U.S. CitiesCity-Data Forum Index
Go Back   City-Data Forum > General Forums > Science and Technology > Internet
 [Register]
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
View detailed profile (Advanced) or search
site with Google Custom Search

Search Forums  (Advanced)
Reply Start New Thread
 
Old 09-07-2011, 09:09 AM
 
Location: Out West
23,617 posts, read 17,409,864 times
Reputation: 27495

Advertisements

So, I woke up this morning to find out that my website was hacked. I have written to the hosting company to ask for help and hopefully they can get things back on track.

My question is, since I'm not quite a novice but certainly in no way an expert, how do I prevent this in the future?

For my public_html files, what permissions do I set them at? Obviously 777 leaves it open for the world but what do I put them at so that I can go in and make changes but no one else can yet everyone can still see the site?

Also, what does it mean when it's hacked? I know that I can't see my site and there is some lame page up there right now...but is that all they have done? They relished in the fact that they hacked it, the page they put up in place of my site proudly boasts that they hacked it...was it just to be a jerk weed or are there other things I need to check?

And wth is wrong with people that they have nothing better to do than just go to someone's site and screw with it? Seriously.
Reply With Quote Quick reply to this message

 
Old 09-07-2011, 06:14 PM
 
Location: HoCo, MD
4,584 posts, read 8,194,016 times
Reputation: 5123
For the most part - you either had your server account breached, the server was exploited, or your site had some vulnerable code that was exploited. So I'd change your account password, and have your scripting/code checked (unless you just have static pages). My guess is that if the server was exploited - the hosting company would/should have told you (and the attackers would have done much more than just put up a banner). They should at least be able to tell you when your account was used to log on - and that may confirm if your credential was compromised.

I'd also check the computer that you use to work on the website.... if it was an account breach, could they have gotten that info from your computer?
Reply With Quote Quick reply to this message
 
Old 09-07-2011, 07:13 PM
 
Location: Somewhere in northern Alabama
18,526 posts, read 55,444,914 times
Reputation: 32227
Word of advice - change hosting companies. Much, if not most of this stuff is from problems are their end. I had one of mine hacked years ago, contacted the hosting company, they fixed it and then it was hacked again, and within six months the hosting company was out of business.
Reply With Quote Quick reply to this message
 
Old 09-07-2011, 07:27 PM
 
Location: Out West
23,617 posts, read 17,409,864 times
Reputation: 27495
They fixed it, wasn't too hard for them because of back up, thankfully. They said the hackers had gotten in to my index file. I checked everything and don't see anything else that they did but I went ahead and changed my password, (hosting company recommended this as well).

I really think it was because my permissions were set wrong. I have had to open them up to make changes due to the publishing tool that I use, (which I'm not really liking because I like to do things by hand, old school), and when I went to change them back, I think I did not set them appropriately.

So, again, what is the LOWEST permissions I can give to my public_html that allows ME to work within my site, no one else can have access and still allows the page to show to the public?
Reply With Quote Quick reply to this message
 
Old 09-08-2011, 01:15 AM
 
40,182 posts, read 41,790,512 times
Reputation: 16740
Are you running any server side scripts, PHP, ASP, etc? Wordpress?
Reply With Quote Quick reply to this message
 
Old 09-08-2011, 04:58 PM
 
Location: Out West
23,617 posts, read 17,409,864 times
Reputation: 27495
Quote:
Originally Posted by thecoalman View Post
Are you running any server side scripts, PHP, ASP, etc? Wordpress?
For this particular site, it's Wordpress. (I have another site that is PHP and I've never had issues, plus, I do everything by hand, which I prefer, I feel I have more freedom that way.)

