BleepingComputer.com: Website injection attack

I currently host 4 websites on one hosting server via GoDaddy. There are 3 sites that were built in html through Adobe GoLive. These are fairly simple websites. The fourth site was created in Wordpress. A few days after I began building the Wordpress site, I started having a lot of problems. Found an injection attack of iframe with a link to a chinese website: liteautotop [dot] cn. I uninstalled and wiped that part clean and reinstalled, this time adding as many security measures I could find for Wordpress.

But somehow, the hacker was able to add the same iframe to the other 3 sites. This has led to a big warning page when trying to view these 3 sites. I went through and deleted all of the bad iframes I could find. I resubmitted each site to Google for review. I also opened a ticket via GoDaddy to ask for their help and advice.

What I would like to know is... how do I keep my site secure? Are there good free detailed website scanners? What steps should I take on a regular basis? Any help on this matter is greatly appreciated!

Hello,

The best way to keep your website Secure:

• Use a Firewall to Shield Your Network - This is perhaps the single most important step you can take to protect yourself against hackers. If you don't know what a firewall is, or if you don't know how to select and configure one, find someone who does. Many administrators keep their companies' Web servers separate from the rest of the network to provide extra protection against break-ins.
  
• Require Good Passwords - As a rule, people shouldn't use dictionary words, names, or other personal data for their passwords — they're too easy for an intruder to guess.
  
• Limit Server Access - Only people who really need it should have access to the server. Even then, carefully control each user's level of access. And make sure you delete inactive users as quickly as possible.
  
• Turn off unused services on your Web server - Consider getting rid of FTP and any other services that might help an intruder break into your server. Also remove shells and interpreters you don't need and delete unnecessary directories. For example, if you don't run Perl-based CGI scripts, remove the Perl interpreter from your server.
  
• Check your system and Web logs for suspicious activity - Programs such as Tripwire for Unix systems and Internet Security Scanner for Windows NT can monitor your log files and alert you to any unusual behavior. Unusual log file activity might be the first — and only — warning that an intruder is trying to break into your system.
  
• Keep a complete backup of your Web site - And keep it on a separate, secure computer. If a vandal does manage to destroy or deface your Web site, you'll be able to get a backup version up and running more quickly.

Top 100 Network Security Tools.

Be very, very, very careful.

There is not much you can do except secure your files and change your passwords, and listen to the tips.


~Zane

@KonamiYoto, would you care to explain to wnccomp just exactly how to enable/administer a firewall on GoDaddy's servers? Also, please explain how to turn off services on GoDaddy's servers. Additionally, how you would go about installing TripWire (which is no longer called TripWire) or ISS on GoDaddy's servers? Finally, please explain what your '404' is, and how it is able to tell you that you were hacked?

Thanks.

I do believe it either already has a firewall or.. Control Panel> Administration> Settings ? And I'd assume it'd have an option to install certain Web Logs.

No. When you rent web space from GoDaddy, you will not have admin access to do any of that. They are responsible for securing their servers, not the person renting web space. There is no way that wnccomp is going to be able to install anything on their servers. You seemed to have missed that point in the first post.

groovicus, on Jul 29 2009, 05:33 PM, said:

Ah, ah... My apologies, then.

Otherwise, it was great advice.

Thank you for the advice!! I'll see what GoDaddy says. They have a pretty good level of customer service, at least.

No problem. Hope everything works out.

I would put my finger on Wordpress. Wordpress is known to have problems (getting hacked, script execution) if admin (thats you) doesnt configure it correctly.

You should read this :
http://codex.wordpress.org/Hardening_WordPress

I've noted a spike in the number of comprimised websites I run into lately. 7 time out of 10, the site is running Wordpress. Don't get me wrong, I like Wordpress and even use it myself, but its security record is not that good, IMHO.

Make sure that you always apply the latest patches to your installation.