Site Hacking and Contingency Plans

Every once in a while, I’d receive text messages or emails from bloggers and website owners asking for advice whenever their site is hacked. Being a blogger myself running dozens of sites and also a web hosting provider, hacking/cracking and other exploits are not new to me. We’ve experienced them on so many occasions and on just so many levels. More often than not, it is hard to explain how the site was hacked. It’s even harder to really trace down the hacker and what damage has been done.

Imagine your server or website is like a house. Burglars will attempt to get inside and the first thing you do is lock all the doors and windows. But that’s not all you need to consider. You will also need to look into the number of lock, the type of locks, and other triggers or alarms. In order to fully understand this, let me point out some of the more common ways hackers can gain access to your website or server.

Poor passwords. These passwords could be for an administrator account of a blog or forum, an FTP account, database or the control panel (e.g. cPanel, Plesk). Did you know that the most common password is the word “password“? Having a very poor password is like giving away the key duplicates to your door. Create a strong password with a combination of numbers, letter and special characters. Make it no less than 8 characters in length and regularly modify that password.
Old versions of apps or scripts. Older versions of web scripts or applications like WordPress, vBulletin, phpBB, Coppermine Gallery, etc. will more likely to have holes or vulnerabilities in them. Always make sure to have the latest and most stable versions of these applications. A lot of government websites have been hacked in the past because their webmasters are so fond of installing the forum script phpBB yet do not update them for months or even years.
Exploits and vulnerabilities. Some home-made scripts/apps could be coded very poorly that it’s highly susceptible to exploits, XSS, or SQL injections. This also applies to plugins, extentions and add-ons to blogs or forums. Usual targets are web upload scripts or guest books. This is closely related to the previous point.
Unprotected folders and insecure files. We usually create folder or directories in our account and we sometimes forget to protect them or apply the proper security access. If they remain insecure or writable, anyone can basically upload a file or script into that folder, execute it and do damage. Regularly check the folders and files in your hosting account see if they have the correct write permissions (usually CHMOD 644 or 755). The same way is true for scripts or HTML pages which may have global write permissions.
Server compromise. Such cases involve rootkits or hacks targeting the entire server, often with administrator (root) control. The compromise might come from the OS or kernel level, or application/service level like SQL, Apache/IIS, DNS or PHP.

A 100% secured server is a myth. No one can guarantee it. All hosting provider, big or small, will have encountered such incidents at one time or another. How, how do you minimize this?

Regularly change passwords. And make them hard to guess (especially from brute force).
Update, update, update. A huge percentage of a defaced websites are caused by old, un-updated or vulnerable scripts.
Be aware/familiar of the files and folders in your account. Report suspicious folders or scripts to your provider.
Backup files, emails, and databases. You might need a re-install of everything if hack cannot be fixed or completely cleaned up.

Many people don’t realize this but the hardest part in running a website is actually securing it.

Abe Olandres

Abe is the founder and Editor-in-Chief of YugaTech with over 20 years of experience in the technology industry. He is one of the pioneers of blogging in the country and considered by many as the Father of Tech Blogging in the Philippines. He is also a technology consultant, a tech columnist with several national publications, resource speaker and mentor/advisor to several start-up companies.

https://www.yugatech.com

10 Comments

Isabelle says:

11 years ago

Whether USB host mode is enabled by default depends on the device,
however. Vending machines are entering the world of high-tech — witness the wi-fi vending machiunes in Japan.
There have been a coupple of statements to have managed this i – Phone hack best but so
significantly it is really all just rumors though it appears
that a couple are without a doubt finding shut and have managed to
achieve possession of the file program.
- Reply
mikeinmanila says:

16 years ago

Hi Guys,
Not sure what happened on my blog or if there is some form of attack that deletes posts. In my case over a year of posts just are gone. Fisrt some of the formating changed – I swithed themes to try to fix it on wordpress 2.7 only to return a few hours later and find all the posts – gone.
I checked for recent visitors and found a site linked to a politcal campaign that I had commented about – also a couple of others.
strange – my blog had been dormant for a while – busy with work.
Fortunately for me I report a lot of my content on open (free sites) often cross posting as a contingency if the owned url goes down or is attacked.
So my question is – how did they do it.
the coments are still there – the other widgets are up but the main articles are all gone.
Any ideas? I’m working slowly to build it next week.
Also my geek advisor told me the could have accessed me though twitter to get to the posts somehow? Is that possible – looking at the main dashboard everything looks normal.
Its just all the posts are gone… so much for a years worth of blogging….
thanks for listening.
Mike Cohen
AKA MikeinManila
- Reply
retz says:

17 years ago

bl0g back-up online anyone?
- Reply
retz says:

17 years ago

Rick’s [project manila] site was hacked last week. Someone got hold on to his google acct passwords. They’ve deleted his email/ blogger acct (according to him), he said his adsense acct. was untouched.
Hay…
- Reply
SELaplana says:

17 years ago

thanks a lot…. maybe it’s again time to backup…backup and backup
- Reply
Andrew says:

17 years ago

Hi Abe, thanks for your help. *The coast is clear*. Anyway, here’s the official announcement from Dreamhost:

http://urltea.com/pxp
- Reply
Jaypee says:

17 years ago

I just posted about Dreamhost’s security being breached. I’m hosted with Dreamhost and luckily my account was not of those that was breached. Anyways, I still changed all my passwords and checked my FTP folders just to be sure.

Btw, about what nemo mentioned, I also tried accessing this site about the same time as nemo and it was down.
- Reply
Alwell says:

17 years ago

One of my friend uses “password” as his game password. Imagine that.
- Reply
nemo666 says:

17 years ago

i visited your site last night. and its down..i think your site was DDOSED. but now its now up.. baka meron naiinggit sayo kaya tinitira ang site mo.
- Reply
noemi says:

17 years ago

yeah even one of the biggest hosting provider like dreamhost

http://www.caydel.com/dreamhost-leaks-3500-ftp-passwords/
- Reply