Our Websit Hacked - Long Story Short

[Stitch Up]

My priority was to re-establish my email accounts, I wasn't overly bothered about my website as I'd grown to dislike it!

I doubt a day goes by when I don't receive a 'phishing' email, usually purporting to be a bank. This, the exact same content as I described above and often from a bank with whom I've never had an account! I can fully understand how some get caught.

[JSR]

I appreciate your priorities. I think we all get phishing emails. I just wondered how they got the file onto your webspace in the first place. I guess it's just one of those things.

[Stitch Up]

..... and they've done it again!!!

I just had a call from:

Dear Web Site Administrator

The FraudWatch International Security Operations Centre (www.fraudwatchinternational.com) has received a report of a fraudulent financial web page (illegal phishing content) hosted on a website you administer.

URL: http://www.stitch-up.biz/cimbclicks.com/cimbclicks.htm
Additional URL's:
http://www.stitch-up.biz/cimbclicks.com/servlet.php
http://www.stitch-up.biz/cimbclicks.com/processing.php
http://www.stitch-up.biz/cimbclicks.com/data.php
http://www.stitch-up.biz/cimbclicks.com/validate.php
http://www.stitch-up.biz/cimbclicks.com/database.php
http://www.stitch-up.biz/cimbclicks.com/complete.htm
http://www.stitch-up.biz/cimbclicks.com ... lights.htm
Brand Phished: CIMB Bank
IP Address: 69.175.7.250

*************************

On behalf of our client, we would greatly appreciate your assistance in:

a) Urgently Cleaning, closing or disallowing access to the site listed above as appropriate.

b) obtaining and providing to us additional information regarding this incident, for example relevant logs or file from the host,


I went to my site and sure enough, they'd planted a false site!!

I've now password protected the access to the folder.

[ASLCreative]

Unfortunately such hacking of websites is quite common.

The problem often lies in using open source software or free 3rd party scripts being used on your website. Hackers know the entry points to such software and then just use Google to search for sites running such software. Then they test to see if the entry point is open. If it is they enter and do their stuff.

Another method that hackers use is to put malware on to a person's PC. They then scan the PC for any website ftp usernames and passwords. Once they have those your site becomes theirs.

Here are some things you can do to help stop hacking:

Have two pcs, one is used to surf the internet and answer emails. The second pc is used to upload files to your website and download website orders and general admin duties. The second machine should never be exposed to malware. Both machines should have anti virus software.
Try and avoid open source products. If you must use open source products ensure you keep the software up to date and subscribe to any update feed. Plus follow any security advice in the forums associated with the software.
Use non dictionary usernames and passwords for logins.
Take a daily look at your website logs - any sudden increase in traffic should be immediately investigated.
Change your passwords regularly.

These are just a few suggestions.

Oh yes, never store credit card numbers on your website.

Andrew

[mrs maggot]

crickey i thought it had happened again, then seen Andrew has pulled up an old post phew is all i can say

Andrew it might have been worth making this into a new post about website security, as i think more people will read it, maybe admin can repost your post as a new topic

[AdamB]

Andrew it might have been worth making this into a new post about website security, as i think more people will read it, maybe admin can repost your post as a new topic

Not sure why you would think that Laura as Andrew's post is related to the subject?

[mrs maggot]

yes it is, but if they read the ist page ist, then they might see the date and then not read to the end, i just thought as we were getting top tips together for each section, then these are top tips for website safety - somthing which we have nothing on at the moment

[Andrew]

We got caught with one of our sites and as Andrew states above it's when websites are based on open source software where the website templates exist and are modified to suit your needs. The hackers spend time finding a way in which is often the same for many and then upload their files for whatever means they desire. It's all about securing your site with password protection at the required levels. They uploaded backlinks on ours so not as bad as what happened to John.

[JSR]

The problem often lies in using open source software ... Try and avoid open source products.

I don't know how anyone can avoid using open source products these days. If you run Apache httpd, you're using open source products. If you use PHP, you're using open source products. If you're using Linux, you're using open source products. How does anyone avoid using open source products these days?

[ASLCreative]

I don't know how anyone can avoid using open source products these days.

Your right John, it is very difficult to avoid such open source products when creating websites. Even non-open source software could still have weak points.

Just like your house, if somebody wants to break in they will, you just have to make it harder for them - that is why houses have locks to doors and windows. If all of the known weak points in a website are protected, then it will be harder for the hacker to try and get in.

Andrew
One thing though, all website owners should work on the basis that one day they will be hacked. So you should make daily backups of all databases and store them away from your website. All files and images for your website should be backed up away from your website.

This way if you do get hacked then the files are readily available to reinstate the website quickly.