One of my servers was recently hacked — and although I don't want to alarm you, you should know that your sites could be subject to attack at any time.
To help you protect your sites and your data, in this article I share what happened to my sites and why.
More importantly, I'll tell you what I learned about defending my server, sites and computer against hackers.
What do hackers want?
Although some hackers get their thrills from breaking into and vandalising your property, most hackers are thieves. They may be identity thieves looking for credit card information, or they may want access to copyrighted works or sensitive intellectual property either for their own use or for the purpose of resale. Still other hackers are hijackers, who want to use your computer or server to send out spam email in phishing schemes.
Lucky me, I got a multi-purpose hacker(s) who demonstrated talent in 2 of the 3 categories above.
When Steve of DataWebPro discovered the problem, 250,000 of the spammer's emails were ready to be delivered from my server — and we have no idea how many were sent.
While the hackers were having their jollies, the sites on that server slowed to a crawl and crashed a few times.
It's nearly a month after the attack and we are still discovering that email sent to our customers with product download information, or to which they've subscribed in order to receive update notices from the forum, is being rejected by certain ISP's, i.e. black-listed.
A bigger problem that was discovered during the episode was that one of our customer databases had been corrupted. Worse, it had been down and out for so long that the server backups couldn't be used to rectify the problem.
Although both the blacklistings and database problems are resolvable issues, they have been a HUGE hassle and neither the incantation that Steve offered, nor the prayer sent by Andrew have been of much help.
So far, rebuilding the database has involved hour after hour of mind-numbing multi-platform data mining and entry which promises to continue for at least another 2 weeks.
How do hackers gain access to your account?
You've probably heard of worms, viruses and Trojan horse programs that can seriously damage or make your computer vulnerable to remotely controlled exploits.
Hackers like to look for ‘security holes' through which they can gain entry without much trouble. These holes frequently exist in the programs and plugins that we install on our sites.
Hackers also use programs that are designed to figure out the passwords to your accounts. Typically known as brute force password attacks, these programs run through letter and number combinations until it gets a match and gains access to your account. When your server is being bombarded by one of these attacks, the sites may become interminably slow.
Perhaps the ugliest type of hack is the one to whom you gave your password willingly because he or she is doing some programming work on your site.
How to foil a hacker
Remember, it is not enough to install these programs and hardware, we actually have to use them. For example, set up your anti-virus software to download updates automatically. Likewise, program your external hard-drive to automatically back-up your data on a regular basis.
If you are on a managed server, such as a BlueHost hosting account, login into your cPanel and Fantastico interfaces regularly and update your installed programs as the upgrades become available.
If you want to install programs and plugins that don't come with Fantastico, research them for known ‘security holes‘. Better yet, ask the technical people at your ISP if they have information about the program. Because they are just as keen as you are to stop hackers, in many cases, they will research the software for you.
Too, don't leave unused WordPress themes on your server, and un-install unused plugins.
Stay alert for unusual activity on your accounts. If you have trouble logging into any of your accounts and you sure the username and password is correct – alert your ISP right away and send the account name with logins.
If you are running a membership software such as Amember, you can prevent bruteforce attacks by setting an incorrect login attempts limit. That allows a user to make a mistake in entering their username or password only a set number of time times, i.e. 3 or 4. If the user exceeds these attempts the system will either lock them out of the system or prevent any future attempted logins.
If you need a programmer to tweak a particular piece of software, go first to the developer and find out whether they will either do the work or if they know programmers who are experts with that software. Otherwise, ask your friends if they can recommend a programmer whom they trust.
When you hire a programmer for a small tweaking job, set them up with their own password which you then cancel as soon as the work is finished.
Do NOT use duplicate passwords, i.e. use different passwords for your affiliate accounts and server access. For your best defense against bruteforce password attacks, be sure your passwords are comprised of numbers as well as uppercase and lowercase letters and change your passwords regularly.
Last but not least, backup your sites' data! Although they probably do, it is not enough to count on your ISP to back up your site regularly. You can generate your own full site backups manually from cPanel.
A alternative that may be preferable however, is to install software that does automated backups and has a quick and easy restore process such as Affiliate Backup. At the time of the hacker attack, I had Affiliate Backup set up on only one site — now it is set up to run on all of my sites. And yes, I AM kicking myself for wasted a pile of cash on weeks worth of data entry, when I could have had another instance of the program installed for $57. DUH!!!
Although there is no way to completely eliminate hacker attacks, there is plenty you can do to prevent them from gaining access to your site. DO make the time and effort to protect yourself, because doing so after the fact takes 100 times more time and effort.