Website Hacked!

There have been several Website hacking incidents recently that I think I should publish for the benefit of the Webmaster community.

Hacking Websites Via FTP

We are only as strong as the weakest link, remember? The weakest link, when it comes to Website security, happens to be FTP. Being a plain text authentication protocal, FTP account information is easy to intercept. Also, if there is a spyware/malware on your PC, it can pickup your FTP details when you log into the Web Hosting account. Once the FTP account is in the hands of a hacker or hacking software, all other security measures on your Website and code is virtually useless!

Hacked by Spyware, Virus or Malware

In few recent hacking cases, we have seen a virus or spyware on Web designer's local machine logged in to the FTP Server and replaced all index.php with another file that simply redirects to another Website. All visitors to the Website are automatically redirected to the target Website. Do you see those Websites or Businesses offering thousands of unique visitors for 20 bucks? May be some of them are using these tools.

Hacked via a Network

In another hacking incident, the FTP Server was being used from IP addresses all over the world. An IFRAME pointing to a target Website was embedded in most HTML pages. Looked like they have a large network of proxy setup so they can't easily be traced. We are not sure how they obtained the FTP account details. Since FTP is plain text, it could have been picked up anywhere along the way. The Web Developer may have had a spyware on their PC. But looking at the number of IPs used to connect to the Server, it appears that this hacking network have a spyware installed on PCs all over the worl!

What is this spyware anyway?

So what is this spyware program or virus that is stealing FTP accounts from people? It could be a software running quietly in the background, a peer to peer networking/torrent client that is freely available, a browser plug in (Toolbar), an innocent freeware program or it could be anything! We don't really know.

So how can we protect our Websites?

Make sure your PC is clean from Virus Spyware etc. Avoid plain FTP and try using FTP over SSH (SFTP) or SSL (FTPS). If your hosting provider does not support any of these, consider switching to one that does! The FileZilla FTP Client (Free and available for both Windows and Unix/Linux) supports these secure FTP protocols.

If you are in Bangladesh and looking for a secure and reliable Web Hosting Company: Try Alpha Net's Web Hosting in Bangladesh.

Posted on May 18, 2008 16:11 by Haider

Categories: General
Actions: E-mail | Permalink | Comments (0) | Trackback

How to Enable Silverlight Support on Windows 2003 Server Silverlight is a client side technology, which means nothing has to be installed on the Web Server...Google Maps API now includes driving directions It is possible to show interactive driving directions on your Website with very minimal effort. Go...GoogleMaps Driving Directions API Wrapper Control for ASP.NETFree ASP.NET wrapper control for GoogleMaps directions API

Don't Post SPAM

If you are posting a commment just to get a link, don't waste your time!

I have a sophisticated comment moderation system in place, and your comment will not be posted.

Add comment

Name*
E-mail*
Website
b i u quote

Comment
Preview

Notify me when new comments are added

Haider's .net

Homes for Sale

Hosting Company in Bangladesh

Who's Talking?

Tags

Blogroll