How to prevent website from being hacked into | Newbie | | Join Date: Oct 2007
Posts: 11
| | |
I need help ??
I am building a webpage in simple HTML/Java code.
But I want to shutdown visitor's machine, when cause username/password error.
Is it possible ????????
|  | Moderator | | Join Date: Oct 2006 Location: New York, United States of America
Posts: 3,428
| | | re: How to prevent website from being hacked into
This doesn't belong in the Cafe forum; it belongs in either Java or HTML. But why do you want to be so drastic as to shut down a visitors computer? Most websites go with the standard of, y'know, letting the user know there was a mistake. THis sounds very vicious.
| | Newbie | | Join Date: Oct 2007
Posts: 11
| | | re: How to prevent website from being hacked into
Quote:
Originally Posted by Ganon11 This doesn't belong in the Cafe forum; it belongs in either Java or HTML. But why do you want to be so drastic as to shut down a visitors computer? Most websites go with the standard of, y'know, letting the user know there was a mistake. THis sounds very vicious.
I know, sir
But someone try to hack the administrative password.
He use to try with wrong password above 25 times per day.
I already said in this page that if anyone use to enter with wrong username/password; virus will shutdown his/her machine.
So please help me.
I don't want to hurm the machine with virus; just shutdown using cmd prompt.
|  | Site Moderator | | Join Date: Oct 2006 Location: The Great White North
Posts: 5,131
| | | re: How to prevent website from being hacked into
Quote:
Originally Posted by Ganon11 ...
This sounds very vicious. I agree with Ganon,
Maybe you want to close the user's browser?
Even so, there will be a message that pops up stating that the JavaScript is attempting to close the browser and the user has the option to cancel.
| | Newbie | | Join Date: Oct 2007
Posts: 11
| | | re: How to prevent website from being hacked into
Quote:
Originally Posted by Frinavale I agree with Ganon,
Maybe you want to close the user's browser?
Even so, there will be a message that pops up stating that the JavaScript is attempting to close the browser and the user has the option to cancel. He/She want to hack the administrative password
And tried many time per day.
Please help me.
| | Site Moderator | | Join Date: Oct 2006 Location: The Great White North
Posts: 5,131
| | | re: How to prevent website from being hacked into
Quote:
Originally Posted by MistiBaban He/She want to hack the administrative password
And tried many time per day.
Please help me. You could try to set a "Time-Out" period. But this would require Server Side implementation.
What are you using to developing your application?
| | Newbie | | Join Date: Oct 2007
Posts: 11
| | | re: How to prevent website from being hacked into
Quote:
Originally Posted by Frinavale You could try to set a "Time-Out" period. But this would require Server Side implementation.
What are you using to developing your application? I use the following quote -
<form>
-
<p>ENTER USERNAME :
-
<input type="text" name="text2">
-
</p>
-
<p> ENTER PASSWORD :
-
<input type="password" name="text1">
-
<input type="button" value="Check In" name="Submit" onclick=javascript:validate(text2.value,"Username",text1.value,"Password") >
-
</p>
-
-
</form>
-
<script language = "javascript">
-
-
function validate(text1,text2,text3,text4)
-
{
-
if (text1==text2 && text3==text4)
-
load('success.htm');
-
else
-
{
-
load('\Fail.html');
-
}
-
}
-
function load(url)
-
{
-
location.href=url;
-
}
-
</script>
|  | Site Moderator | | Join Date: Nov 2006 Location: UK
Posts: 14,581
| | | re: How to prevent website from being hacked into
Please use code tags when posting code:
[CODE=javascript]
Your Javascript code here...
[/code]
Looking at your code, it is too easy to log in. You shouldn't be using JavaScript for login. Anyone with even a basic knowledge of JavaScript will know what the username and password is.
Use a server-side language for login.
| | Site Moderator | | Join Date: Oct 2006 Location: The Great White North
Posts: 5,131
| | | re: How to prevent website from being hacked into
Quote:
Originally Posted by MistiBaban I use the following quote
-
<form>
-
<p>ENTER USERNAME :
-
<input type="text" name="text2">
-
</p>
-
<p> ENTER PASSWORD :
-
<input type="password" name="text1">
-
<input type="button" value="Check In" name="Submit" onclick=javascript:validate(text2.value,"Username",text1.value,"Password") >
-
</p>
-
-
</form>
-
<script language = "javascript">
-
-
function validate(text1,text2,text3,text4)
-
{
-
if (text1==text2 && text3==text4)
-
load('success.htm');
-
else
-
{
-
load('\Fail.html');
-
}
-
}
-
function load(url)
-
{
-
location.href=url;
-
}
-
</script>
Normally when validating a user's password we check it against a database of some sort that is stored on the web server.
