Let me start out by saying I absolutely don't have the answers to the question of how to deal with hackers crackers who attack our websites. Because there are so many different ways that these jerks attack, and so many different things they do to the sites once they attack, I suppose it's impossible to come up with a one-size-fits-all answer. Still, I see more and more of this type of thing happening every day (even to security experts sites), and it just seems like there must be *something* we can all do if we just all put our minds together.
Obviously, being faithful about keeping clean backups of our sites and databases is a must. A clean, recent backup at least gives us a fair chance at restoring our sites quickly if we get hit.
One of the big problems we all face, however, is that a hackjob isn't always immediately obvious. Sure, if our site gets defaced and a message is left saying something like, "U've been hack'd!", well, it's obvious. But sly, underhanded types are sneaking links onto our sites that lead to bad neighborhoods (to put it politely). They place these links in stealth mode and we may not even realize it's happened until we notice that Google has deindexed the site and wonder why. (This also is a great example of how others can hurt your ranking). Naturally, if you find this has happened to you, you'll want to restore your clean site, and then file a reinclusion request with Google. But it's just terrible that we have to go through all of that because of some criminals out there (and yes, I believe that is criminal activity, as they are destroying someone else's property).
So...each time a new problem is found and patched, another soon crops up. This kind of thing hurts us all.
Some things that help is to keep up with the latest versions of scripts you may be using, applying updates and patches as they come out. Even that doesn't ensure safety, but it at least eliminates some old concerns. Another is to be careful about what you install. You may have the latest script of something but are running an outside plugin or mod that is very insecure. Of course, unless you are a programmer, you may have no way of knowing which is safe and which is not.
I'm fairly certain there are no clear cut answers out there, or we'd know about them already, but I just think it's way past the time when everyone should pull together and try to find some way to deal with these issues.
I'll be honest. I'm half-afraid to even address the issue for fear of being a target. Our sites are our livelihoods in many cases. Hurting them hurts us. Maybe my blog isn't the best place to begin this discussion, and if not, I'm happy to take it elsewhere, but I thought I would at least get the discussion going.
- What can we do?
- What defensive actions can we take?
- What's a good way to check for hidden links in our sites (especially large sites)?
- Is there any reasonable way of dealing with this problem, or are we just doomed to facing it forever?
- What are your thoughts?
“Im half-afraid to even address the issue for fear of being a target.”
Perhaps don’t call them jerks? The “real” hackers I’ve met are some of the most intelligent people I’ve ever had the pleasure of meeting. Motives aside.
Well, one of my defensive techniques is to use a service like changedetection.com (IIRC) to watch a page that shouldn’t be changing. Getting an email of change sets off alarm bells to heck the site fully immediately 🙂
And Mark is correct – the bad guys are ‘crackers’. Hackers are people who write exquisite code. But I think the terminology has gone too far for us to rescue it now. 🙁 I agree that anyone who defaces one of my or your websites is a jerk 🙂
Yes, I know the difference between hackers and crackers, and sorry for the bad use of the language, Mark, but can we ignore that for the moment? The “wording” doesn’t matter. Call them buttheads if you want, I don’t care. Can we stick to the real problem please? Everyone can whack me upside the head for the incorrect term next time they see me, ok?
Lea, that’s one very good thing to do. Thanks for that info, although that particular service requires you to enter one page url at a time. That could be very difficult to do with large sites (or lots of sites).
You can get some okay security hole scanners, I’ve used one called tenable nessus which is pretty good.
Make sure your serverside, SQL/Apache whatever is up to date, so if your managing your server, grab the latest stable releases.
The best thing to do is find a friendly hacker and see if they can do anything to your site too and of course, keep your damned software up to date.
Subscribe to software’s RSS feeds to keep up to date with known bugs.
You’re in trouble if someone wants to DoS attack you though, there’s really very little you can do, even with some meaty (and expensive) servers and security.
Keeping server software up to date is great, but millions of people don’t have the ability to do that, as they don’t have that kind of access, so that won’t be a broad solution.
A target? Present and accounted for D. I was thinking the same thing when reading.
Thanks to my ranting, bad attitude and erm, outing the odd person (in the past) I have been a target more than a few times.
I’d be careful as I have been hit with some lessor crap like loading IRC bots onto the server all the way to full Bank Fraud Phishing scams being run off the server….
Don’t anger the trolls under the bridge :0)
Be sure you have a good backup system – including off-system (and preferably off-site) backups, so they can’t trash your backups too…
Being with on a good managed hosting plan is a good idea, since they can not just help with restoring from backups, but also figure out what happened, so the attackers can’t just come back and do it again.
I thought “jerks” was perfectly apt and quite restrained. My solution? Expose ’em via social media blitz. They get their IPs and sites banned (for a short time anyway) and you get traffic, not to mention warm fuzzies.
Uh K, like I said, bad idea. I have been a loud mouth SOB that has felt the ire of the invisible masses. If you want to spend un-counted hours messing with them, go right ahead. It is ultimately not a profitable endeavor which is not compensated by traffic and warm and fuzzy hun.
Your few minutes of fame is followed by months/years of fighting them. It was no joke that my blog was being covertly used to commit fraudulent bank phishing scams. We’re on the ball and caught in within 2 hours. Even at that I was still contacted by authorities in Holland (where the bank was)…. not fun.
Think twice before such bravado…
2c — Peace
Right, Dave, the goal isn’t to draw a big target on one’s back. The goal is defense and protection, not counter-attack. And whatever it is, it needs to be simple enough for the average non-geeky joe to be able to do on a typical shared hosting plan.
Maybe what we really need is to get the hosting companies to cooperate in massive discussions about this, I don’t know. All I know is that the more this happens, the more likely it is that it’s me or you or you or you that gets hit. And I don’t know about you, but I’m not crazy about losing my search engine rankings simply because I didn’t know how to prevent some jerk from messing with my site.
Bank phishing revenge? Bloody hell! That’s serious shit Dave, sorry to hear you’ve had to deal with that. I just don’t think the answer is benign tolerance and acceptance. Maybe the answer does need to come from the hosting side of things. Regardless, kudos double D for bringing exposure to this issue, despite the inherent risk.
What to do? Keep everything save, secure and updated. And make backups all the time!
Yeah K, as my server tech said, “these guys really don’t like you” – it seemed to be a concerted effort in that the more holes we plugged, the harder they tried. ugh
Hey Donna, want to hook up and work on a post of best practices? If so let me know, I also happen to own a web development company and can certainly through my on 2c and staffers can add some input.
Let me know if ye want to work up something….
Dave, I’m happy to collaborate, but I’m not sure there’s a lot I can contribute (in terms of expertise). But I’ll make myself available if there’s anything I can do.