a definitive answer.

If Google rankings are important to them and they've been penalised then there's a lot of hard work in front.

Can you PM details?

 

[Third Sector Lab]

The web designer needs a kick up the a*** too if I'm reading into it correctly.

Agreed!

It looks very much like the site is "Scraping" content and that's BAD in Google's eyes. If the site is pulling in 3rd party content from all those sites then it's really no wonder that there's been a hack. But as I say I would need to look at the site to give a definitive answer.

It's not "scraping", the third party content is all their own - the charity's image on photobucket, their vids on youtube, their stories on BBC, etc.

Unfortunately I've promised them I wouldn't reveal their identity. Your advice has been a help though, thanks for that.

From what I know of the situation the webdesigners aren't being forthcoming with the technical info on this. What specific questions should they now be asking their webdesigners?

 

[Gordon N]

I'm not overly convinced that photobucket is to blame to be honest, pulling an image from an external source doesn't really offer an opportunity to hack a database for email addresses?!? Of course it ultimately depends on how the designer went about it - but still...

...sound more like poor database security if they are spamming users, or if it's that the images from photobucket have been replaced then it's poor password choices more than anything.

I know more and more people are centralising their media so that it can be used in various places and easily updated, but to be honest with the cost of diskspace and bandwidth these days I don't (personally) see the need.

Ultimately shoot the designer - security should be a major part of any site - especially something as fragile as a charities reputation/status!

If their solution is to remove the images and leave a blank site you really can do better. My advice, move to another designer/firm :001_tongue:- and ensure they understand what has happened to get the site to the state it's in. As Stu mentioned above, this is the start of a rather uphill journey and there is a lot of work ahead to regain reputation etc.

If there is anything I can do to help let me know, PM or email.

Good luck!

 

[stuarty]

You didn't mention a database and the code was on the front page. If it's database driven then it may have been a SQL Injection attack - it's really basic when designers use stuff like dreamweaver although I think the later versions cover sql injection. Google "sql injection" to see just how easily it's done. If your charity has a page called "admin" or "login" then it's very easy to start hacking. Alternatively the hosting has been hacked.

Have the webdesigners any experience in CMS/Data driven applications? If they have made a "bespoke" one then from my experience a lotof web designers use Dreamweaver to build their apps but they almost always overlook the security issues.You can tell it's dreamweaver by some of the code in the pages. Tell them to look at the folders on the server and look for one called "connections" or look at any of the pages and search for code snippets that have a prefix of "mm_"

Unfortunately, without knowing specifics it's really swimming against the tide and I'm just second guessing.

Hope that helps.

 

[stugster]

Unfortunately, without knowing specifics it's really swimming against the tide and I'm just second guessing.

Hear hear.


Get in contact with the web-host who should be able to shed light on the situation mate.

 

[Third Sector Lab]

Unfortunately I don't know any of the details but I've been passing all of this onto the charity in question.

Have to say I agree with you guys that the web designers are ultimately to blame here.