Webdesigner help, webdesign software, html css tutorials
Arrrggghhh - been hacked!
Over this weekend, I've discovered that at least two of my Wordpress sites had been hacked - specifically, the .htaccess files had been changed to attempt to download a Trojan onto the user's computer.
I've had a look round, and I'm not sure exactly what I should do to protect myself against this in future. My .htaccess files had 644 permissions, which I've now changed to 444. Is there anything else I could / should do?
TIA.
Gerald
Views: 2
Replies to This Discussion
-
Permalink Reply by Paul Robinson on -
A friend of mine with another company (One that suggests you see your father) had a similar problem, in fact a lot of people on the particular host had the same problem, after he contacted support who offered no help at all he had to find someone to remove the virus of whom he had to pay.
Although I have had no issues along these lines I am certainly a great believer that prevention is far better than a cure, so I look forward to picking up some tips on this. -
-
Permalink Reply by Nick Jones on -
hi Gerald
We spoke just now. I'm sorry to hear you had trouble with hackers.
caxton-books.co.uk is hosted on a webserver running SuPHP. With servers running SuPHP, there is no need to have any file writeable by "group" or "others". So you could use 755 permissions throughout. In fact the server will throw a 500 error if you leave certain folders or files group of world writeable. In addition for security, you should also make sure that any file containing sensitive data, such as a database password is set with the read bits disabled for "group" and "others". Eg 700 would be fine there. If you left such a file 755 then other servers users can write scripts to trawl for such files and plunder the password(s) from them.
The other domain is hosted on a server without SuPHP. In servers not running SuPHP, the webserver somtimes needs files to have the read and/or write bits set for "group" and "others" in order for scripts to work. In those cases, make sure that as few files as possible have the write bits set, and try and use 755 for as much as you can.
Please let me know if you have any remaining problems via email to our ticket system. I have raised ticket CJR-65653-528 for you.
Regards
Nick Jones
Compila Ltd -
-
Permalink Reply by Gerald Hornsby on -
Thanks for that reply, Nick. I'll give that a whizz later on. I'll also do a check of all the other sites I've been involved with.
What I'm unsure of if how anyone could get access to the htaccess file? Would the Wordpress installation have been compromised? I'm up to date with the WP updates, and there's not much on the WP site about this. I presume there must have been a bot 'knocking on doors' for a particular vulnerability?
Gerald -
-
Permalink Reply by Nick Jones on
-
hi Gerald
Access can be obtained to the htaccess file on a non-Su PHP server if it's permissions are left with the write bit set for "group" and/or "others". Alternatively if a folder has these bits set, and a file called .htaccess does not already exist, then a hacker can place one. The rogue file usually contains forwarders to link sites or pharmaceutical sites.
The Wordpress installation is not usually compromised. These compromises usually occur when a hacker runs a script that grazes the server for files owned by the webserver with world and group-writeable bits set. Changes can be made en-masse.
Regards
Nick Jones
Compila Ltd -
Photos
Videos
-
Website Marketing
Added by Compila Limited
-
Owl Woman video
Added by Elen Sentier
-
Bainn's Poker Wisdom #2
Added by Paul Robinson
-
Bainn's Poker Wisdom #1
Added by Paul Robinson
© 2012 Created by Compila Limited.
