Hey Guys & Gals,
This is something that is bound to happen to everyone at some stage, some may find it, some may never know it even happened to them, but I can guarantee that your sites would have had a hacking attempt on them at some stage.
So this is the second time we have been hacked and malicous code has been placed on all of our index type pages. So what does this mean? By targeting the index pages it means that the hackers can put their code in the most prominent places where users are most likely to access a site through (the index pages are usually the first a user will hit), whilst also disguising themselves as index pages are also the most commonly modified by site owners.
After the first case we went and set extremely strong passwords, the chances of cracking these without a super computer are nil to zero, you have a better chance of winning lottery, we will show you some services that you can use shortly that are free for this.
But we fell apart with a poor system to back it up. That system was maintaining security throughout all access points.
After the first attack we locked down all ftp access to the site, from then we only issued access to those that needed it, and created a new limited ftp account for those to use.
The problem was the new accounts we did not set as strong as the main account, and gave it too many rights, and did not change or remove it when the programmers had finished.
This led to a simple dictionary attack on our ftp server, one which was then successful and gave them full root access to our files.
This was done on August the 17th, only a few days ago.
They got a little trickier this time by limiting our IP address’s and blocking them so that when we visited the page our IP would not activate the evil virus spamming code. Certain other IP’s would activate it.
All files are now clear and even further things have been put into place to limit this again.
So let me outline 10 steps that can help you protect yourself.
1. Do not use simple passwords (come on its the first rule!!)
We know you make simple passwords like, evenmydogcouldguessthis or imso1337 (trust me leet or 1337 speak does not keep you secure despite how often you wish it would).
Instead use a random password generator that even you cannot remember, two such sites that are very good are these two.
http://www.pctools.com/guides/password/
“The PC Tools Password Generator allows you to create random passwords that are highly secure and extremely difficult to crack or guess due to an optional combination of lower and upper case letters, numbers and punctuation symbols.”
https://www.grc.com/passwords.htm
“Every time this page is displayed, our server generates a unique set of custom, high quality, cryptographic-strength password strings which are safe for you to use:”
2. Keep your site software up to date
Something we are now doing is going through all of our sites (yes even including this WP install) and updating any scripts that have updates out for them to make sure they are secure and not providing a simple hack for people to exploit.
3. Create unique accounts to access your server
If you need to give access to your server for an outsource agent, a server technician, or even someone in your office. Go to the trouble of setting up extra ftp accounts and access accounts per person, using the same secure measure as step 1. Trust me you will thank yourself for it. At least we were able to instantly see which account was compromised.
This may also lead you to knowing if a particular computer within your network is compromised. If a worker only ever uses that computer and his or her accounts are compromised then you may want to check that computer for key loggers and other nasty bugs.
4. Try not to use 777 permissions
At max you should only use 755, on an apache server you can have phpsuexec installed that will make it impossible for a script to use 777 permissions and runs all php files as site owner. So I hear you say, but I own my own dedicated server so there are no other site owners?
Two great simple explanations of phpsuexec are:
http://forums.hostgator.com/showthread.php?t=8822
http://support.pakhost.com/Default.aspx?op=faq&id=133
Do you have multiple sites on the server? Multiple accounts for those sites?
If so then this just gives you another avenue to track and find out exactly which site is causing exploits and issues for your server whilst also providing a more secure environment.
5. Lock down FTP access
If you are super security aware and you have a dedicated IP at your place of business then you may want to consider limiting your server so that it will only accept ftp connections from your IP address or any other IP that you add to it.
You can temporarily add in IP’s when needed and remove them when not needed. A good explanation on setting up FTP configuration files in Apache can be found at.
https://www.covalent.net/resource/documentation/ftp/3/html/ch03s02.html
6. Limit general site access via IP
This is the reverse of step 5, If you know a particular IP address or range to be causing you a lot of issues then you can just permanently deny them from accessing your site/server. This is also a benefit in that it blocks total access to your server if you wish, not just blocking off ftp access.
A basic how to guide for the slightly technically minded (aka you can get around a linux/unix based system)
http://www.howtoforge.com/linux_iptables_sarge
7. Custom 404 page.
So how can a custom 404 page help you?
You would be amazed at how many attempts are made to do sql injections and other nasty script exploits through searching your site for certain file combinations. Especially if you have many sites you will start to see a pattern that wannabe hackers are looking for. This tip was from Dewald from our forums.
Of course good old wordpress gives a simple way to implement this, you can take this code and also implement it in non wordpress sites.
http://codex.wordpress.org/Creating_an_Error_404_Page
8. Make sure your server is updated with latest security patches.
Seems simple doesn’t it. Fact is not all hosting companies will do this, or it is a low priority for them. If they are not showing any interest then find a different host, your data is important.
9. Use an automated testing service.
Hacker Safe jumps to mind as an automated testing service, whilst not needed on most sites, if your site is anything more then a hobby site and you do not have your own security guys to do this, then you may want to look at using their services.
Their service description page is below:
http://www.scanalert.com/site/en/security/service/
10. Did I mention strong passwords!!!
Seriously first line of security and one of the most important. Most hackers are looking for easy attacks, that means brute force dictionary attacks using common words and passwords. Limit this and you have just cut away most of your issues.
Now there are heaps of other things you can do to secure your servers, this is mainly from a website point of view. Security is one of the largest topics discussed in the server admin community. Here is another resource on 20 ways to secure your apache server
Thanks for reading
Marc, Daniel & The PLRPro Team
PLRPro - Trial The Best PLR Content For Only $1
Trial the best PLR content membership on the internet for only $1. Everything you need to get started making money online…
Niche Annihilation Method
The SHOCKING Story Of A 23 Year Old Kid With Just A Few Hundred Dollars Kicks Mega Corporation And Huge Governments Ass\’s In Google, Yahoo And MSN
Popularity: 20% [?]
