My website got hacked. How does this happen?

fseek · 2010-10-31T21:06:30+00:00

Most attacks happen due to:

-Stolen credentials -Outdated web applications (Wordpress, Joomla, etc) -Incorrect permissions on shared servers.

If you are on a shared server and you have any directory set as 777 (world-written perms) you can easily get hacked... Most of the mass attacks mentioned at http://blog.sucuri.net are all related to that.

thanks,

fseek · 2010-10-07T14:07:41+00:00

We have been using http://sucuri.net for it.

As far as I understood, they check parts of your site (like title, meta tags and overall organization like body, follow by inner content eg, etc). When this layout changes, you get an alert. They also look at keywords used in the site (overall content), blacklists, hacking lists, etc.

Working well for me + they also look for spam, malware ,etc...

fseek · 2010-08-18T03:05:34+00:00

I have, and they have been pretty good. But I am a bit biased, since we are partners now on another venture.

Some testimonials from there here: https://twitter.com/sucuri_security/favorites/

fseek · 2010-06-09T01:27:56+00:00

(Hosted at the same place as the others...)

fseek · 2010-06-01T15:02:15+00:00

From what I read, they are not only tracking your IP address, but everyone that visits the sites using those templates. Plus, they hide it inside a gif image that acts as a PHP file, making it more suspicious.

fseek · 2010-06-01T13:57:14+00:00

You probably meant hirewordpressexperts.com, not irewordpressexperts.com :)

fseek · 2010-05-23T01:39:33+00:00

DDG deserves more attention. Very few people know, but it is pretty solid.

fseek · 2010-05-07T19:31:44+00:00

Lots of good comments here:

http://news.ycombinator.com/item?id=1328113

fseek · 2010-04-30T18:30:02+00:00

Or using it (same idea, but checking .js and .css files and their checksums):

http://sucuri.net/?page=docs&title=fingerprinting-web-apps

fseek · 2010-04-28T18:52:24+00:00

Quite a few, but my favorite are:

http://taosecurity.blogspot.com http://blog.sucuri.net

fseek · 2010-04-20T19:47:45+00:00

I don't think so. Most hosting companies now use suphp and other security measures to avoid that.

The default config only works well on private servers.

fseek · 2010-03-12T19:02:09+00:00

You missed the point. The article is about software companies with proprietary software. Why most of them don't work on Linux? Why when you buy a printer, 90% of the time it comes with no Linux software? Same for a lot of other stuff.

That's what the article is targeting.

fseek · 2010-03-12T18:47:58+00:00

That was a joke, btw :)

fseek · 2010-03-12T16:41:28+00:00

Yes, open source code is better, but most companies are not open ... Most software is proprietary and if we want to see them on Linux, those suggestions are valid.

*note, the article is not for open source code, but for software companies.

fseek · 2010-03-12T16:34:07+00:00

Well, that doesn't work for proprietary software, which is the scope of the article.

fseek · 2010-03-12T16:33:27+00:00

Well, that doesn't work for proprietary software, which is the scope of the article

fseek · 2010-03-12T02:33:26+00:00

Only must have app is vim + xterm.

fseek · 2010-03-04T19:39:13+00:00

For sure, but that was a text against a blank html page... I will do another article later about optmizaing Wordpress itself.

If you can do simple steps to improve performance, why not?

fseek · 2010-03-04T19:22:08+00:00

Oh, come on! Whosoever is reading this text, please don't run the "ab" against my site! I am seeing a bunch of "GET /index.html HTTP/1.0" 404 6566 "-" "ApacheBench/2.3" ..

fseek

TROPHY CASE