Beware Domain Hackers!
Those of you with web sites or, especially, domains, please note: Make sure you have a strong password containing letters and numbers. Make it long. I had a 7-letter password on my domain and it was just hacked. I lost control of the domain.
Here's how to check:
1. Google your site or domain. EG in my case I googled http://www.citiria.com - to my surprise I discovered a host of links pointing to cialis and viagra and so forth.
2. Periodically check your index.html or index.htm file for the domain or site. When I did this I discovered a very large section containing hundreds of lines of links to drug and porno sites. The html had been set so that these were invisible on the browser but of course the search engines picked them up. The files were hosted on a student account at msu.org so I contacted their tech support immediately and reported the abuse.
Having spotted the problem I went into my domain using FTP and discovered a sub-directory full of jpg (image) files that I had certainly never put there, so I tried to delete the folder. Access denied. I then started changing the file names to make them unusable. I checked with chmod and found they were executables. So I started changing them to non-executable, and after I had changed several, suddenly I found myself locked out of the folder and bounced out of my own domain. I logged into Vdeck 3 and found my password had been changed. So I have had to spend over one hour in chat with my host and will have to wait until tomorrow while their specialist clears the crap from the domain and resets the password and emails a new one to me.
If I may chime in on this, since this happens to be my area of expertise ... at least I can help with this better than I seem to with the crits!
And yes, I'm serious - I run a website design business - so I end up handling a lot of "I've been hacked!" issues. So I'll back some of this up with advice I give to my clients (I'm willing to bet most of you are "DIYers" ... )
Actually, with passwords, the longer, the better, and the more characters you have, the better. For example:
a8g53pl
is okay. But...
@32lk*8Za34h^E9rg!
Is superb. Usually, I create passwords like this but just "banging" on my keyboard and then rearranging a bit. Takes about 5 seconds. The downside is remembering it But if you keep a list of passwords somewhere, then you're good (but don't keep it in your computer ... not a good idea.)
Hacking your domain may not necessarily your fault. It could be, yes. but it could also be your host's fault. It could also be someone else on your server's fault (most people have shared hosting - so there's one server with lots of accounts on it). The biggest reason for getting hacked is actually your file permissions. Generally, your folders should be set at 755, files at 644. (The higher the numbers, the looser the security.) Many people don't understand this, and when something doesn't work because "they don't have permission", they just change the permissions to 777 - which is basically saying "Please hack me!" to anyone that comes along. It's the equivalent of being Bill Gates living in the worst neighborhood in town, with no alarm system or locks on his doors.
The really bad thing is that it only takes one person to do this, and be so ignorant of how things work that they end up allowing the hacker with access to the "root" of the server by using a faulty script. That's like being the owner of the house with the key to all the doors.
Once you're in the back end like that, you can attack anyone.
If you were using something before you discovered this - like a blogging platform or something? I know some blogging tools have script vulnerabilities (I was "hacked" in such a way using MT a few years ago), and a lot of times people have comments enabled on their sites, but never check them and never filter them - so you end up being a catch-all for spammers.
If you suddenly see "Access denied" it relates to file permissions and/or your .htaccess file. If you were using FTP, then your file permissions were changed - which probably means that your file permissions weren't at the right settings in the first place and let them in (or, someone else on the server let them in as described above).
You may also want to check the blacklisted domains (http://www.dnsstuff.com is an excellent site for this quick check). Hackers that do the viagra/cilalis etc. love having open mail relays to spam tons of people at someone else's expense. And if you are, it's difficult to get off.
If you check your server logs, it may tell you the IP address of who the attacker(s) were - your host is probably all over that.
So that password isn't the only thing - you need to be sure you have a good password, yes - but you also need to be sure your permissions are set properly, and any scripts (this includes forms on your site - you especially don't want to be using a file called "formmail.pl" in your cgi-bin!) you are using are up-to-date and have no known vulnerabilites.
It's a constant process to ensure your safety.
No comments:
Post a Comment