- Jan 24, 2011
- 9,378
Tips for safe blogging
In order to minimize the probability of getting hacked, you are advised to obey a couple of extremely simple guidelines:
Blog hacked. What now?
Recovering from a hack may be a painstaking experience, and the effects of a successful penetration can stretch over a long period of time, but the faster you identify and solve the issues, the less damage is inflicted to your blog. Here is a short list of immediate actions to be taken after a potential attack has been discovered.
You can also download the E-Guide by clicking here: Tips and Tricks for Safe Blogging
In order to minimize the probability of getting hacked, you are advised to obey a couple of extremely simple guidelines:
- Never use blog scripts coming from untrusted, unofficial download repositories. Most of all never use nulled scripts, as itâ??s not only illegal, but also risky for your blog and web server.
- Keep your FTP account clean: do not mix & match the account hosting your blog with other scripts you casually test. A small vulnerability in a third-party script can get your blog owned. Always test other scripts on a locally installed webserver.
- Do not add unnecessary plugins or themes to your blog. Stick to what you really need and minimize the chance of having an exploitable plugin or theme. Also, ensure that any plugin you may want to upload comes from a trustworthy source; when in doubt, just ask the community.
- Generate and store SQL backups regularly. Use a plugin to automate the job and have the backups delivered to you via e-mail or via a secondary FTP account. Using the same account for storing backups is usually a bad idea, as an attacker may tamper with them or even have them deleted after a successful hack.
- Use strong passwords for FTP accounts and administrative users. Do not disclose them to anyone in any circumstance. You might also install a complete antimalware solution to ensure that your system is Trojan-free. Some of the successful blog attacks were carried using legit usernames and passwords intercepted by keyloggers or cache-monitoring Trojans.
- Pay extra attention to the way you select your hosting provider. Paid hosting is usually much better than free offers, and, since youâ??re going to shed some money, ensure that you get automatic daily backups, access logging and a suitable web-server configuration for your blogging script of choice.
Blog hacked. What now?
Recovering from a hack may be a painstaking experience, and the effects of a successful penetration can stretch over a long period of time, but the faster you identify and solve the issues, the less damage is inflicted to your blog. Here is a short list of immediate actions to be taken after a potential attack has been discovered.
- First, you need to render your domain inaccessible both to the human user and to search engine crawlers. Since all the website files will be required for later analysis and (probably) for restoration, deleting any of them is not recommended. You can block all the traffic instead by renaming the index.php file and creating a blank one in its place. Beware: do not forget to create the dummy index page or you risk exposing other files in your FTP account. Blocking search engines will prevent them from seeing that your blog is infected and labeling it as malicious.
- Make a full backup of your home folder using a FTP client and then manually export the database as a SQL file.
- Pull off the access logs from your webserver and store them in a secure place. You will need the logs for investigating what exactly the attackers have done on your website. Analysis will reveal how the attackers compromised your blog.
- Make a copy of whatever customized files you may have. Customized files may include themes, plugins and files uploaded as content â?? practically everything that canâ??t be downloaded from the web again. Just keep whatever you consider necessary for a fresh start without losing any content.
- Start looking inside every plugin and theme file for suspiciously-looking fragments of text. Pay special attention to lines of text like â??eval(base64_decode(" followed by a series of illegible numbers and letters), as well as any script inclusions from domains you donâ??t know (such as < script src= " http:// [unknowndomainname]/ scriptname.php " >.
- Go through the database table by table and look for any sign of suspicious linking. Pay extra attention to the tables holding the administrators, the configuration settings and the blog post articles. If you find any administrator you are unaware of, remove it at once.
- After the inspection and cleaning process completed, you should remove any files from your webserver. If the database was also affected, you should drop it and restore the copy you have manually checked.
- Start uploading your blog script on the server. Make sure you have downloaded it from the official repository. It is mandatory that you download the latest version of the blog script. Modify the config file to match your web serverâ??s details (SQL user, database, password, file path and the rest of your settings).
- Make sure that you do not set file and folder permissions higher than the script actually needs to run properly. Setting files and folders to CHMOD 777 may allow an attacker to actually write to them and re-inject malicious code. Change the blogâ??s administratorsâ?? passwords and the FTP ones.
- Push your modified files back to their right place via FTP. Flush the browserâ??s cache and access your website. Additionally, look your blog up in a search engine using your name or the blogâ??s title as keywords and follow the search result provided by the engine. Most of the times, blog malware checks the referrer to see if the visitor accessed the website directly or got there via a search engine and only manifests itself to referred visitors.
You can also download the E-Guide by clicking here: Tips and Tricks for Safe Blogging
