infinix x yugatech

[ The Internet ]

How to prevent defacements?

Editor-in-chief July 7, 2006 · 2 min read
Listen to article
TRENDING
AMD Radeon RX 9070 GRE announced GPD MicroPC 2 with Intel Core 3 N350 announced Nintendo Direct to unveil Switch 2 games for second half of 2026 iOS 27 Beta Is Out, But You'll Need to Join a Waitlist to Try the New Siri AI Everything Apple Announced at WWDC 2026

Several blogs on our lot was target of defacements earlier this morning. Two were Connie’s food blog, one of Chin Wong along with two others. It’s always a dreaded thought that one of your sites or even servers getting hacked by some punk from Russia (or where ever).

I first got notice of the series of defacements last night while updating of our blogs on that server. Only one page was defaced and that’s the readme.html of the stock WordPress installation file. It was obvious how it was done because the file has write permissions for basically anyone to tamper with (chmod+666). Deleting the file and checking permissions of other files and folders was the logical move to fix that. And I thought that was all of it.

Or so I thought. Early this morning, we got calls that there were other defacement on the same server — 4 more blogs running on WordPress and Expression Engine. I really thought the entire server was compromised so we had to spend the entire day checking practically hundreds of other sites on that same rig. Though we’re still not 100% sure exactly how all these happened at the same time but evidence of cross-site scripting and improper folder permissions were the primary reasons.

How to prevent this in the future:

  • Check your blog/sites for improper file/folder permissions. The plugins folder or the themes folder of your WordPress account is the more common entry-point.
  • Check registration access levels – leave them at Subscriber level if possible.
  • Always check for newer updates. EE had a vulnerability report posted last January so if you’re not aware of them, do regularly check your blogging software provider for updates, patches and other fixes.
  • Always have a local copy of your DB and your files. For WP, there’s a DB Backup plugin for this and always have your existing themes in your PC. Will be helpfull when the time comes.

I’m sure we’d get some heat from this but battling hackers, spammers, and phishers is no easy task and a continuous effort. We get literally dozens of brute force attacks everyday and all we can do is be alert as ever. Any provider saying they’re 100% hack-proof is only asking to be targetted by more attacks.

All we can do is learn from this incident, be more carefull and move on.

React to this article:
More on How
Written by
Abe Olandres

Abe Olandres

Editor-in-chief

Abe is the founder and Editor-in-Chief of YugaTech with over 20 years of experience in the technology industry. He is one of the pioneers of blogging in the country and is considered by many as the Father of Tech Blogging in the Philippines.

8,007 Articles
View all posts by Abe Olandres →

Related Articles

DJI Avata 360 — why it changed the way we shoot videos

NVidia makes RTX Spark official

Watch: Xiaomi 17T Pro Review

Summer Game Fest 2026 showcases new PS5 games

Persona 6, Spyro game announced at Xbox Games Showcase 2026

Xiaomi 17T Pro vs. Xiaomi 15T Pro: What’s different?

10 Comments

ER
eric · 20 years ago

naku.. kinda techie ito..

my blog is in your hands abe.. hehehe

uy panu pala mag install ng latest version ng wordpress? thanks!

im a bit afraid mag install ng kung ano ano sa blog ko baka biglang mag loko ang blog ko. ehehe


Reply
AB
Abe Olandres Editor-in-chief · 20 years ago

Found 3 more defaced sites today, all of them have 777 folder permissions.


Reply
NO
Noemi Dado · 20 years ago

a cpanel security flaw?


Reply
CO
Connie · 20 years ago

3 extra folders were uploaded to Pinoycook.net (running on WP), each containing an index.html file with the blah blah info of the asshole.


Reply
CO
Connie · 20 years ago

In the case of pinoyfoodtalk.net, running on Expression Engine, six folders with .htaccess files were uploaded and the index.php file on the main path was overwritten. It couldn’t have been done through the EE admin panel because you can’t touch the index.php file from there. Has to be via FTP or the Cpanel.


Reply

Leave a Reply