|
|
How
to prevent website hacking
Why
is there so much hacking going on?
Hacking into websites for the purpose of
setting up web-based applications from
which to conduct criminal activities has
become a mayor industry on the world wide
web due to a huge demand by the criminals
for server access which cannot be traced
back to a fixed address or person. And
because police forces either don't have
the mandate or the resources to police
this type of cross border activity, this
industry is growing at an incredible rate.
And because illegal server access is often
terminated as soon as site owners or data
centres detect it, there is an ongoing
demand for new hacked account access.
What is hacking?
Hacking is unauthorised use of a computer
or network resource. A hacker used to be
someone who was seen to be a very skilled
programmer. But now (2011), a hacker
generally is assumed to be a criminal,
although there are skilled programmers who
offer their services in order to probe
networks and systems for security holes.
They too are hackers, but they have
permission to break into systems to test
for vulnerability and are not referred to
as hackers.
It is not just the good guy who builds the
nice browser we use, who is a clever
programmer. The bad guy who builds hacking
software is equally clever. It is also not
uncommon for a good guy to join the bad
guys because the pay is much better.
Why do sites get hacked?
In the old days, website hacking generally
just consisted of changing web page
content, in most cases. Hackers were
showing off their skills to each other.
But as Internet crime grew into an
industry, the demand for anonymous server
access from which the fraudsters can set
up their criminal activities grew too.
The requirement for hosting accounts who's
mail servers can be used to mail out spam
is the main motive for hacking into
website accounts. The reason behind this
is that if a hacker purchases a legitimate
hosting account for the sole purpose of
sending out spam, the webhost will delete
the account as soon as it finds out this
user is spamming from their servers,
because spamming does not only place
enormous loads on a shared server which
will slow down all the other websites
hosted on it and degrade their hosting
service, but it often also results in the
webhost having his IPs blacklisted which
means that most users on the server will
be unable to send or receive emails.
The spammer may also be taken to court by
the host for breach of contract. However,
the spammer could simply purchase another
hosting account, but this account will
also get deleted very quickly with maybe
even more court action against him. It can
get very expensive if a spammer has to
purchase a new hosting account twice a
day, not to mention all the time he has to
spend in court. And, if the spam he is
sending out is to sell fake Viagra or some
other illegal scam, the police may also be
knocking on his door. Therefore, ideal
hosting access for a spammer who is
committing online fraud is from a server
who's owner does not know his name or
address. That's why hacking is such a huge
business. Most hackers do not send out
spam, they just sell access to hacked
accounts to the spammers.
But spamming is not the only reason for
the requirement of hosting accounts.
Phishing is now also a huge activity. The
way it works is the criminal sets up a web
page to look just like the login page of
an online bank. In the old days, when you
looked at the domain name for the fake
login page url, it would appear to look
authentic, for example
www.PayPal.com.loginpage_03928834322_0393943-blah-blah_lots_of_numbers.x9internet.com
It
is basically a domain name with lots of
sub sections in font of it and the url is
so long that you could not see the actual
domain name right at the end,
x9internet.com, as in this example, as it
is off the screen on the right and not
visible in the location bar. What you do
see clearly is the beginning which starts
with www.bank-name, so it looked trusting.
Then they emailed millions of folks and
the naive ones, or newbies, who also
happen to bank with that bank, may "log
in" with their username and password and
date of birth and hat and shoe size and
all the stuff the criminals needed to grab
your funds, only for this user to find
later that the bank must have "made a
mistake" because all their money is
gone!
But since then the hackers got even better
because the modern browsers offered them
the opportunity to make this scam even
more authentic looking. The new browsers
allowed them to fake the url without
having to add lots of numbers to shove the
real domain name outside the visible
field. With these new browsers they are
allowed to replace the actual url with a
fake url, such as
http://www.natwest.com/account_login/
which is all the victim will see in the
browser location bar.
Looks quite authentic and normal, don't
you think? And this login page looks just
like the one the customer is used to log
in every day.
We
found out about this trick when using an
old classic Macintosh computer. The widget
which is being used to hide the real url
does not work on an old Mac and we can
clearly see the url is pointing to a
hacked hosting
account.
Some hackers also carry out the actual
criminal activity, and those ones are
harder to spot because they trickle out
their spam in order to not get detected,
at least not for a while. But most hackers
simply just sell access to hacked accounts
to as many spammers and phishers they can
find and this often overloads the server
which then crashes, taking every single
website offline - even the ones which were
not hacked into. The spammers don't wait
for the server admin chap to restart the
server before they carry on with their
spamming, they plug software into the
hacked account which will check if the
server is back online before sending out
more spam until it crashes again, and so
on. This goes on for as long as it takes
for the server admin chap to study log
files to figure out which account was
compromised.
How do sites get hacked?
Some hosting companies will say hacking is
caused by insecure or incorrectly
configured servers and will use this line
to lure your business away from your
current host. Some old-school customers
will immediately move to another host when
their host announced that a server was
compromised because they ignorantly
believe their hosting company does not
know what it is doing.
The truth is, as soon as you connect a
server to an IP address, someone will be
connecting to it for the purpose of
gaining unlawful entry. Hackers do not
target specific users, firms or servers.
Their software hunts through a list of IP
addresses. If your server IP number
happens to be on the list, then your
server will become a target.
