My Blog Got A Terrorist Attack

[Andy]

Yes, I am dusting myself down now after Al whatever terrorists invaded my blog and defaced the home page  

Truly shocking, and I am a bit shaken up by the whole incident.

But I have put together a free download of what happened that you can get at: http://internetmarketingcoding.com/we-were-attacked if you are interested. Obviously, I don't want to publicize their message online. You can see all the gory details of what they did to my home page and read my analysis of what I think happened.

[nsterling]

Just a thought of someone hacking my sites is a big NO, NO to me.  

[Queen Bee]

How can something like this be avoided?

[Andy]

How can something like this be avoided?

I had a weak password and "admin" for the user name. So now it is a weird user login name and strong password.

e.g. instead of admin + mycatmoggy it is more like Xman193 + cvfg%^4&9hA?

[Menard]

I have, unfortunately, had sites hacked several times; including just plain html.

One thing I have come to realize, at least in my opinion, is that it has a lot to do with how secure one's hosting is. Although every webhost will deny hacking at the server level.

I've started new hosting accounts to find my sites hacked within a matter of days, while I've had sites with the same host for two years and never had any of them hacked.

If you have been hacked, check your default email address in your cpanel. One particularly nasty technique is for the hacker to change the email address so that if you change your user name and/or password, they will know about it.

If considering a webhost, check to see if there is someway you can check out sample sites hosted with them, or get an ip address for one of their servers and run an ip neighbors check on them. If they are loaded with spam sites, biz opps, and the such, there is a good likelihood that a hacker already has a backdoor into their servers.

[Queen Bee]

I have, unfortunately, had sites hacked several times; including just plain html.

I think that pretty much proves it. I was hacked three times while using HostExcellence, and each time I was blamed for the incident-- regardless of what scripts I was using.

I had a weak password and "admin" for the user name. So now it is a weird user login name and strong password.

e.g. instead of admin + mycatmoggy it is more like Xman193 + cvfg%^4&9hA?

I will do that in the future. What about changing the name of the /admin folder altogether? Does that work.

I definitely empathize with you both here... the last attack damaged not only my website, but my rankings as well. Sorry about your blog, Andy.

[Andy]

I recovered from my incidents quickly since all the attackers did was replace the index page.

Ideally you would change the directory name for the admin area but a strong password coupled with a non-standard user name should be enough IMHO. This results in huge numbers of possible combinations that would take years to guess. But if all they need to do is cycle through a-z and 0-9 for the password and use dictionary words, then it is much more feasible to crack your password.

p.s I am satisfied that my hosts are no problem since I have many sites with them that were not affected on the same servers.

[Andy]

Darn, I got 3 more blogs hacked.

LOL, when I searched on one of the hacker's names, one of my sites ranked #1 on Google for it.

I think it was because I forgot to update WordPress on these sites.

To re-secure them I check the database for a change to the admin email which they change, upload new copies of all the WordPress files. Then change the database user and admin password. And I change the cpanel login password.

On one site, I couldn't delete a .htaccess file that they installed, so I had to completely delete the hosting account and set it up again! This file had ownership permissions set to 000 so I was denied access to it. These particularly nasty hackers put Arabic writing on my site and deleted the files. Pinky Hacker only seems to affect the index pages and admin email.

[Queen Bee]

Ugh... sorry, Andy.

[Menard]

On the up side, congratulations on the number 1 ranking.

[Andy]

On the up side, congratulations on the number 1 ranking.

Yeah, it is quite amusing when you go to check out the hacker and found that you inadvertently SEO'ed them to the top of the rankings.

[2dragonsltd]

If someone wants to do something they will and can if they have the means,

Any site can be attacked and defaced, but the more layers you have in place the harder you make it so your not an easy target.,

[eons]

I have, unfortunately, had sites hacked several times; including just plain html.

One thing I have come to realize, at least in my opinion, is that it has a lot to do with how secure one's hosting is. Although every webhost will deny hacking at the server level.

I've started new hosting accounts to find my sites hacked within a matter of days, while I've had sites with the same host for two years and never had any of them hacked.

If you have been hacked, check your default email address in your cpanel. One particularly nasty technique is for the hacker to change the email address so that if you change your user name and/or password, they will know about it.

If considering a webhost, check to see if there is someway you can check out sample sites hosted with them, or get an ip address for one of their servers and run an ip neighbors check on them. If they are loaded with spam sites, biz opps, and the such, there is a good likelihood that a hacker already has a backdoor into their servers.

Thank you for this tip.  It IS very difficult to get your hosting provider to admit that they were hacked.  So now I know that it's not a matter of your own site being secure or not.

Scrutinize your hosting provider then!