Posts Tagged ‘hackers’

Are You Getting Hacked To Death?

Saturday, April 3rd, 2010

Hackers are notorious for breaking into places they aren’t wanted and just doing stuff for fun. Sometimes they actually do some damage. Lately, the hackers have been getting much more sophisticated. They’ll enter your blog or CMS and drop a file on your server that inserts JavaScript on various pages that redirect visitors back to one of their own sites. Very clever.

The problem with some of these files is that if you delete them they return a few days later. It’s not cool.

But how do they do that?

When a hacker breaches your site’s security they will often leave a hole for themselves to come back through. Even if you patch the security hole they will return because they’ve given themselves another way in. That’s why it is extremely important to upgrade your blog or CMS software whenever developers create a new one. Don’t pass those opportunities up. You’ll regret it.

Tags: , ,
Posted in Blogging for Small Business | 1 Comment »

Get Those Hackers Off Your WordPress!

Thursday, October 15th, 2009

If you’ve been wondering where we’ve been for the last month, let me explain. The blog was hacked and we had some difficult at first detecting it. That’s because the hackers didn’t mess with the face of the blog at all. They only jacked with our Admin area. As a result, whenever we’d log in to make a post we saw a bunch of gobbledygook and it became rather difficult to discern the problem.

After calling our web host, who was unable to tell us what the problem was except that it’s possible their server was messing up WordPress, we decided we’d move to a new host. However, before we could do that, I got sick and there was a long delay in getting the blog moved to a new host before I could get well.

As it was, I had my webmaster take a look at the blog and we discovered that it was indeed hacked, so we fixed it. We’ve decided not to change hosts after all.

But here’s the take away for you: Hackers are getting more sophisticated every day. Not only are they inserting Javascript and malicious code in places that are hard to detect, but they are doing so in such a way that if you find it and delete it then the malware returns in a day or so. Malicious!

Another way hackers are getting in to your website is through the Admin area and all they are doing is jacking with it so you can’t make your posts – not even messing with the face of the blog or the content. So be careful. Protect your blog with hard to detect passwords and be militant in deleting bad comments. It would behoove you also to every now and then go through your subscriber accounts and delete any that are not commenters. Hackers often subscribe to a blog as if planning to comment then use their accounts to gain access to your server folders and drop code in your files. They’ve even been known to change their own subscription accounts to admin accounts to maintain access over long periods of time.

Yes, while you improve your skills, the hackers are also improving theirs. Make sure you increase the difficulty of the delinquencies to succeed.

BTW, look for us to add backdated content to this blog to fill in the dates that we’ve missed – all the way back to September 24. We hope you’ll go back and read those posts as we write them. ;-)

Tags: , ,
Posted in Blogging for Small Business | No Comments »

One Simple Fix To Your Hacker Problem

Wednesday, October 14th, 2009

If you find yourself the victim of repeated hacking into your WordPress blogging platform, try deleting your Admin account and establishing a new account with a different name. Hackers often try to guess the passwords of CMS and software account names. The Admin account name is the WordPress default and as such is the most targeted for hacker attempts. Delete it and a part of your problem goes away.

Notice that I said “a part”. Deleting the Admin account won’t solve all of your problems, but if your hacker is using the tactic that was prevalent with the 2.8.3 version of WordPress then it is likely that your Admin account will be a target of a hacker attempt.

Another tactic hackers have used, and this one is much more sneaky, is to set up a Subscriber account and use a bot to turn that account in an invisible Admin account. This allows the hacker to change your Admin settings without your knowledge. Hackers will often then insert JavaScript code into the files of your WordPress themes and it will be difficult to clean up because as Admin the hacker can do anything he wants to your files, including altering them. Here’s how to combat that:

  • Delete all suspicious-looking Subscriber accounts in your Admin user area
  • Delete any account using the username Admin or a variant
  • Set the security settings to all of your folders, in the cPanel area of your hosting account, to Read – uncheck the Write option

It’s important, if you are deleting accounts – especially the Admin account – to move all posts made under that account name to another account holder. So set up an alternative account under a different username before you delete your Admin account. And use a password for all of your accounts that is difficult to guess. No single name passwords. Add some capital letters, special characters, and make it long.

Tags: , , ,
Posted in website development | No Comments »

How To Make Your Blog More Secure

Friday, June 26th, 2009

Security is very important for any Web business or website. If you have a blog that runs on an open source platform like WordPress, it’s even more important. Hackers tend to target open source systems to gain access and do bad things like drop spam files and so on.

If you want to stop spam from entering your comments area then you need to use Akismet, a WordPress plugin that stops 99.9% of the spam that tries to get through. But beyond that, you can make your WordPress blog more secure by using a password that makes it difficult to hack. If you use a simple password that is a dictionary word then you make yourself vulnerable to hacks and attacks. Make your password longer and more difficult to guess.

A good password should consist of numbers, letters, special chacters, and lower and upper case letters. A word like “wordpress” is not enough as that is easy to guess, particularly by a robot that runs through the dictionary automatically guessing passwords. If, instead, you added numbers and characters as well as upper case and lower case letters then you’d have a more secure password. For instance, “W3ord&p2rEss!4″ is a lot more secure and more difficult to guess. For every character that you add you make your password exponentially more difficult to crack.

Blog security begins with your password. Make it something that is easy for you to remember but difficult for hackers and robots to guess and you’ll be much more secure.

Tags: , , , ,
Posted in Blogging for Small Business | 4 Comments »