Portal Home > Knowledgebase > Articles Database > Website hacking on the rise all of a sudden?
Website hacking on the rise all of a sudden?
| Posted by brianoz, 07-01-2010, 11:23 PM |
| Usually we only get a site hacked once every 2-3 months or so. In the last month, we've had about five hacked.
They've been varying causes:
one was a stolen password, probably from a virus on the developer's PCone was a hack into an aging PHP application (small commercial CMS)several were stolen passwordswe got malware notifications from Google for several
I'm just curious to find out whether others are noticing this trend, and what they're doing to reduce the incidences.
We're experimenting with cxs and will probably link it in with csf to block IPs trying to upload mischievous files.
So - are others noticing these trends? Or is is just us?
And what are you doing to reduce your risks?
Answer the poll below or post your thoughts below!
Last edited by brianoz; 07-01-2010 at 11:32 PM.
|
| Posted by brianoz, 07-01-2010, 11:35 PM |
| Have added poll. By the way, I think the count for us, and for sites reported to us, is 6 sites in the last 2 weeks.
|
| Posted by WireNine, 07-02-2010, 12:24 AM |
| What kind of php setup are you running? Mod_security? Do you regularly update the system software including kernel?
|
| Posted by NexDog, 07-02-2010, 12:48 AM |
| Probably all are the result infected computers. It's on the rise because the Gumblar type viruses are everywhere now and people don't secure computers with on-access AV programs. Some Gumblar variants can spread on a server - quite easy with PHP running as apache/nobody.
|
| Posted by VIPoint, 07-02-2010, 02:10 AM |
| Hi,
we have noticed a strange pattern for hacking. It is periodic and "type" of hacking during a certain period remains the same.
Like previously it was replacing of index files, and now almost all the websites are getting hacked by iframe codes.
Once a new "hacking technology" is developed then that remains till the security holes are fixed or a new method is invented.
|
| Posted by UNIXy, 07-02-2010, 02:17 AM |
| Or perhaps school is out and kids are bored. What else could they be doing?
Regards
Joe / UNIXY
|
| Posted by boonchuan, 07-02-2010, 02:39 AM |
| I saw most of such attacks are direct through the FTP. Meaning that hackers stole the user's passwords and do a cronjob to upload their infected content up the client's account. It seems that such uploading are from a huge variety of IPs and machines. Only way is to ask customer to clean up their own computer. Clear up the account and reset the password and ask the customer to upload a clean and new backup of the web site.
|
| Posted by brianoz, 07-02-2010, 03:43 AM |
| It wasn't about the server getting hacked; that doesn't happen because we have the server hardened.
What I'm talking about here is specific sites getting hacked - iframe/javascript exploits getting uploaded, etc. This is pretty much something that is almost unavoidable.
On a broader note, sounds like most of these hacks are being done by stolen password via Gumblar etc.
|
| Posted by SimplexWebs, 07-02-2010, 08:08 AM |
| 1
I too have noticed an increase - many clients were affected by a Joomla exploit that was going around and we then saw issues with XSS injections which was a pain.
I think the term backup, backup again and backup some more comes into play here.
|
Add to Favourites 
Print this Article
Also Read