I'm not sure what you are trying to accomplish with what you are doing in this code.
I think what you are trying to do is going to require some more intensive web programming....specifically Server Side coding to accomplish a proper login process.
I've moved your question to the JavaScript forum to see if anyone has more suggestions for you. I've also renamed your thread to better reflect your problem.
-Frinny
| | Newbie | | Join Date: Oct 2007
Posts: 11
| | | re: How to prevent website from being hacked into
Quote:
Originally Posted by Frinavale Normally when validating a user's password we check it against a database of some sort that is stored on the web server.
I'm not sure what you are trying to accomplish with what you are doing in this code.
I think what you are trying to do is going to require some more intensive web programming....specifically Server Side coding to accomplish a proper login process.
I've moved your question to the JavaScript forum to see if anyone has more suggestions for you. I've also renamed your thread to better reflect your problem.
-Frinny I understand what both of U said, sir
Thanking you for explain me
I have not so good idea on it but I want to learn it by trial and error methods
I am using a free web so I think I am not able to use Server Side coding.
It is a project of me but I want to make it really good
Can you help me to rearrange this code in this way that
When I enter the Username/Password into the form
It check the java script from another html page, which will never become in front, so no one could see the code if it.
| | Site Moderator | | Join Date: Oct 2006 Location: The Great White North
Posts: 5,131
| | | re: How to prevent website from being hacked into
Quote:
Originally Posted by MistiBaban I understand what both of U said, sir
Thanking you for explain me
I have not so good idea on it but I want to learn it by trial and error methods
I am using a free web so I think I am not able to use Server Side coding.
It is a project of me but I want to make it really good
Can you help me to rearrange this code in this way that
When I enter the Username/Password into the form
It check the java script from another html page, which will never become in front, so no one could see the code if it. I don't know how to do this without using Server Side code.
Look into what your web provider allows....maybe it'll let you use something like ASP or something?
-Frinny
| | Newbie | | Join Date: Oct 2007
Posts: 11
| | | re: How to prevent website from being hacked into
Quote:
Originally Posted by Frinavale I don't know how to do this without using Server Side code.
Look into what your web provider allows....maybe it'll let you use something like ASP or something?
-Frinny I have little idea on it but.......
Can I redirect the form, when press the submit, into another page where the check will be done by java script and allow or not allow to the private page on correct and wrong password respectively.
| | Site Moderator | | Join Date: Nov 2006 Location: UK
Posts: 14,581
| | | re: How to prevent website from being hacked into
Quote:
Originally Posted by MistiBaban I have little idea on it but.......
Can I redirect the form, when press the submit, into another page where the check will be done by java script and allow or not allow to the private page on correct and wrong password respectively. This can't be done with JavaScript. The JavaScript source can easily be seen.
Some free web hosts do include support for a server-side language, usually PHP.
| | Newbie | | Join Date: Oct 2007
Posts: 11
| | | re: How to prevent website from being hacked into
Quote:
Originally Posted by acoder This can't be done with JavaScript. The JavaScript source can easily be seen.
Some free web hosts do include support for a server-side language, usually PHP. Can U help me, sir ??????
I will publish my site from http://www.freewebs.com/impossibleworld/
What I will do ??
I already publish my site but due to the hacker I stopped it.
Please help me
| | Site Moderator | | Join Date: Oct 2006 Location: The Great White North
Posts: 5,131
| | | re: How to prevent website from being hacked into
Quote:
Originally Posted by MistiBaban Can U help me, sir ??????
I will publish my site from http://www.freewebs.com/impossibleworld/
What I will do ??
I already publish my site but due to the hacker I stopped it.
Please help me How do you know your site is being hacked?
| | Moderator | | Join Date: Mar 2007 Location: North Bend Washington USA
Posts: 5,370
| | | re: How to prevent website from being hacked into
Any company with an internet/intranet has this problem and no one shuts down the client's computer. The most common solution is after 3 failed logon attempts to that account, the account is disabled until there is an adminstrtive reset.
This gives you plenty of time to log the IP address of the client machine and identify the culprit.
| | Newbie | | Join Date: Oct 2007
Posts: 11
| | | re: How to prevent website from being hacked into
Quote:
Originally Posted by Frinavale How do you know your site is being hacked? I have already launched the total web site
But continuous false try make me puzzle
So I delete the site’s pages and left only one guest book until I prepare the protection
| | Site Moderator | | Join Date: Oct 2006 Location: The Great White North
Posts: 5,131
| | | re: How to prevent website from being hacked into
Quote:
Originally Posted by MistiBaban I have already launched the total web site
But continuous false try make me puzzle
So I delete the site’s pages and left only one guest book until I prepare the protection If your site has a guest book then it already uses Server Side code.
