Site Hacking and Contingency Plans
Every once in a while, I’d receive text messages or emails from bloggers and website owners asking for advice whenever their site is hacked. Being a blogger myself running dozens of sites and also a web hosting provider, hacking/cracking and other exploits are not new to me. We’ve experienced them on so many occasions and on just so many levels. More often than not, it is hard to explain how the site was hacked. It’s even harder to really trace down the hacker and what damage has been done.
Imagine your server or website is like a house. Burglars will attempt to get inside and the first thing you do is lock all the doors and windows. But that’s not all you need to consider. You will also need to look into the number of lock, the type of locks, and other triggers or alarms. In order to fully understand this, let me point out some of the more common ways hackers can gain access to your website or server.
- Poor passwords. These passwords could be for an administrator account of a blog or forum, an FTP account, database or the control panel (e.g. cPanel, Plesk). Did you know that the most common password is the word “password“? Having a very poor password is like giving away the key duplicates to your door. Create a strong password with a combination of numbers, letter and special characters. Make it no less than 8 characters in length and regularly modify that password.
- Old versions of apps or scripts. Older versions of web scripts or applications like WordPress, vBulletin, phpBB, Coppermine Gallery, etc. will more likely to have holes or vulnerabilities in them. Always make sure to have the latest and most stable versions of these applications. A lot of government websites have been hacked in the past because their webmasters are so fond of installing the forum script phpBB yet do not update them for months or even years.
- Exploits and vulnerabilities. Some home-made scripts/apps could be coded very poorly that it’s highly susceptible to exploits, XSS, or SQL injections. This also applies to plugins, extentions and add-ons to blogs or forums. Usual targets are web upload scripts or guest books. This is closely related to the previous point.
- Unprotected folders and insecure files. We usually create folder or directories in our account and we sometimes forget to protect them or apply the proper security access. If they remain insecure or writable, anyone can basically upload a file or script into that folder, execute it and do damage. Regularly check the folders and files in your hosting account see if they have the correct write permissions (usually CHMOD 644 or 755). The same way is true for scripts or HTML pages which may have global write permissions.
- Server compromise. Such cases involve rootkits or hacks targeting the entire server, often with administrator (root) control. The compromise might come from the OS or kernel level, or application/service level like SQL, Apache/IIS, DNS or PHP.
A 100% secured server is a myth. No one can guarantee it. All hosting provider, big or small, will have encountered such incidents at one time or another. How, how do you minimize this?
- Regularly change passwords. And make them hard to guess (especially from brute force).
- Update, update, update. A huge percentage of a defaced websites are caused by old, un-updated or vulnerable scripts.
- Be aware/familiar of the files and folders in your account. Report suspicious folders or scripts to your provider.
- Backup files, emails, and databases. You might need a re-install of everything if hack cannot be fixed or completely cleaned up.
Many people don’t realize this but the hardest part in running a website is actually securing it.