Hacking of websites are very common these days. Most of the websites are being built using CMS applications like WordPress, Joomla, Drupal and Zencart. We always forget about the security features and it will lead to website hacking. This article will give you an idea about hacking types and the steps to avoid hacking.

Hacking is an attack on a website that can deface the front page of your site. Your login details will not work for admin section and sometime you will see Google malware warning on your website. These are typically the work of system cracker, who breaks into web server and replace the hosted content with malware content.

Hacking can be done in many different ways. The two most common methods are below:

Account passwords harvesting

In this method, hackers will try to collect account passwords. Some vulnerable software or other vulnerabilities allow hackers to access your computer data. They will then sniff around and find data such as FTP usernames and passwords that are stored in some other programs or files. Also the use of simple password like 123456 or use of a spyware infected PCs at home are the main reasons of hacking.  Keeping strong password will not help if key logger is installed on your computer.

PHP vulnerabilities

PHP has got a lot of  vulnerable and potentially exploitable functions. Most of the website hacking is being done using vulnerabilities in PHP applications. Hackers have been enjoying these security lapse for a long time. We offer PHP 5 in our Linux servers after closing down most of the security holes of PHP.

Most of the PHP applications such as Joomla, PhpBB, PhpNuke etc are community developed. These applications may have potential security vulnerabilities and hackers exploit them.

All community developed PHP applications are patched as & when new vulnerabilities are discovered. So you should upgrade/patch PHP applications in your website from time to time. Failing to upgrade/patch PHP applications in your website is equal to opening a backdoor entry for hacker in your website.

Mass modification of website files

Once the hacker discovered a backdoor entry in your website either using an account password or a vulnerable PHP application, he will modify your files. We call this stage as “mass modification of website files”. In this stage they use a special tool, called MPACK, to install malicious IFrames code in website. Usually only main index pages are targeted (i.e. index.php, index.html, index.shtml, etc.). Malicious IFrames are usually installed at the beginning or at the end of the document.

You can refer these URls for more information:

Code injection – http://en.wikipedia.org/wiki/Code_injection

Remote File Inclusion – http://en.wikipedia.org/wiki/Remote_File_Inclusion
Given below are few recommended precautionary steps:

* Use strong Password:

We recommend use of strong password containing 8 or more random letters and numbers. Password should not be simple. (use http://strongpasswordgenerator.com to generate passwords). Some secure password tips would be:

•  Don’t use a dictionary word

• Don’t use part of the user-name

• Keep the password at least 8 characters long

• Have a combination of at least three of:

– lowercase characters (a, b, c)
– uppercase characters (A, B, C)
– numbers (1, 2, 3)
– non-alphanumeric characters (!, %, *, {, £, )

• Change your passwords periodically (say, at least once a month)

• Don’t share the same password for all accounts.

• Should not store passwords in email client, browser and FTP client.

• Do not share passwords with any one.

* Any 3rd party or custom PHP, Perl and other web applications should be kept up to date at all times. Subscribe to the software vendors security or update notifications mailing list. If an application is no longer required or in use, remove it completely. Disabling the application is not always a sure means of disallowing intrusion attempts.

* Check File permissions in your server (Ex: Any anonymous, Internet User access to be restricted). By Default files should have 644  and  directories should have 755 permission.

* Scan your PCs/Workstation that you use for logging into your Web using good anti-virus or anti spy ware  and clean bad programs. We recommend to regularly scan your website using “Virus Scanner” available in your cPanel.

* Ensure your computer is not having any keyloggers or spyware.

http://en.wikipedia.org/wiki/Keystroke_logging
http://www.actualspy.com/articles/keyloggers.html

* Review your hosting accounts/sites periodically and ensure that nothing has been uploaded or changed. Make sure there is no old file with .bak or .txt extensions lying around.

* For securing word press site, please refer the link given below:

http://codex.wordpress.org/Hardening_WordPress

For securing Joomla site, please refer the links given below:

http://docs.joomla.org/Category:Security_Checklist

For any queries, please contact our Technical support team.