Find out what you're allowed to use and we'll help you to fix this....the other option is to contact the web provider and ask them if there are any security packages available for you to use.
-Frinny
| | Newbie | | Join Date: Oct 2007
Posts: 11
| | | re: How to prevent website from being hacked into
Quote:
Originally Posted by weaknessforcats Any company with an internet/intranet has this problem and no one shuts down the client's computer. The most common solution is after 3 failed logon attempts to that account, the account is disabled until there is an adminstrtive reset.
This gives you plenty of time to log the IP address of the client machine and identify the culprit. Yes, I know that sir.
But I am not so good in coding and encoding.
I am just now self learning from internet
I don't think that I can prepar those whole thing of 3 login chance, tracking IP etc
Once he/she submit me a challenge in me forum that he/she will hack me site password from http://www.freewebs.com/impossibleworld/ and change the password.
|  | Moderator | | Join Date: Aug 2007 Location: Bowmanville, Ontario
Posts: 329
| | | re: How to prevent website from being hacked into
Well, I understand that you are learning off the internet and may not have enough expertise to implement something like this - but any way you slice it.. if you want to do something like this you're going to have to learn how, or at least find out how and implement it - no matter what the solution happens to be.
You CAN do this without a server-side scripting language with some fancy use of XML/Javascript - but if it can be helped, I would use a server-side language instead. Any time you use a login module or keep track of information you should use a server side language. The reason for this is because server side languages are compiled on the SERVER, and the information is sent back to the browser in plain TEXT - so when someone views the source code, they have no idea what you've done - which means it's much more difficult for a hacker to get around your security if they don't know what you're doing to stop them from getting in.
Even to do this, without using a server-side language, you'd still have to know XML and have extensive knowledge of the Document Object Module - so you'll have to learn something either way.
I checked out freewebs.com and they don't mention anything at all about the technologies they support. I did see some screenshots of the interface and see that you can add a guest book - its a one button click, fill out some general info about it and it's done type of deal by the looks of it - so I doubt the company allows you to use server side languages. It's more of a one-click add on type of deal.
However, you can test out this theory if you like.
More than likely, if they support any server side language, it will be either ASP or PHP, and seldomly ColdFusion. You could create a couple of files in the root directory and run them to see if they execute or not - if they don't, you can't use them.. if they do.. right on! Let us know which and then perhaps a moderator can redirect this thread to one of the server side language forums where someone there can help you with a solid lock out implementation using whatever language it happens to be.
Copy this code into a new file called ASP_test.asp and run it. -
<%
-
Response.Write "Hello World!"
-
%>
-
Copy this code into a new file called PHP_test.php and run it. -
<?php
-
echo "Hello World!";
-
?>
-
If they fail, You could consider switching your host to something like ASP4Free.com or 1ASPHost.com or x10hosting.com just to name a few... which run server side languages.
Alternatively, If you REALLY want to ignore our suggestions and shy away from the Server Side language stuff, I could give you a brief run down on how to read and write to an XML file to store information like, in this case, the person's IP address, time and date of login attempt, how many login attempts have come from this ip address, the person's browser string, etc. The problem with doing this is that it's javascript, it's exposed when someone view's the source code of the page.
| | Newbie | | Join Date: Oct 2007
Posts: 1
| | | re: How to prevent website from being hacked into
Why not use a flash login form with the username and password embeded?? That will prevent the person to directly know the username or password unless he/she tries through the hard way, that is, saving the swf and decompiling it...at least u wont need server side scripting... but some basic flash knowledge will still be required or i think if you do a search on the net you can find some usable demos... , in this sense when u enter ur username and password it is validated in the swf itself and if true will redirect you to your desired url...
| | Newbie | | Join Date: Oct 2007
Posts: 11
| | | re: How to prevent website from being hacked into
Quote:
Originally Posted by markrawlingson Well, I understand that you are learning off the internet and may not have enough expertise to implement something like this - but any way you slice it.. if you want to do something like this you're going to have to learn how, or at least find out how and implement it - no matter what the solution happens to be.
You CAN do this without a server-side scripting language with some fancy use of XML/Javascript - but if it can be helped, I would use a server-side language instead. Any time you use a login module or keep track of information you should use a server side language. The reason for this is because server side languages are compiled on the SERVER, and the information is sent back to the browser in plain TEXT - so when someone views the source code, they have no idea what you've done - which means it's much more difficult for a hacker to get around your security if they don't know what you're doing to stop them from getting in.
Even to do this, without using a server-side language, you'd still have to know XML and have extensive knowledge of the Document Object Module - so you'll have to learn something either way.
I checked out freewebs.com and they don't mention anything at all about the technologies they support. I did see some screenshots of the interface and see that you can add a guest book - its a one button click, fill out some general info about it and it's done type of deal by the looks of it - so I doubt the company allows you to use server side languages. It's more of a one-click add on type of deal.
