They want to get inside

Yes, you’re sitting there blogging, or adding pictures to your site, when all of a sudden your entire website disappears.  Uhhh… Hello? What happened?  Time to call your admin (unless you’re the admin– in my case, I am), or your host.  What happened?

Well, it turns out that there’s been some phishing scams, spam bots, and a panda-porn site… all running from your account.  Who knew? Well,  your host did…. that’s why they shut you down.

Just the other day, I was uploading my podcasts for CouchSurfingRadio, when I screwed up, and had to go figure out which directory I accidentally uploaded the file to.  There was a new directory from that day!  I didn’t remember making a .files directory.  Worse than that, was when I looked inside, there were hundreds of .html files that were laced with keywords.. (They had filenames that were just filled with words that people look up– celebrity names, product names, etc…  and the inside of each was laced with the same thing… just spam keywords).

The file count was getting higher!  Someone was uploading while I watched.  I deleted all the files, and they kept coming.  I checked the folder permissions, and it was limited access to just me. What a nightmare, someone got in as me!  I did not want to have to get another refund on hacker domains, or go through getting my site re-activated!

I quickly changed my password.  They were still there.  They were getting in as me somehow. How can you avoid this happening to you?

I had to go through each directory, each one of my domains, and make sure they were all updated…. You know that “new version available” text that comes up when you log in?  Well… you should update!

Updating the core engine of a WordPress/Drupal/Joomla/etc.. site is very important.  These sites (which even if you don’t know how to log in, yours is probably based on these systems) constantly have new features added to them.  Eventually someone figures out that there’s a way to hack in based on a new (or old) feature.

Word gets out, and next thing you know, a bunch of people are out there scanning every website they can find to see if it’s got a certain system, and if it’s secured.  If you don’t update, you may have an old system, and they can get in.  So, moving from version 2.9, to 2.9.1 is more than just a chore.  In fact, most CMS systems have made it much easier than it used to be.

Now you can press a button, and have your system updated. The same applies to plugins and even themes!  Many themes these days have PHP code in them for better SEO, or nice animations… this too can be compromised.  So, make sure that you keep up to date on those too.  Within WordPress (and I have to admit, I’m making more sites in WordPress these days than I do in Joomla– it’s easier for the end user to learn/use usually), you are notified instantly when a plugin has a new version.  Update them!

Last year, I had my account shut down, because there was some spam bots running on my account.  I also had a few domains purchased on my account… that I got billed for (Although Bluehost was really helpful in refunding that, and helped me get back up– but it was up to me to detect & fix the problem). That was a nightmare, but thankfully, I”m a decent admin, so was able to find the files that don’t belong.

That’s something you should do.  Check out your directories every once in a while, and see if there’s anything that you don’t remember installing.

If you have hosting, and are hosting a page for a friend… be careful.  It’s not the friend’s server, so they often don’t bother updating their software…. or don’t know how.  This is how I got hacked last year… my friend didn’t secure his site, and they got in that, and then into my root directory.  Not fun!  You probably shouldn’t do CMS hosting for your friends, unless you are paid to admin it for them (or they have a decent admin).

Hosting is cheap these days, but the cost of having all your sites taken down… that’s costly.

If you’re done with an application or a script, delete it.  If it had a database it was working with (they usually do these days), delete that too.

Check your folder permissions.  Chances are that many of them are writeable, and shouldn’t be.  If you or your applications don’t require a certain directory to have public access, make sure you remove that access.  This can easily be done with an FTP application.

My goal with this post is not to teach you how to be an admin.  It’s a reminder that your site is probably a CMS — whether you know it or not — and probably needs regular maintenance.  You should be aware of what your site is, and know that you or your admin have the latest updates, and have the server secure.

I was lucky, I figured out that I had an invasion before they got to unleash their evil plan.  I locked them out… but it cost me a whole day of productivity…. and I know the ways to do these things.  If you’re not a full time admin, then it may take you much longer, and cost you a bunch of money.  Know that it’s generally not your hosting provider’s responsibility to remove hackers from your system…. since they didn’t install the software for you, etc…

Got any good hacker stories?