Sunday, April 27, 2008

Website hacked

My website was hacked and made into a phishing site. Some kind of issue with cross site ajax blah blah. What is a bit unhelpful is that there was no real information regarding this kind of hack ( I mean specifically ) that would help me to fix it.

Anyway - The only thing I did find was that I should lock down the file permissions on the web server. I found all these renamed directories and one that didn't belong there at all. The lesson learned here is that even if you make a mistake with file permissions thus opening your web servives and sites open to attack, you should make a point of knowing all th files and folders so that you can spot an anomaly and fix it.

Of course this doesn't mean that all attacks of this nature rename your folders and files. They may simply change the content so the result is still a comprimised website.

I guess, a preemptive move ie: correcly setting up the website and server, is the best defense. After that be aware of strange things. I received a bunch of emails from odd people claiming that my site was a phishing site. My first response was to bin them thinking they were themselves dodgy. They were, but it did ring alarm bells because my site is not configured for comments. There is only one form that would send me emails and that is the contact us form.

So there you go. Anomalies and irregularities and file permissions etc, are all important.

********************* NOTE **************************
I received a phone call today from my webhost on the above issue. They suggested I reset my host account password. I asked them to do it because I could not gain access through to the site from behind my office firewall.

If ever your site is compromised an immediate reset of all your passwords is critical.