"The Web Is Under Attack"

No one really knows when the mob of mass hacking attacks were unleashed on the web, but many would guess it was the day that “Google Tips” appeared on the home page of your trusted Google.com.
. Some also say that the hacks began on chinese language websites back in May 2007 through sql injection and this same type of malware infection of users pc’s stealing passwords and other sensitive information.

This started a mass of personal computers thereby sites being compromised. Malware/Trojans were downloaded and spread like a terrible virus using htaccess files and javascript injections. If this malware has infected your pc, there are easy instructions for removal. Although, this may have been the starting point, the mass attacks of hacks didn’t stop there.

On May 13th, 2008, over 500,000 websites were reported hacked through poorly configured php bulletin boards and other similar softwares. You can no longer be safe by steering clear of pornographic and questionable sites. Even government, edu, large sites like Wal-Mart, and even Homeland Security have been hit with these types of attacks. The attacks didn’t start hitting casual sites like yours and mine until about October 2007.

This evolution in tactics by black hat hackers means that miscreants are able to quickly ‘colonize’ thousands of legitimate sites with malware. ScanSafe reports a 220 per cent increase in the amount of Web-based malware over the last twelve months. The volume of backdoor and password-stealing malware blocked by the firm increased by an order of magnitude (855 per cent) between May 2007 to May 2008.

Scansafe has gone on the record stating that “The web is under attack”

“Over the last year malware authors have moved away from direct attacks — attacks in which they directly interact with victims, via social engineering for example — to indirect attacks accomplished through compromised websites,” said Mary Landesman, senior security researcher at ScanSafe.

“Currently, thousands of legitimate sites are being compromised daily.”
If you do a simple google search for “shared web host name (i.e. godaddy, bluehost, dreamhost, ixwebhosting)” and the word “hacks” or “hacked”, it will report hundreds of thousands of listings.
Results 1 – 10 of about 493,000 for go daddy hacks
Results 1 – 10 of about 372,000 for blue host hacks
Results 1 – 10 of about 220,000 for dreamhost hack
Results 1 – 10 of about 40,400 for hostgator hack
Results 1 – 10 of about 39,200 for lunarpages hack
Results 1 – 10 of about 25,200 for ixwebhosting hack

So what can we do about this?”

As website owners, the best option would be to move our sites away from shared hosting. But who can pay $150 a month for a simple blog site? Not me. The fact is that on a shared server, there will be Mom & Pop stores, sites, blogs, etc that have outdated versions of software that contain vulnerabilities and easily exploited holes. New versions of software come out very often that contain patches to fix vulnerabilities in response to hackers exploiting them. The first step that you can take is to always update your software. The hackers are going to be offensive. With the web “under attack”, it’s not a time to play defense. You have to seek out if new updates are available. WordPress has a plugin that will check for updates and install them for you. There may be other plugins like this for many of the software that hackers try to exploit everyday. This is a very well-written post on securing your WordPress site:
http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/
Also, here is a link on an easy way to upgrade WordPress I have composed a list below of commonly hacked software that you will need to keep updated:

Forum Software: PhpBB, etc (phpBB2 especially. If you are still using this, STOP immediately, and update to phpBB3)
Content Management System Software (E107, Joomla, etc)
Joomla –check for updates OFTEN. This software has new holes every minute)
All Shopping Cart Software (Zencart, OSCommerce, etc)
Blog Software (WordPress, B2Evolution, etc)
Gallery Software (Coppermine, Gallery2)

Also, do not keep software install folders on the server. And if there is any software that you have tried out and left on the server, delete it. Only if you are using it, maintaining it, and updating it should you leave it on the server.

If you have had programmers working on your site, here is a list of the top 25 most common coding errors that create vulnerabilities that hackers can and will take advantage. “Organized crime groups have turned their attention to computer-based crimes and are increasingly attacking weaknesses in applications,” (source). Phishing attacks or cross-site scripting is another type of attack that will cause more than you problems.

So, check your folder permissions and files often. You can use a program like FileZilla to change all of your permissions to 755 or 715, recursively. There should never be a file or folder that has “Group” or “Other” write permissions assigned to it.

The number 1 offensive measure that you can take as a website owner or webmaster is to ensure that your sites are hosted on a server running php5. Articles on php4 vs php5 (1 & 2). Unless your host is at least using php v 4.4.92, you will continue to get hacked over and over again if you even have on vulnerability because of the way that php runs in version 4. PHP version 5 runs php as cgi instead of as the user. This will protect your other domains from being infected because of another domain under your same user. If you are still on PHP4, ask your host how to move to PHP5. Although this can be a huge hassle, it will be worth it in the end.

Do your part on the shared server that you are on, and if you have the money, move to a dedicated host or a VPS. You might even consider moving to a windows server where users will have less access to make changes to permissions and software…as long as the iis/windows server is running PHP version 5 or newer.

No one likes to be hacked, but web site owners are slowly learning over the past year or so that it is a part of life. Technology will adapt as it always does, and the hacks will dwindle. Until then, bots and scripts are scanning the web searching for sites with vulnerabilities that can be compromised, take the offensive steps to ensure that your site is not one of them.

One comment

  • I just don’t understand why this is happening so often NOW, and what is going to be done about it. When is all this mass hacking going to be put to an end? What measures are being taken?

Leave a Reply

Your email address will not be published. Required fields are marked *