Data Dummy

An Idea for technical Ideas

Digispark Real Time Clock and Arduino R3


Permalink | Comments (195) | Post RSSRSS comment feed

Hacked

If you have never been hacked - READ THIS!

There are hundreds (if not thousands) of ways to exploit someone's computer / server / website code / information.  I don't have time this morning to talk about them all, but I will tell you what happened to me.  

It was early Saturday morning around 5 am.  I had started my normal routine [just imagine boring stuff written here...] , and was at the point where I check the websites that I maintain for [more boring stuff...] and found an anomaly. The home page content was missing.  I thought - this is odd.  I clicked around the site to find that other pages had similar anomalies.  I checked the source code (right click - view source), and found about fifty lines of JavaScript that was not mine.  [Huge bells going off in head], OMG, I've been hacked!!!

 

I immediately opened my FTP client (software for uploading files to an FTP server, FileZilla), and browsed to the home directory where the files are stored and began investigating.  I found that the files were updated; That morning at 0400 AM.

 

I looked through the folder structure and found about 80 files that were updated around that time.  This was a huge win for me.  A good hacker would have used another method for changing these files (I wont mention what that is), and would have been a lot harder to check.  Instead they went with the quick hack of simply download/edit/save/upload probably with a CMS FTP type program.  Hacking an FTP is pretty strait forward - Simply run millions of passwords through known usernames, and hope for a match.  Most FTP servers do not allow for special characters making it easier to run password scripts against usernames...

 

I was lucky enough to fix all the files, and run a scan of the site to make sure there were no more infected files.  I researched the JavaScript attack and found hundreds of other sites that were infected with the same script.  I used a Virtual Machine (Oracle Virtual Box) to click around the site and get infected with the virus.  Good news - My outdated free Antivirus (Microsoft Security Essentials) found and removed the virus quickly and without trouble. 

If you manage a website, or a blog.  Make sure you employ the free hosting security options.  If your host does not offer a security malware screener, then signup for a Google and Bing webmaster account, and use their malware scanner.  Change your password and username often, Never use real English words in the password, and don't use the number 01, 10, 0, 1 at the beginning or end of the password.

Good Luck, hope this helps someone. 


Permalink | Comments (65) | Post RSSRSS comment feed

Start A Blog

Starting a blog is as simple as pointing your favorite web browser to Blogger Or WordPress.  Both of these options will have a not so tech savvy individual up and blogging within an hour.  If you're more like me and want the control of behind the scene frustration and pulling your hair out- then you probably have your own hosting account, and a few URL's to your name.  I think URL's are too a geek as tattoos are to a biker.  Now, I am not very good at putting words together to make pretty sentences, but I will do my best at keeping it short, and too the point (misspellings will occur). 

If you want a blog that is more custom with your own URL and are not sure where to start - Then start with one of the options that I have listed above.  It's always a good idea to start with free and easy, before you make a wrong choice.  Some of the easy mistakes are:

1.purchasing a hosting account with a provider that does not support your needs.

2.Buying a URL without having a host for it

3.Trying to use an online CMS, when your provider does not support it.

4.Not knowing how to use an FTP, while the only way to interact with the website is through the FTP.

These are just a couple of the entanglements that I have untangled in the past.  If you are sure you want to start with a custom URL/Hosting account, and did not find what you are looking for above, then let me recommend GoDaddy for a good place to start.  They have a lot of inexpensive packages that include the URL with the hosting account.  Their phone support is limited but quick if you need help setting things up.  Their Linux base WordPress packages are very simple to set up, and manage.  Another good host for WordPress is BlueHost.  They are a little less expensive (I believe), but they do not support SQL Server, or ASP.Net.

 

So, I talk a lot about WordPress, but this blog is not WordPress - I know.  I like BlogEngine because it is ASP based.  Since I am familiar with C# and ASP, its easy to customize and fix.  While I am familiar with PHP (The language used to write WordPress), I am not comfortable changing the config files to match my needs.  I do have a WordPress Blog, and have been very satisfied. 

 

Till next time,

CE


Permalink | Comments (146) | Post RSSRSS comment feed