SitePoint Sponsor

User Tag List

Page 1 of 2 12 LastLast
Results 1 to 25 of 30
  1. #1
    SitePoint Enthusiast
    Join Date
    Jan 2010
    Posts
    84
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Protect your Blog - Website hacked

    Just wanted to share an experience I had recently.

    We've had a blog up and running for several months now and everything was going swimmingly. Over the past month, I hadn't had much time to update and check postings but pressumed all was good. I did wonder why booking numbers had dropped but thought this was down to the market I work in (employment market). The blog is wordpress and is intergrated into a static html site.

    Checked the site last week, only to discover the blog had been hacked !

    I won't go into the specifics, but until now, I'd never thought about backing the blog up!!! My jaw dropped when I realised how open I had left my business and the risk I had exposed myself to. I very easily nearly lost everything.

    So just wanted to remind other novices (like me) that without back-up's and additional security, you can lose all your hard work to random hackers. Don't just rely on WP passwords.

    I also want to thank theRaptor for coming to my aid and just how useful SitePoint & members have been in helping in a situation like this. theRaptor has been ace and saved me.

    Hope this helps others remember to update security and WP plug-ins.
    Please add any of your own experiences or tips to help me and others like me improve site security.

    thanks

  2. #2
    SitePoint Guru bronze trophy TheRaptor's Avatar
    Join Date
    Jul 2011
    Location
    New York
    Posts
    710
    Mentioned
    40 Post(s)
    Tagged
    0 Thread(s)
    Thank you. It's been great working with you... totally my pleasure.

  3. #3
    Non-Member
    Join Date
    Oct 2011
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The most primary step that you may take is to run through the logs and look for suspicious users (IP’s) trying to get access to pages which they shouldn’t ideally be trying to use.

  4. #4
    SitePoint Enthusiast
    Join Date
    Jun 2008
    Posts
    47
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This happened to a customer. He said he now makes sure to update his blog software when updates come out, he also periodically changes his password.

  5. #5
    Non-Member
    Join Date
    Nov 2010
    Posts
    48
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    After implementing web 2.0 technology blogs are very useful for generating more and more traffic to websites. If blogs are updated regularly with fresh and unique contents then it an easy way to driving traffic website. So in this way it is very important to protect blog from hackers. When you are using free blogs then, keep in mind not to keep same password for you blog same as your email ID. It may be hacked your blog as well email ID

  6. #6
    SitePoint Member carlenesky's Avatar
    Join Date
    Nov 2011
    Location
    Philippines
    Posts
    18
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the concern to other members here. I'm sure through this, others will be enlightened and made a decision to backup each files and secured everything.

  7. #7
    SitePoint Member
    Join Date
    Dec 2011
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Just want to share my experience as well. My website was hijacked and used for phishing purposes. The people who hijacked the website somehow was able to do it without going into the server where the site was hosted (or that's what I think). This is because when I checked the files at the server, those additional files are not there. Google blocked the phishing extension but not my site...

  8. #8
    SitePoint Enthusiast cmsfan's Avatar
    Join Date
    Dec 2011
    Location
    holland
    Posts
    31
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That why i allway try to build in my own protections in open source programes. There all the same, if you do not have the knowlage to edit some of the code your easily exposed to tho who want to harm you.

  9. #9
    SitePoint Wizard
    Join Date
    Dec 2003
    Location
    USA
    Posts
    2,582
    Mentioned
    29 Post(s)
    Tagged
    0 Thread(s)
    If it's a business website (or even if it isn't), you should definitely be running regular backups of at least the database and one of your uploads folder (where all your images are saved). A daily backup of each is a good idea, and if you can, pull that backup off of the server itself (like to your computer or another server). That way if the box completely fries or something, you can recover. It can happen easier than you think.

    Nice warning.

  10. #10
    Non-Member
    Join Date
    Sep 2007
    Posts
    148
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is a reason that I always backup my sites/databases daily and store it on an external every week or so. I also periodically change my password, every 3 months or so, and make sure use encrypted passwords whenever accessing something.

    Nice warning, thanks for sharing

  11. #11

    Join Date
    Feb 2012
    Posts
    0
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    try updating your cms everytime there is an update available

  12. #12
    SitePoint Member
    Join Date
    Jan 2012
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Don't allow php and html in post content.Change the default login folder names.

  13. #13
    SitePoint Zealot coloradojaguar's Avatar
    Join Date
    Sep 2011
    Location
    Southwestern Mountains
    Posts
    151
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Keep those updates and plugins current. You aren't the only one in the blog hacked boat. Many people don't realize the vulnerabilities that exist. It is good to hear that you were able to fix it up and get it secure again. It is easy to overlook keeping your blog current on more than just its content but it is as important to maintain your security as it is your content.
    Hosted solutions provider since 1998 - UK, Atlanta, L.A.,
    JaguarPC.com - Managed Hybrid Servers |
    Managed VPS Hosting | Dedicated Servers

  14. #14
    SitePoint Enthusiast carlhenson's Avatar
    Join Date
    Feb 2012
    Location
    Dreamstate
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Securing your web properties is really really important especially if it is important to you.

