Jump to content

Need Help To Prevent Hacking


editor

Recommended Posts

I discovered that my site was recently hacked. I found bad files that I had never uploaded, some that required help from TCH to remove. All is back to normal now (I hope). The TCH tech who helped me provided these tips to prevent hacking:

 

1, use complex passwords, and never reveal it to others.

2, change passwords occasionally(cpanel,database,emails)

3, don't use unsecured scripts on your website

4, don't use full permissions to files/folders

5, take backup of your domain occasionally

6, don't use unsecured applications

(1) I understand what complex passwords are and am now using them.

 

(2) I will be changing my passwords more frequently from now on.

 

(3) I don't know what is meant by "unsecured scripts."

 

(4) I don't know what is meant by "full permissions to files/folders."

 

(5) I keep my site fully backed up.

 

(6) I don't know what is meant by "unsecured applications."

 

Could someone help me to understand points 3, 4 and 6, please. Thanks for whatever assistance you can offer!

Link to comment
Share on other sites

(3) I don't know what is meant by "unsecured scripts."

 

There is a number of free scripts that you can available from internet for many kind of applications, this can be a php, perl/cgi scripts. For example you can have a form mailer script for the contact page in your site. If you check h**p://www.hotscripts.com you can download a number of free form mailer scripts. However, all of these scripts may not be secured and it can be easily exploited by a spammer. This can be categorized as unsecured scripts. In the same way, you'll need to check any custom scripts that is using in your account and make sure that it is secured and cannot be easily exploit by hackers.

 

4, don't use full permissions to files/folders

 

Every file or folder in UNIX has access permissions. There are three types of permissions (what allowed to do with a file):

read access

write access

execute access

 

Permissions are defined for three types of users:

the owner of the file

the group that the owner belongs to

other users

 

Thus, UNIX file permissions are nine bits of information (3 types x 3 type of users), each of them may have just one of two values: allowed or denied.

 

Simply put, for each file it can be specified who can read or write from/to the file. -rwxr-xr-x File,

owner has read, write, execute permissions,

group: only read and execute permissions,

others: only read and execute permissions.

 

If you set a file/folder under full permission \, it should be -rwxrwxrwx - That means the owner, group and others have the full permission. So, do not set any file/folder under full permission in your hosting account

 

6, don't use unsecured applications

 

This is something same to unsecured scripts, but it refered to an application instead of a script like a blog application, a forum, shopping cart etc. This can be referred as third party application too. If you use any third party application, you'll need to subscribe to the developers mailing list for their updates/patches releasing on time to time and upgrade the installed software with the new updates/patches. These patches are normally releasing for fixing the security issues that is reported on older versions. All the third party applications that is not maintained in this way is called unsecured applications.

Link to comment
Share on other sites

Thanks for your response. I appreciate your help.

 

There is a number of free scripts that you can available from internet for many kind of applications, this can be a php, perl/cgi scripts. For example you can have a form mailer script for the contact page in your site. If you check h**p://www.hotscripts.com you can download a number of free form mailer scripts. However, all of these scripts may not be secured and it can be easily exploited by a spammer. This can be categorized as unsecured scripts. In the same way, you'll need to check any custom scripts that is using in your account and make sure that it is secured and cannot be easily exploit by hackers.

This begs an interesting question: How would the average Web site owner "check" his/her scripts? Do the TCH techs review scripts for safety if asked to do so? Is there some other way to ensure that scripts are safe?

 

I use a number of very small PERL scripts on my site. I have only a minimal knowledge of PERL but enough to modify them as needed so that they do what I want them to do. I can't see anything in them that looks suspicious to *my* eyes, and most have been in continuous use by me for years with no issues.

 

If you set a file/folder under full permission \, it should be -rwxrwxrwx - That means the owner, group and others have the full permission. So, do not set any file/folder under full permission in your hosting account

The only permissions that I have modified on my site are for the cgi scripts, and they are all set to CHMOD 755, which is rwxrxrx I believe. That's what all the instructions say to do. Is rwxrxrx safe?

 

6, don't use unsecured applications.... This is something same to unsecured scripts, but it refered to an application instead of a script like a blog application, a forum, shopping cart etc. This can be referred as third party application too. If you use any third party application, you'll need to subscribe to the developers mailing list for their updates/patches releasing on time to time and upgrade the installed software with the new updates/patches. These patches are normally releasing for fixing the security issues that is reported on older versions. All the third party applications that is not maintained in this way is called unsecured applications.

Based on this definition, I would say that I'm probably not using any unsecured applications. I'm not running a forum or other third-party applications. I use a simple shopping cart, but it's JavaScript-based. I've used it for many years without any issues.

 

All this still leaves me scratching my head. I wonder if I'll ever know how those rogue files came to be on my Web site, and who put them there?

Link to comment
Share on other sites

Secunia.com maintains a searchable security vulnerability database for various scripts. Here is their report for WordPress, and you can look up any others you have questions about: http://secunia.com/advisories/search/?search=wordpress . Also you can do a web search on the name of a script to see if people say bad things about its security.

 

755 is correct for cgi. It is the minimum permissions possible, while still allowing it to be run.

 

I would add to the general best practices: use continuous (real-time) protection antivirus software on your PC. The current epidemic of website hacks, called "gumblar" or "martuz" actually originates on the webmaster's PC. It steals FTP passwords, logs into the site, and modifies files to inject invisible iframes with malware contents.

Edited by SteveW
Link to comment
Share on other sites

Secunia.com maintains a searchable security vulnerability database for various scripts. Here is their report for WordPress, and you can look up any others you have questions about: http://secunia.com/advisories/search/?search=wordpress . Also you can do a web search on the name of a script to see if people say bad things about its security.

 

755 is correct for cgi. It is the minimum permissions possible, while still allowing it to be run.

 

I would add to the general best practices: use continuous (real-time) protection antivirus software on your PC. The current epidemic of website hacks, called "gumblar" or "martuz" actually originates on the webmaster's PC. It steals FTP passwords, logs into the site, and modifies files to inject invisible iframes with malware contents.

Thanks for your help. I checked my scripts against the Secunia database and found no matches. I rechecked all my cgi scripts as well as all my folders and sub folders, and they're all 755. I run NOD32 Anti Virus software (real-time protection) and also regularly scan with Spybot (also real-time protection) and Ad-Aware, so I'm reasonably certain that my computer is secure.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...