Hackers… How do they get in? – Part 2
A week or so ago I posted about hacking attempts and how to prevent your site from being hacked. One of the biggest problems I see that causes web accounts to get hacked are incorrect permissions set on files and folders.
Incorrect Permissions - In the Linux server world, each file and folder has it's own set of permissions set to it. These permissions can allow read, write, or execute access to a certain file or folder. Often these permissions are represented by numbers like (644) or (777) when they are viewed on through an FTP client or directly on the server. Each of these 3 numbers that you may see represent the access level and the permissions allowed at that level. The first number show the access allowed for the "owner" of the file, the second number represents the "group" that the owner belongs to and the last number represents access that all "other" users are allowed. When talking about setting permissions for "other" users to use, it is commonly referred to as setting the world execute, read, or write bit since anyone in the world will be able to perform the operation if the permission is set in the other category.
Whatever you do with your website, you should never need to set the last number or "other" to 6 or 7. Both of those numbers allow write access to your account. A 6 grants read and write access whereas a 7 allows read, write and execute access. The only field that really needs 7 permissions set to it is the "owner". I see accounts with permissions set to (666) or (777) that get hacked on a daily basis. All folders should be set to (755) and files to (644). You should not really need anything else.
Sometimes when you are installing software the instructions will request you to change the permissions to (777), but once the install has completed you should be fine with changing the permissions back. Hackers use scripts to scan account for files that have (666) or (777) permissions and once they are found they use this access inject code or upload files into your account which is VERY BAD!!.
If you are on a Linux server I have located a nice little file for people to use that will allow you to fix the permissions on all of the files in your account to (755) for folders and (644) for files. This file is very simple and with the click of a button will repair the permission on your website to prevent hacking attempts by using the permissions on the account.Place this file in your "public_html" or "www" folder and execute it by typing www.yourdomain.com/fixpermissions.php, then click "Yes" on the page once it loads.
Click here to download fixpermissions.php
Trains…
Last week I pulled my train set out of storage after years of not using it. Some of the tracks and one of the engines had some wear from getting wet here and there, but after a little scrubbing and some WD-40 they are as good as new.. I have a little HO set and a smaller N scale. The N-scale motor is toast and will require a new motor.
I set up the train to go around the Christmas tree since now my kids are old enough to not destroy it (they are 8 and 11). They have been enjoying watching it going around the tree. A few days ago we found a that there was an N-Scale train show in the area and so I took the kids to it. It was very impressive to say the least and makes me want to build a nice N-scale track at my house.. Unfortunately that will take some $$ which I don't have currently. I have also been thinking of going with a DCC system which allows more than one train to run on a single track independently. The cost will be greater for the engines, but then I can run the train with others, as they will have their own engines to control.
I need another hobby like I need another hole in the head. Arcade collecting/restoration and Scuba keeps me without cash.
No more repairs please!
My wife's 2005 Jeep Grand Cherokee is having a myriad of issues. The battery keeps dying on it which I temporarily rectified by added water to it (even though it's a maintenance battery), which has kept it going somewhat. A few months ago I discovered an oil leak behind the right rear tire, which upon taking it to a repair shop is the hub and bearing need replaced becuase of a worn seal. The seal caused the oil to leak over the other senors by the wheel causing many lights on the dashboard to light up (ABS, Service 4x4, Service Tire Pressure Sensor). This morning upon driving it to work, the power steering began having issues. To me it appears that it needs power steering fluid. But the Jeep just had it's oil changed maybe 3 weeks ago (at least that's what we wanted them to do). The power steering fluid should be checked and filled by the service tech when the oil is changed. They either forgot to check the fluid levels or they didn't change the oil at all. My wife though it was odd they didn't add the "Next service" sticker in the vehicle. I didn't think anything about it, but now I'm wondering if the oil was never changed. After wok I guess I'll be checking the oil levels and if they are low, then it's back to the repair shop to get the oil change I paid for.
We can't even afford the current repairs this Jeep needs. I sure hope this isn't something else that needs fixed.
Hackers… How do they get in? – Part 1
Lately I have been spending time working with various companies on clearing out injected code, phishing pages and backdoor programs installed by hackers. Now how do these hackers gain access into their accounts? Hackers gain access through vulnerabilities in people sites. There vulnerabilities can vary from simple passwords, to incorrect permissions on files/folders, to outdated software, to register_globals enabled in their php.ini file, and to SQL injections. There are other ways hackers can compromise the security of a website , but in the last few years of being on the clean up side of the hacking business, these have been the biggest culprits.
During the next few days I am going to talk about each of these vulnerabilities and how to secure your site from hacking to the best of my ability.
Simple Passwords - A simple password is a word that found in the dictionary, or a number. Many people use simple passwords to protect their information from others. To beat a simple password hackers use a technique called "Brute Force". A Brute Force hack is when a hacker uses a program to send thousands of password requests to an account until they gain access to the account. The brute force programs will go through try every word in not only the English dictionary, but dictionaries in other languages too, they will also run numbers up to 15 digits in length. A complex password that uses numbers, punctuation , upper and lower case letters. This does not guarantee that your account cannot be brute force hacked, but it may take the hacker weeks, even months to hack your account. Unless the hacker has a personal reason to access your account, they will usually not waste their time trying to crack your site and find an easier victim.
Many web hosts restrict the amount of login attempts before they have to wait a certain time. I have noticed though that the restriction is only when the hacker is trying to login through a web based interface, but the restriction is never imposed when the hackers attempts an FTP or SSH login. Software programs like Wordpress and Joomla do not restrict login attempts and I see many of these types of software get hacked this way. If you see a lot of login attempts from a certain IP address, then you can ban the IP though the .htaccess file.
If your account is ever hacked make sure that you CHANGE ALL OF THE PASSWORDS ON YOUR ACCOUNT. I would even suggest changing email account passwords as well an other passwords that allows access to your account/site admin area.
I really need to update more often…
Well, it's been over a year since I have updated my site. You will see a number of changes within the next few weeks on how this site looks. I will still post funny items and such, but I will also be adding posts on website security and my forays into stopping hackers on accounts that have already been hacked. I will also make available the simple tools I use to find the hackers and their files/backdoors.
Stayed tuned...
What I'm Doing...
- Boxee Beta sucks.. Going back to Windows Media or XBMC 2010-01-26
- just joined @boxee, a new way to enjoy entertainment on your TV & PC. join now at http://www.boxee.tv/signup 2010-01-16
- Ladies.... Some of us guys don't believe that is the REAL color of bra you are wearing. We are going to need photographic proof. 2010-01-08
- More updates...
Posting tweet...
What I’m Currently Playing
Torchlight