Wordpress is kind of a pain in the hind quarters because it's like for the beginner user and I never learned how to have a publishing tool do everything for me. So, it's actually more difficult for me than my other site which I add and write everything manually.
Reply With Quote Quick reply to this message
 
Old 09-08-2011, 05:44 PM
 
10,752 posts, read 18,003,358 times
Reputation: 10244
Quote:
Originally Posted by Three Wolves In Snow View Post
For this particular site, it's Wordpress.
That would explain it.
Reply With Quote Quick reply to this message
 
Old 09-09-2011, 11:43 AM
 
40,182 posts, read 41,790,512 times
Reputation: 16740
Quote:
Originally Posted by Three Wolves In Snow View Post
For this particular site, it's Wordpress.
Wordpress does not have the greatest track record where exploits are concerned, is it up to date with the latest version? It's essential that you install updates when they are released because 9 times out of 10 they are security/bug fixes.

If you're running an out of date version there is a very good chance they used an exploit in one of the scripts. The same thing can be true if you're running any mods.
Reply With Quote Quick reply to this message
 
Old 09-09-2011, 07:10 PM
 
Location: Tyler, TX
15,209 posts, read 18,490,079 times
Reputation: 8052
Quote:
Originally Posted by Three Wolves In Snow View Post
So, again, what is the LOWEST permissions I can give to my public_html that allows ME to work within my site, no one else can have access and still allows the page to show to the public?
644. But depending on how your hosting company has the server set up, even that may not be good enough. If the web server process is running under your id, then 644 won't matter - you'd have to go 444, and manually tweak permissions every time you wanted to do ANYTHING with the site.

Wordpress is well supported, so as long as you're on top of the updates, you shouldn't have any problems running on the default config. More important than the core program, though, you need to stay current with the plugins, too, and only use the ones you HAVE to use. If you don't really need whatever functionality a plugin provides, don't install it. Every additional piece of code you add introduces another potential vector for exploitation.
Reply With Quote Quick reply to this message
 
Old 09-10-2011, 03:37 PM
 
Location: Out West
23,617 posts, read 17,409,864 times
Reputation: 27495
Quote:
Originally Posted by swagger View Post
644. But depending on how your hosting company has the server set up, even that may not be good enough. If the web server process is running under your id, then 644 won't matter - you'd have to go 444, and manually tweak permissions every time you wanted to do ANYTHING with the site.

Wordpress is well supported, so as long as you're on top of the updates, you shouldn't have any problems running on the default config. More important than the core program, though, you need to stay current with the plugins, too, and only use the ones you HAVE to use. If you don't really need whatever functionality a plugin provides, don't install it. Every additional piece of code you add introduces another potential vector for exploitation.
Ah, 644 for index public_html? Almost all of my files are set at 644 but I didn't know I could do that with the index file. (Is what I meant to say, by the way.)

And no, the hosting company is not running under my ID. In fact, this hosting company is top notch, I've had them for years with my other site, (the one I can do everything by hand, which I prefer), and chose to have them host this new site.

There's nothing to "take" on the new site, it's just the matter of someone doing anything to it that ticks me off. And yes, I keep up on the updates. Which is WHY I have had to go in and change the permissions to 777 in some areas and when I went to put it back, I apparently did not put it back low enough.

I have a few plug ins which are relevant to the site and what the site is for. I'm not very plug in happy, just the ones I think would benefit the site. Which, frankly, I'm not thrilled with plug ins..again, I'd rather be able to build what I want myself, by hand, not have to use something someone else wrote.

But, I just wanted to get the site up and see if the idea would be successful. So far it's doing fairly well. In time, should it get bigger, I will definitely get OFF of WordPress.
Reply With Quote Quick reply to this message
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.

Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.


Reply
Please update this thread with any new information or opinions. This open thread is still read by thousands of people, so we encourage all additional points of view.

Quick Reply
Message:

Over $104,000 in prizes was already given out to active posters on our forum and additional giveaways are planned!

Go Back   City-Data Forum > General Forums > Science and Technology > Internet
Similar Threads
Follow City-Data.com founder on our Forum or

All times are GMT -6. The time now is 06:32 AM.

© 2005-2019, Advameg, Inc. · Please obey Forum Rules · Terms of Use and Privacy Policy · Bug Bounty

City-Data.com - Archive 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35 - Top