Have you ever experienced a 'Hacker Attack' on your website(s)?

[Nandakishore]

My website experienced a Hacker attack on 21st September
https://www.gpwa.org/forum/i-need-ur...lp-192269.html. Someone from outside had installed some malicious software on each page of the site, of course without our knowledge.

It would be interesting to know how often such attacks happen with what kind of consequences and what measures are undertaken to prevent such attacks.

In our case the immediate consequence was a message from Google warning that a visit to this site may harm the computer.

[SimonaB]

It happened to me 3 times in two years as well.

[dassad]

This happened to me only once. The problem was that i used a shared hosting and my site is Wordpress that is extremely safe but the virus came from another site. Practically the whole server was infected by this virus and all Wordpress installations.

The virus added a piece off code to one off the standard implemented themes and transformed to a full file manager and uploaded a lot of viruses and files to the server. Looked funny, after that i hunted for the virus 2 days until i found all the infected files and found an option to clear it.

When i was done and i was in safe i redirected the virus to google.com The funny thing was that the administration area on the Russian server after this redirected to google.com to However after all the server was cleaned by my little tool created in Delphi that i sent to the hosting company.

[Dominique]

I moved servers and it is almost impossible now to do anything to my sites.

[dassad]

Sorry but i don't accept this. I think that nothing is impossible.

I moved servers and it is almost impossible now to do anything to my sites.

[Smoking]

I moved servers and it is almost impossible now to do anything to my sites.

Nothing is Impossible

[Doolally]

Dominique did say "almost impossible." I'm sure she admits that it's never going to be 100% hacker proof but if you have the right security in place then you can get as near lock-down as possible.

[dassad]

yes.. probably you have right and dominic realy knows what says and why says

Dominique did say "almost impossible." I'm sure she admits that it's never going to be 100% hacker proof but if you have the right security in place then you can get as near lock-down as possible.

[Smoking]

100% but that changes every day.

anytime a change or update is made to a site it can open up vunabilities. These are where openings occur and if you are targeted well

[Doolally]

I've had two sites hacked over the past year. I never really understood the reasoning behind the attacks though.

The perpetrator created a directory with some bonus pages, no links, etc, on them then attracted 2-300 thousand links to the pages!

I was ranking for all kinds of wierd stuff but I could never see the advantage for anyone. They were just boring text pages probably produced with an article re-writer. I just deleted the pages and informed Google about it so I wouldn't get any penalties.

[Simmo!]

I've experienced it twice, once in gaming once outside. The first time was a code injection designed to put links to other sites in my code. That site used Wordpress (an old version).

The second time was to make my website host pages that were made to look like banks. They would then mass email people, point them at the fake banking page which in turn would send on the customers details.

The most common exploits seem to be scripts that allow uploading/file management. So if you have any script that is used to upload images or files, or an admin (perhaps as part of a CMS) script that allows file uploads that is publically accessible there is a risk.

The easiest way t prevent access is to password protect the directory those scripts are in but thats not always practical so there are other ways to protect against that:

a) ensure that none of these files can get indexed by Google (they search for "known" strings that indicate upload scripts).

b) rename any upload scripts to names that are totally unobvious. IE: If you have a script called "filemanager.php" rename it to "cms.php" or something equally innocuous.

c) make sure the script validates the filename properly.

Perl & PHP form scripts are also potentially dangerous if they take in parameters. Make sure they validate the parameters properly. I always check for max lengths and generally only allow alpha-numeric characters. I' no expert but that's some basic stuff that will help. I actually got attacked through a perl script some time back but the maxlength validation caught it thankfully.

One other precaution you could take: create a simple recursive directory listing routine (with php start here) that checks file dates and emails you with a list of filenames that have changed then set it up as a CRON.

[dassad]

good tips here.. or you ca simply DENNY it from .htaccess or simple permission settings. But this depends on, if you use that module or site part or plugin or something.

[Renee]

I've never had my sick hacked, but have had my domain account logged into and all the details changed to someone in Turkey.

I remember coming home from a night out and checking my email before I went to bed and had to sit on the phone to a guy in the states to get everything back online...

Needless to say when I finally got into bed I was no longer drunk..