...
The dark side of the web
Mon, Nov 2 2009 10:42 PM
| website security, hacking
| Permalink
I've heard of a couple of instances of sites being hacked in the last month, its a troubling trend. I have been doing a fair bit of reading on the subject, an excellent article here is very technical but takes you through the steps from 'How to know if your site has been hacked' to cleaning up and preventing future attacks.
Hacking is not just the senseless defacement of a website, it has turned into organised crime where robots (programmed by the criminals) crawl the web looking for vulnerabilities, take over websites and create zombie like bot-nets that keep infecting other vulnerable sites. Why? To get credit card details, user names, passwords, etc and ultimately steal money. Lots of money. Yours and mine hard earned cash.
If you think your site has been compromised, for example your visitors complain that your links take them to a different website, or Google puts a warning message on your sites search results, take your site down immediately. Your customers will not thank you if they get infected with some key-logging virus, in fact they will probably not forgive you at all. But if they find your site down, they will most likely try again later or give you a call. Second, get an expert to clean it up, and I mean an expert, not your cousins whizz kid brother who is doing an IT course. A lot of hacks are very subtle and hard to spot. Try and find out how it happened - so it doesn't happen again. One way that hackers can gain access is through your webmasters own PC where they have their ftp passwords stored. Sad but true.
About passwords. I have always said that it is more secure to have a strong password (not a dictionary word or what they call leet speak - p@$$w0rD for example) written down on paper and stored on your desk! A hacker cannot see what you have on your desk. Even use a simple code to write the passwords - for example if you have an 8 character password, write a list of 8 words with the last charaacter making up the password. That sort of thing. Too many of us (me included) take the easy way out and use the one word password for more than one account. If a hacker finds one they will apply that password to several others. If you use this method you can change your passwords frequently, just don't lose the piece of paper.
Take care out there.w
Hacking is not just the senseless defacement of a website, it has turned into organised crime where robots (programmed by the criminals) crawl the web looking for vulnerabilities, take over websites and create zombie like bot-nets that keep infecting other vulnerable sites. Why? To get credit card details, user names, passwords, etc and ultimately steal money. Lots of money. Yours and mine hard earned cash.
If you think your site has been compromised, for example your visitors complain that your links take them to a different website, or Google puts a warning message on your sites search results, take your site down immediately. Your customers will not thank you if they get infected with some key-logging virus, in fact they will probably not forgive you at all. But if they find your site down, they will most likely try again later or give you a call. Second, get an expert to clean it up, and I mean an expert, not your cousins whizz kid brother who is doing an IT course. A lot of hacks are very subtle and hard to spot. Try and find out how it happened - so it doesn't happen again. One way that hackers can gain access is through your webmasters own PC where they have their ftp passwords stored. Sad but true.
About passwords. I have always said that it is more secure to have a strong password (not a dictionary word or what they call leet speak - p@$$w0rD for example) written down on paper and stored on your desk! A hacker cannot see what you have on your desk. Even use a simple code to write the passwords - for example if you have an 8 character password, write a list of 8 words with the last charaacter making up the password. That sort of thing. Too many of us (me included) take the easy way out and use the one word password for more than one account. If a hacker finds one they will apply that password to several others. If you use this method you can change your passwords frequently, just don't lose the piece of paper.
Take care out there.w
Comments