However, you can test out this theory if you like.
More than likely, if they support any server side language, it will be either ASP or PHP, and seldomly ColdFusion. You could create a couple of files in the root directory and run them to see if they execute or not - if they don't, you can't use them.. if they do.. right on! Let us know which and then perhaps a moderator can redirect this thread to one of the server side language forums where someone there can help you with a solid lock out implementation using whatever language it happens to be.
Copy this code into a new file called ASP_test.asp and run it.
-
<%
-
Response.Write "Hello World!"
-
%>
-
Copy this code into a new file called PHP_test.php and run it. -
<?php
-
echo "Hello World!";
-
?>
-
If they fail, You could consider switching your host to something like ASP4Free.com or 1ASPHost.com or x10hosting.com just to name a few... which run server side languages.
Alternatively, If you REALLY want to ignore our suggestions and shy away from the Server Side language stuff, I could give you a brief run down on how to read and write to an XML file to store information like, in this case, the person's IP address, time and date of login attempt, how many login attempts have come from this ip address, the person's browser string, etc. The problem with doing this is that it's javascript, it's exposed when someone view's the source code of the page. Sir,
I am never shy for learning.
It is not the matter of shy that 'i don't know'
But it is the matter of shy if 'i don't want to know'
I use the two code given by U. U can see the results, directly :- http://www.freewebs.com/impossibleworld/ASP_test.asp http://www.freewebs.com/impossibleworld/PHP_test.php
I also open an account in ASP4Free.com (it only support .asp).But, may be due to lack of my knowledge; i am not able to run 'ASP_test.asp ' there.
I need your help, Sir. What I will do know and how I can run 'ASP_test.asp' in ASP4Free.com (can u explain me a little more step by step).
Beside all this, I request U to send me a brief run down on how to read and write to an XML file to store information like, in this case, the person's IP address, time and date of login attempt, how many login attempts have come from this ip address, the person's browser string, etc. Because I want to learn all this (U can e-mail me in ****)
I REALLY NEED HELP. I AM WAITING FOR YOUR RESPONSE.
| | Site Moderator | | Join Date: Nov 2006 Location: UK
Posts: 14,581
| | | re: How to prevent website from being hacked into
I have removed your email address not only for your protection, but it is also against the posting guidelines.
Are you familiar with any server-side language or are you learning from scratch?
| | Newbie | | Join Date: Oct 2007
Posts: 11
| | | re: How to prevent website from being hacked into
Quote:
Originally Posted by acoder I have removed your email address not only for your protection, but it is also against the posting guidelines.
Are you familiar with any server-side language or are you learning from scratch? Sorry Sir, that I post the e-mail, It is my first time in a forum, so I am not familier with rules.
Yes, I am learning by myself from some e-book,scratch,javakids sites etc.
But I promise if U send me something I will try, more than of my best to learn it and understand it.
| | Site Moderator | | Join Date: Oct 2006 Location: The Great White North
Posts: 5,131
| | | re: How to prevent website from being hacked into
Quote:
Originally Posted by MistiBaban Sir,
I am never shy for learning.
It is not the matter of shy that 'i don't know'
But it is the matter of shy if 'i don't want to know'
I use the two code given by U. U can see the results, directly :-
http://www.freewebs.com/impossibleworld/ASP_test.asp
http://www.freewebs.com/impossibleworld/PHP_test.php
I also open an account in ASP4Free.com (it only support .asp).But, may be due to lack of my knowledge; i am not able to run 'ASP_test.asp ' there.
I need your help, Sir. What I will do know and how I can run 'ASP_test.asp' in ASP4Free.com (can u explain me a little more step by step).
Beside all this, I request U to send me a brief run down on how to read and write to an XML file to store information like, in this case, the person's IP address, time and date of login attempt, how many login attempts have come from this ip address, the person's browser string, etc. Because I want to learn all this (U can e-mail me in ****)
I REALLY NEED HELP. I AM WAITING FOR YOUR RESPONSE. I recommend posting your questions in the ASP forum since you're going to be learning ASP.
A good place to start learning ASP is the W3C site.
You can find an ASP tutorial on W3C.
Cheers!
| | Newbie | | Join Date: Oct 2007
Posts: 2
| | | re: How to prevent website from being hacked into
One easy way to get around this is to use image verification. Something like this. Its free to use. http://www.cisin.com/Image_Verificat...and_Script.htm
You can also use a free service to create a client side password protected page. In such cases the client side code is not readable by human.
|  |
Similar JavaScript / Ajax / DHTML bytes | | |  /bytes/about
We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights.
Get the best answers to your questions from over 226,467 network members.
|
