If you have login credentials to your website and are able to edit/modify text and pictures, you are using a CMS application. It could be based off of any one of the following depending on features needed. CMS can include Wordpress, Joomla, Zencart and others used in our websites. In most cases, we forget about the security features and this leads to website hack. This articles gives you a brief idea about hacking and the steps to avoid hacking.
What is hacking?
Hacking is an attack on a website that changes the actual content of the site. These are typically the work of system crackers, who break into a web server and replace the hosted website with one of their own.
Hacking can be done in many different ways. Two commonly used methods are explained below.
(i) Account passwords harvesting
======================
In this method, hackers will try to collect website account passwords in large scale. We will call this process "account passwords harvesting". Details on how they do that are fuzzy. Use of password like 123456 or use of a spyware infected PCs at home are the main reasons. Actually the complexity of the password should be beefed up to at least 8 characters. But this does not help if the user computer is infected with a keylogger.
(ii) PHP vulnerabilities
==============
PHP has got of lot of very vulnerable and potentially exploitable functions. Hackers have been enjoying these security lapses for a long time. In our servers, we are offer PHP 5 after locking down most of the common security holes in PHP.
Most of the PHP applications like Wordpress, PhpBB, PhpNuke etc are community developed. These application may have potential security vulnerabilities and hackers may exploit them. Most of the website hacking are done using vulnerabilities in PHP applications.
All community developed PHP applications are patched as & when new vulnerabilities are discovered. So you should upgrade/patch PHP applications in your website time to time. Failing to upgrade/patch PHP applications in your website is equal to opening a backdoor for hacker in your website.
Mass modification of website files
======================
Once the hacker discovered a backdoor in website either using an account password or using a vulnerable PHP application, he will try to modify your file. We will call this stage "mass modification of website files". It looks like this stage was automated and they use a special tool, called MPACK, to install malicious IFrames. Usually only main site index documents are targeted (i.e. index.php, index.html, index.shtml, etc.). Malicious IFrames are usually installed at the beginning or at the end of the document.
Given below are few recommended precautionary steps:
1. Password:
1.1. Using strong passwords:
We recommend the use of passwords containing 8 or more random letters and numbers. Password should not be simple. (use http://strongpasswordgenerator.com to generate passwords) Some secure password tips would be:
# Don't use a dictionary word
# Don't use part of the user-name
# Keep the password at least 8 characters long
# Have a combination of at least three of:
- lowercase characters (a, b, c)
- uppercase characters (A, B, C)
- numbers (1, 2, 3)
- non-alphanumeric characters (!, %, *, {, £, )
1.2. Change your passwords periodically (say, at least once every 90 days)
1.3. Don't share the same password for all accounts.
1.4. Should not store passwords in email client, browser and FTP client.
1.5. Do not share passwords with any one.
2. Any 3rd party or custom PHP, Perl and other web applications should be kept up to date at all times. Subscribe to the software vendors security or update notifications mailing list. If an application is no longer required or in use, remove it completely. Disabling the application is not always a sure fire means of disallowing intrusion attempts.
3. File permissions in your server to the secure mode. (Ex: Any anonymous, Internet User access to be restricted). By Default files are having 644 permission, which will allow global read access to the file by any user on the system and directory are having 755 permission.
4. Scan your PCs/Workstation that you use for logging into your Web, using good anti-virus, anti spy ware programs and clean bad programs. We recommend to regularly scan your website using "Virus Scanner" available in your cPanel.
5. Ensure your computer is not having any keyloggers or spyware.
http://en.wikipedia.org/wiki/Keystroke_logging
http://www.actualspy.com/articles/keyloggers.html
6. Review your hosted accounts/sites periodically and ensure that nothing has been uploaded or changed that you did not do yourself. Clean up files and directories on the web server. Make sure there is no old file with .bak or .txt extensions lying around.
7. For securing wordpress site, please refer the link given below:
===
http://codex.wordpress.org/Hardening_WordPress
===
For securing Joomla site, please refer the links given below:
====
http://docs.joomla.org/Category:Security_Checklist
====
For further clarification, please contact our Technical support team and they will give you more guidance.
