Data Dummy

An Idea for technical Ideas

Hacked

If you have never been hacked - READ THIS!

There are hundreds (if not thousands) of ways to exploit someone's computer / server / website code / information.  I don't have time this morning to talk about them all, but I will tell you what happened to me.  

It was early Saturday morning around 5 am.  I had started my normal routine [just imagine boring stuff written here...] , and was at the point where I check the websites that I maintain for [more boring stuff...] and found an anomaly. The home page content was missing.  I thought - this is odd.  I clicked around the site to find that other pages had similar anomalies.  I checked the source code (right click - view source), and found about fifty lines of JavaScript that was not mine.  [Huge bells going off in head], OMG, I've been hacked!!!

 

I immediately opened my FTP client (software for uploading files to an FTP server, FileZilla), and browsed to the home directory where the files are stored and began investigating.  I found that the files were updated; That morning at 0400 AM.

 

I looked through the folder structure and found about 80 files that were updated around that time.  This was a huge win for me.  A good hacker would have used another method for changing these files (I wont mention what that is), and would have been a lot harder to check.  Instead they went with the quick hack of simply download/edit/save/upload probably with a CMS FTP type program.  Hacking an FTP is pretty strait forward - Simply run millions of passwords through known usernames, and hope for a match.  Most FTP servers do not allow for special characters making it easier to run password scripts against usernames...

 

I was lucky enough to fix all the files, and run a scan of the site to make sure there were no more infected files.  I researched the JavaScript attack and found hundreds of other sites that were infected with the same script.  I used a Virtual Machine (Oracle Virtual Box) to click around the site and get infected with the virus.  Good news - My outdated free Antivirus (Microsoft Security Essentials) found and removed the virus quickly and without trouble. 

If you manage a website, or a blog.  Make sure you employ the free hosting security options.  If your host does not offer a security malware screener, then signup for a Google and Bing webmaster account, and use their malware scanner.  Change your password and username often, Never use real English words in the password, and don't use the number 01, 10, 0, 1 at the beginning or end of the password.

Good Luck, hope this helps someone. 


Permalink | Comments (65) | Post RSSRSS comment feed