Sites Hacked - Advice please to prevent in the future

[adrian]

Tweet

Hi all,

About 10 of my sites on a Hostgator Shared Server were hacked on April 1st. A link cloud was placed at the bottom of all .html, index.php and footer.php pages. Hundreds of links were added to external sites, each page had different links. From looking at the last time these files were edited, all of the files were edited on the same date at the same time, so was something automated.

I didn't realise this until a few days ago, as I got married, was on my honeymoon and wasn't checking the sites. I changed all my passwords, contacted Hostgator and they ran a tool which removed i-frames from 600 affected files - this is their response.

I ran an automated tool to remove some malicous iframes and javascript that would redirect web pages and create harm. I ran a second tool to attempt to target the second type of file that had most of the link cloud. There where div headers with this cloud that I searched for and deleted.

Please run an updated virus scanner on your computer and change your password. I would look into updated all applications to ensure that any prior security hole would e patched.

I would obviously like to prevent this from happening in the future. Not sure if this happened as a result of security on my laptop or from being on a shared server. I have a MAC and always assumed there was no need for antivirus software. I use the Dreamweaver FTP tool, also assumed this was secure and firefox password manager to store my passwords including those to access my server space.

Any advice? How does everyone else manage security? Would moving to a dedicated server help?

Thanks

Adrian

[Barry]

I got hacked at the start of april with a similar thing. Its very annoying not knowing exactly how it happened and so how to stop it happening again.

It was hosted on a dedicated windows server but I have now moved it to a dedicated linux thats managed, so all the security is up to them!!

Anyway good luck, and hope it doesn't happen again.

Ta

[Rob_Rancon]

I believe there was a test that showed that Linux servers are very secure... also dependant on what platform you have your website built on, many hacks are infact scripts that can be run to inject data into your database...

Its always good to get a professional company to have a look at the security / design of your website(s), or if you are that company, get a second pair of eyes to look it over

[DioBach]

Sounds like it might be to do with this big MySQL injection thing that's been breaking the news the last few days. DaveN has a write up on it here: 600,000 backlinks in one go

Don't know how effective that Firewall Script thing he mentions is, but it's something I'm planning on looking at the next few days.

[tbp]

Yes, its complete rubbish from your host. This is part of a worm going round which tries various methods of injecting it's HTML into sites, and it tries a number of known vulnerablilities. There are actually a number of different things goes round at the moment, so can't say which one specifically as they all do similar things.

It's not always a case of a security hole in the server software, it can be done with flaws in code for the website which mean it doesn't fully check and escape data.

It has nothing to do with your PC, it's not like something has captured your password from your computer, it's a case of a brute force attack on sites at random.

[Rocky]

I know you said you weren't checking your sites as you were away on holiday (these things ALWAYS happen when you are not watching don't they?), but a security tip for the future; never EVER login to anything remotely sensitive on the internet from an internet cafe or a hotel lobby computer.

I logged into Ebay from a hotel lobby PC a couple of months ago to check my listings and the next day my Ebay account was hijacked because of keylogging software installed on the hotel machine.

Assume all public computers have keylogging software installed and your internet accounts will be much safer.

If you are out and about, take a secure laptop with you. Many net cafe's now allow you to use their wireless network which is far safer than using their PC's (most of which seem to have out of date anti-virus software anyhow).

As for your actual post, if you use any PHP on your site, particularly open source software like form mailers and bulletin boards, check the versions are secure by running a google check. There seem to be a lot of PHP hacks out there recently.

Good luck.

[mainlime]

99% (statistic made up but probably not that far off) of website hacks are as a result of SQL injection. If you are coding your own sites read up on SQL injection and how to prevent it in whichever language you develop in. If you use off the shelf or open source software make sure you keep up to date. Sign up to email alerts for latest releases. If someone else develops software for you, read up on SQL injection, interrogate them on how they prevent it and learn how to test your own sites.