Earlier this year, one of my friends WordPress website and Drupal website was hacked. Both of them were running a travel website and their site was stuff full of web spam with links to dubious website selling dubious products. Appears this was no isolated incident and I have come across forums where some person websites was hack here and there. Security is an issue if ever you are maintaining a website using any of the software for making website.
Yes, CMS or Content Management System makes website creation a breeze. Allowing you to concentrate on content creation including collaborative publishing. But the downside is that you must always ensure that the free script installation is up to date and of course plug it up with any plugins or extension to doubly make sure that no damn hacker ever have an easy time hacking into your website and thus destroy rather quickly what you have taken months if not years to create.
Hackers of today are no longer like the hacker of yesteryears. In the old days, they just want to carve up a name in cyberspace and show off. Sure they may deface a website here and a website there but they were more of a nuisance then a real threat. Nowadays they are much more malicious, and there is always the dollar sign flashing in front of their face as they gleefully attempt to hack into vulnerable websites.
For the big corporations, they have a team of technicians and knowledgeable administrators and programmers to secure or contain such threats. But for us small fries, we are all-in-one jack of all trades master of none types from building a websites, maintaining it, researching and writing content, and various other bits and pieces of fiddling around with our website and hope that it will amount to something and perhaps if by any chance get a couple of bucks for the effort and hard work. Well even if we don’t get much out of it, it is still a labour of love, a hobby, a passion or whatever you call it that keeps you going at it.
Then along came an itsy bitsy spider which did a little SQL injection here and there and before long your website which took you so long to build is now a mess, a mass of web spam with links to very, very bad sites.
So the best way to protect your hard work is to prevent it from happening in the first place. Whether you are using Joomla, Drupal, WordPress, you must harden it.
If you are running a WordPress website, this info provided by WordPress.org is a good guide in preventing potential hacks.
http://codex.wordpress.org/Hardening_WordPress
Nothing is foolproof though having additional lines of defence is better than none at all. Though I was not able to implement all of it, but whatever than I managed to do however, was a great help nevertheless.
Because I receive attempted hacks and SQL injection warning several times but so far it had been thwarted. The latest one, reversing the IP that was left behind in the log showed that it came from Ilsan, Ulsan-Gwangyoksi, South Korea. Whether this is the real origin or a masked IP, at least the WordPress hardening has done its job.
With that warning, it means that my website is in the hacker’s radar and likely they may attempt again. If they are just script kiddies, well their tools are only as good as what they paid for in the hacker’s black market. Still you never know, they may get a good one that can get pass your website defenses. So always update your website installation that would hopefully have some measure against known vulnerabilities.
I guess it is a never ending war. White hats against black hats. Thank goodness of good people.
[update 30/12/2009]
Again somebody tried to do SQL injection. This time round from Ukraine with the IP 91.213.121.24
Checked online and found that this IP has been attempting to hack into several websites for several months already. One of his favourite website installation software target seems to be Moodle installation.
Does this ever stop?
[update 25/1/2010]
An yet again. This time somebody from Belarus with an IP of 188.72.213.44 via NetDirect ISP was trying to do SQL injection yet again. This guy tried 9 times before giving up. And where is Belarus? Quick check with Google map and it was one of those breakaway Russian country. Not familiar with this country, another quick check and found the capital city of Belarus is Minsk. Intriguing. Anyway whoever it was, he seems to be a repeat offender as many people online were pissed off from the repeated hacks from this IP. I think I will blacklist this IP.
[update 3/3/2010]
And yet again from IP address: 72.46.136.130
Host name: 72.46.136.130.svservers.com
72.46.136.130 is from United States(US) in region North America
This time they testing Akismet plugin vulnerability. So make sure you got latest one, and of course hardened up your WordPress installation. This time they target my current blog and another WordPress website of mine.
[update 26/3/2010]
And yet again from Belarus with IP 188.72.213.44!
[update 10/6/2010]
No end to this!
207.224.205.10 Denver Colorado 80202 United States
67.160.165.72 Portland Oregon 97211 United States
[update 13/6/2010]
77.78.239.49 Sarajevo Federation of Bosnia and Herzegovina NA Bosnia and Herzegovina