Earlier this year, one of my friends WordPress website and Drupal website was hacked. Both of them were running a travel website and their site was stuff full of web spam with links to dubious website selling dubious products. Appears this was no isolated incident and I have come across forums where some person websites was hack here and there. Security is an issue if ever you are maintaining a website using any of the software for making website.<\/p>\n
Yes, CMS or Content Management System makes website creation a breeze. Allowing you to concentrate on content creation including collaborative publishing. But the downside is that you must always ensure that the free script installation is up to date and of course plug it up with any plugins or extension to doubly make sure that no damn hacker ever have an easy time hacking into your website and thus destroy rather quickly what you have taken months if not years to create.<\/p>\n
Hackers of today are no longer like the hacker of yesteryears. In the old days, they just want to carve up a name in cyberspace and show off. Sure they may deface a website here and a website there but they were more of a nuisance then a real threat. Nowadays they are much more malicious, and there is always the dollar sign flashing in front of their face as they gleefully attempt to hack into vulnerable websites.<\/p>\n
For the big corporations, they have a team of technicians and knowledgeable administrators and programmers to secure or contain such threats. But for us small fries, we are all-in-one jack of all trades master of none types from building a websites, maintaining it, researching and writing content, and various other bits and pieces of fiddling around with our website and hope that it will amount to something and perhaps if by any chance get a couple of bucks for the effort and hard work. Well even if we don’t get much out of it, it is still a labour of love, a hobby, a passion or whatever you call it that keeps you going at it.<\/p>\n
Then along came an itsy bitsy spider which did a little SQL injection here and there and before long your website which took you so long to build is now a mess, a mass of web spam with links to very, very bad sites.<\/p>\n
So the best way to protect your hard work is to prevent it from happening in the first place. Whether you are using Joomla, Drupal, WordPress, you must harden it.<\/p>\n
If you are running a WordPress website, this info provided by WordPress.org is a good guide in preventing potential hacks. <\/p>\n
http:\/\/codex.wordpress.org\/Hardening_WordPress<\/p>\n
Nothing is foolproof though having additional lines of defence is better than none at all. Though I was not able to implement all of it, but whatever than I managed to do however, was a great help nevertheless.<\/p>\n
Because I receive attempted hacks and SQL injection warning several times but so far it had been thwarted. The latest one, reversing the IP that was left behind in the log showed that it came from Ilsan, Ulsan-Gwangyoksi, South Korea. Whether this is the real origin or a masked IP, at least the WordPress hardening has done its job.<\/p>\n
With that warning, it means that my website is in the hacker’s radar and likely they may attempt again. If they are just script kiddies, well their tools are only as good as what they paid for in the hacker’s black market. Still you never know, they may get a good one that can get pass your website defenses. So always update your website installation that would hopefully have some measure against known vulnerabilities.<\/p>\n
I guess it is a never ending war. White hats against black hats. Thank goodness of good people.<\/p>\n