The best way to hack into a hosting
account is not to try and hack into a
server because that has become pretty much
impossible now, but to look at the
software a user may run on his/her hosting
account. Any software which can send email
is a potential candidate. Wordpress is the
most used application and accounts for 19%
of all websites on the Internet. When you
install Wordpress the software will
automatically create the administrator
user which is names 'admin' and then you
set your preferred password. And because
your cat's name is Molly, you figure it
cool to use Molly as the password. The
criminals who are preparing their hacking
software to break into your Wordpress
account don't yet know that your password
is Molly. But what they will assume is
that you never bothered to change the
administrator username from admin to
something harder to guess. Most people
don't bother. So the crooks take a list of
registered domains and feed that into
their hacking software which will attempt
to log into Wordpress as the user 'admin'.
Now there is only one layer of protection
for your Wordpress site, your password.
But the thieves have got that one covered
too. Their software runs a combination of
dictionary words, and names of cats, and
they will have logged into your account in
no time at all.
Okay, renaming the username from admin to
something hard to guess and also using a
secure password with upper and lower case
letters and other symbols like the plus
and pound sign or underscore, now there is
less chance they can brute force their way
into your Wordpress account. But the
Wordpress Botnets are working on this
now.
But there is a much easier way to break
into your Wordpress account.
The hackers know that many Wordpress
account owners are lazy and just don't
bother to update their software. Other
folks may install Wordpress to set up an
online business, only to find that it is
not making money, so they just abandon
their site and because they may have
prepaid hosting for a whole year, this
gives the criminals plenty of time to
develop an exploit for that version.
And another easy way for the crooks to get
into your Wordpress account is to build a
cool plugin which does something nice,
then offers it as a free download. You
then install the hacker's software in your
account and the hacker has access to your
site. It's really easy.
As soon as they gain access they can
upload and install whatever they like and
sell it to the spammers and phishers.
That's when your account will be switched
off by your host. You cannot submit a
support ticket to request that they click
something with the mouse to unhack your
website. You will have to start rebuilding
it from scratch because if you had your
site hacked in the first place, you most
certainly will also not have made a backup
of your content or database. However, you
may have signed up for dedicated file
backups, but these backups may also be
infected because the hacker may have a
long list of hacked accounts for which he
installed backdoors. He may not get round
to selling spammer access for your site
for some time, and the server would just
backup the backdoors.
It is not just Wordpress which the hackers
target. Joomla and a number of ecommerce
applications and galleries are also in the
firing line. Any popular software which
sends email or allows remote uploads is
targeted.
Just looking at a web page can get your
PC infected and your mail or ftp account
hacked.
You may remember the Microsoft Internet
Explorer issue from 2010, when Germany's
Federal Office for Information Security
advised their entire population not to use
any version of the Internet Explorer
browser. France and Australia did the
same. The clever hackers discovered
exploits in Microsoft's browser and by
creating popular websites, such as free
download and porn sites, innocent visitors
arrived in their IE browsers and as the
page loaded, a clever little bug jumped
onto their PC from the website. One such
bug, Aurora, allowed the hacker access to
companies' internal systems. Another type
of bug looks up the ftp and email login
details as well as the password, because
most folks are lazy and just save the
password in the program, because it is so
much easier and saves having to use some
brain cells trying to remember it without
having to spend energy moving those
fingers over the keypad.
The bug emails these login details to the
hacker and then deletes itself to prevent
detection and the criminal installs
scripts on the victim's hosting account.
These scripts are operated remotely by
logging into a url, such as
www.yourdomain.com/images/3gif/temp/scamming-page.php
and even if you change your ftp password,
the hackers who already have their scripts
installed, will stay there until the
account is deleted by the data centre.
How can I help prevent my site from
getting hacked and having to go through
the trouble of creating my website from
scratch again when it got
hacked?
Choose
a strong password and keep it safe
I good password which is also easy to
remember is your mobile phone number
combined with your car registration and
followed by a question mark for the first
login and perhaps the exclamation mark for
a second login, and so on.
Do not save your ftp or mail logins
inside the program
This will guarantee a compromise at some
point. The feature of allowing you to save
your password inside the program should
have been removed many years ago.
Keep your software scripts up to
date
Installing Wordpress and just let it run
on its own is a guaranteed way to invite
the hackers. Always check and install
updates, patches and new versions. If you
are running a CMS or forum, avoid random
plugins and only download plugins from
websites which you trust.
Keep your PC virus free
A large amount of criminals gain access to
your hosting account via a Trojan, Virus
or Key Logger which was planted on your PC
when you visited a seemingly innocent
website, created by the hackers. Internet
Explorer users have been exploited in this
way. Macintosh users don't have this
problem, yet.
Do not use 777 permissions
Assigning this permission to a file or
folder is like leaving your front door key
under your font door mat. Scripts which
were written with security in mind, will
still function when you assign 755 to
files and folders to which the script
needs to write data.
Backup your website
By backing up your entire site regularly
and saving all recent recent backups, data
loss will be kept to a minimum with only
minor work required to rebuild your
website on a cleaned hosting account.
Unless you have purchased a separate
backup service for your hosting account, a
hosting company is not responsible for
your data.
Don't place blame elsewhere
When your site gets hacked, submitting a
support ticket to get your hacked site
"fixed" may not be successful. Web hosts
are not responsible for websites which are
hacked. It really is your responsibility
to generate regular backups, to keep your
login details safe and to not install
components from the Internet from sites
which you do not know.
Where
can I get a hosting account which will not
go offline when another user on the shared
server gets his site hacked and the
spammers are using up all the server power?
I also would like regular backups carried
out and saved as restore points, so that
if my site gets hacked, all I need to do
is to revert to an earlier copy of my site
to a time before the hacker got in to
plant his back doors all over the place -
Click
Here
>>
|
|
|
|
|