    I have setup cron jobs on my server that backs up my database and files every day and every week. I will then download it to my computer every week. I learned my lesson few months back when somebody deface my sites.

  15. #15
    SitePoint Member poddys's Avatar
    Join Date
    Apr 2012
    Location
    Southampton
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I found out in January that ALL my domains had been hacked and infected with an encoded Base64 script.
    I spent weeks trying to get information on what this was and did, and on trying to remove the malicious code.
    3 times I spent hours editing PHP scripts to remove the hacked code, and within hours everything was infected again.

    In the end I salvaged my posts, pages and other content, and rebuilt the sites on a new host server, adding more security and taking other precautions. Hopefully this time I won't suffer the same again.

  16. #16
    SitePoint Member
    Join Date
    Apr 2012
    Posts
    9
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've always suspected Wordpress is overrated (even though I haven't used the paid version - $99 / year are you kidding me...)

    A lot of people neglect sophisticated passwords. Backup of your content and databases is always good. Laziness is easy but what I'm speaking of isn't hard...

  17. #17
    Word Painter silver trophy Shyflower's Avatar
    Join Date
    Oct 2003
    Location
    Winona, MN USA
    Posts
    10,053
    Mentioned
    142 Post(s)
    Tagged
    2 Thread(s)
    Apparently this hack has been a problem for a lot of people. I found one fix here: http://danhilltech.tumblr.com/post/1...ress-dreamhost
    Linda Jenkinson
    "Say what you mean. Mean what you say. But don't say it mean." ~Unknown

  18. #18
    SitePoint Enthusiast
    Join Date
    Mar 2011
    Posts
    50
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I am frequently annoyed by the comments on my blog posts. they have no connection whatsoever to what I have posted and they spam my inbox. is there anyway I can stop that?

  19. #19
    Word Painter silver trophy Shyflower's Avatar
    Join Date
    Oct 2003
    Location
    Winona, MN USA
    Posts
    10,053
    Mentioned
    142 Post(s)
    Tagged
    2 Thread(s)
    moderate them and post on your blog that all comments are moderated and will be published after approval.
    Linda Jenkinson
    "Say what you mean. Mean what you say. But don't say it mean." ~Unknown

  20. #20
    SitePoint Member
    Join Date
    Apr 2012
    Location
    www.kl-webmedia.com
    Posts
    9
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    try this site to look up if your site is hacked or not: www.websitedefender.com

  21. #21
    SitePoint Member
    Join Date
    May 2012
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It's absolutely sad to find your site hacked, it happen to me too some time ago, is just that it was not a site issue, the whole web server was hacked. I lost a lot of important data.

  22. #22
    SitePoint Member
    Join Date
    Mar 2011
    Posts
    14
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I am a little worried myself about how easy hackers are bringing down WP blogs.
    Working on a project to help forum owners and webmasters:
    Admin Empower Community
    Tech Blog

  23. #23
    SitePoint Member
    Join Date
    May 2012
    Location
    Delhi
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hello friends i have gone through the entire discussion.Its really great to read such kind of informative thread and i would like to join the discussion by sharing the experience.My word-press blog and personal blog, once it was hacked and i was unable to even login to my account. After doing a lots of research and also i have read a lots of book of hacking to get the answer then i found that sometime and somehow we give the useful information to spammer and by any mean spammer compel us to enter our detail to put on their website ( it include the password ). and once hacker get the pass, your blog and website can be easily hacked. So never put useful detail or password on attractive or unknown link.

  24. #24
    SitePoint Member
    Join Date
    Jul 2012
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you. This is a reason that I always backup my sites and I also periodically change my password, every 3 weeks or so

  25. #25
    SitePoint Member jezwebb's Avatar
    Join Date
    Jul 2012
    Location
    Scotland
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Web site hacking is a huge problem now. I've seen many sites (mostly based on open source platforms like WordPress and Joomla) hacked, and the worst of it is that often you don't know you've been hacked until much later. It's the serious hackers intention to install a backdoor to a site and use the server for other attacks or commercial gain.

    Tools like the excellent Admin Tools which hardens Joomla, Akeeba Backup for Joomla, and XCloner for WordPress. It's also worth considering tightening security with some php.ini and htaccess directives, and using a "Stop the Hacker" type service, provided by web hosts which do a daily check for hacks and malware on your site.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •