Jump to content
DennisLinkletter

We were hacked again.. ARGH..

Recommended Posts

Argh despite having top notch security using Sitelock.com Determined hackers entered the site thru my other site HandHewnFloors.com that was on the same server and unsecured. Alarms were set off by some of the malicious code they were slipping into the site.

In the last few weeks, it got so bad that every time I changed pages I would be logged off. I could not post or sometimes even browse the forum. Next they next locked me out of the admin side and I had to contact DJ to use his username and access.. Argh and double Argh..

We have moved unsecured HandHewnFloors.com off the server and they are removing the malicious code which they say is very cutting edge and sophisticated.. not some amateur messing with me.

As far as I know I have no unhappy customers..

I have no real competition..

So who's messing with me?

LOL

Link to comment
Share on other sites

Re: We were hacked again.. ARGH..

Dennis, I think I know your issue, you should be using top notch security software not " not notch security." Kidding of course. I've never understood hackers, what a waste of time hacking into a cooker site? Maybe RJ has taken some computer courses ;)

Link to comment
Share on other sites

Re: We were hacked again.. ARGH..

Don't feel personally targeted - the attackers have little interest in the nature of your site. What they typically do want are resources and credentials. They use your resources to send spam - often making it look like it is coming from a legitimate source. They place malware on your site so the seemingly safe URL they include is actually a link to a virus - sometimes embedded in a PDF or similar file. And they want login credentials since lots of people use the same passwords on multiple sites.

Attacks are automated - it's pretty easy to scan for vulnerable Wordpress (or Joomla, Drupal, etc.) sites and automatically compromise them. The compromised sites are then often sold to the evildoers on the black market. Lots of compromised sites are needed since many scams are hit-and-run. The "I hate to bother you but I was robbed in London and they won't let me leave. Please wire money..." type of scam needs to con its suckers over just a few hours or a day or two so they can clear the account and run before anyone complains. Lots of sites are also needed to launch certain large-scale distributed denial-of-service attacks where a site is slammed by too many requests coming from so many sources that they can't be easily identified and blocked by firewalls. Often the DDOS attacks are politically motivated.

Wordpress, in particular, has been under heavy attack this year:

http://ithemes.com/2013/04/15/ongoing-w ... solutions/

So what's a site-operator to do?

1. Apply security patches immediately and religously.

2. Read the security best-practices for your software and use them. Things like changing the path to the admin areas can help - not by actually fixing security holes but by making it harder to scan/attack your site perhaps buying you some time between discovery of a flaw and patching it. (Moving the SSH ports from the standard port 22 on my servers dropped the number of attacks from thousands/week to essentially zero. If nothing else, it makes it lots easier to scan my logs for real problems.)

3. Use an intrusion-detection-system so you can be notified of trouble immediately.

4. Backup, backup backup. And keep multiple rotating backups that go back a reasonable amount of time so you don't discover that your only backup is also compromised.

What's a user to do?

1. Use a good password. Simple brute-force trial of the ones on this list will get you into an absurd percentage of accounts: http://www.symantec.com/connect/blogs/t ... s-all-time. I typically use a 15- to 25-character random string.

2. Don't use the same password on different sites.

3. Survive steps 1 and 2 by using a password manager. I like the free and open-source program "Keepass" but there are lots of others.

At a minimum, don't use the same password you use for social-media and forums as your password for important sites like banking, medical or email. Email?!? Yes. Treat your email password with utmost care since almost every site including banking and finance have a "email my password" or "reset my password" feature.

I'm sorry to hear you were hacked. It is a real PITA. Good luck in the cleanup and lockdown.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...