Any popular content management system, be it for a blog, a website or a forum, is going to be targetted by hackers at some point. They'll try to find ways to exploit any security vulnerability that they can find.
To be honest you could expand that statement and simply say "any popular software".
If the hack is a defacement or similar you'll notice it pretty quickly, but other types of attack are much more subtle.
Instead of visibly changing a site they'll take its web traffic.
By intercepting traffic coming from certain sources. So, for example, if you visit the site by typing the address directly into the address bar you won't notice anything, but if you follow a link from Google or other search engines you get sent somewhere else entirely ie. they intercept search engine visitors.
This kind of compromise has hit pretty much every CMS out there at some point and it's a hard one to spot unless you take the time to check your web stats regularly. If you notice a sudden dip in traffic then that might be an indicator.
Another way to check, in conjunction with your web stats, is to check Alexa. Yes - Alexa can be useful for something!
Here's a screenshot of the stats for a site that was infected by a Vbulletin hack:
If you're using Vbulletin there are a couple of tools available that can help detect and remove infections. Vbseo has a good thread on a hack that impacted them and also provide both removal and monitoring tools. There's also a plugin that will check your vbulletin install for dodgy code. Most of the vbulletin hacks I've seen hide themselves in the datastore, so reloading it can remove them, though obviously you need to find the point of entry or it'll just get reinfected again.
If your site is setup in Google webmaster tools you can keep an eye out for any notifications there. While Google's tools may not catch all hacks they can spot quite a few and will also do things like informing you of updates to your CMS.
No matter what CMS you are using make sure you keep it up to date AND check for updates for any plugins or extensions you might be using. Remember the TimThumb security issue last year? Thousands of WordPress installs were compromised via a hole in a popular script that was being used by a lot of templates, themes and plugins. Nasty!
Remove plugins and extensions that you aren't using. Even if they're not "active" a malicious 3rd party could exploit them.
If you're running WordPress remove themes that you aren't using. The defaults ones that ship with WordPress will be kept up to date automatically, along with your core WordPress install, but a lot of 3rd party theme developers don't provide notifications or automated updates.
If anyone has any other tips or tricks please share them via the comments.
After my recent "incident" I'm going to be installing some kind of burglar alarm and possibly some cameras.
There are quite a lot of different solutions on the market, but I'm really not sure what to go for.
Ideally I'd like an alarm system that is loud ie. set it off and your ears are assaulted. It probably won't be hooked up to any monitoring system beyond a GSM modem that would alert me (and my designated contacts). The idea behind an alarm being to dissuade whoever is breaking in more than anything else. As the house is on a very busy street only a few hundred metres from the local police station I don't think much more is needed.
But the thing that I would really love to get is a few small cameras that could monitor the front and back of the house. Ideally they'd be hooked up to some kind of web based system so I could login and check what is going on remotely. Of course I've no idea what to even look for here - most of the cameras I've come across need to be hooked up to televisions etc., which really isn't what I'm looking for.
So does anyone have any suggestions?
Just a headsup if you're using a theme that uses TimThumb.
Due to all the security issues with the plugin / script (it's a single file) the developers issued a number of updates over the last few days which culminated in the release of version 2.
You should also update the file in any themes that are not active OR delete the themes, as the vulnerability is potentially accessible even if the theme isn't active.
You can download the latest version here
- TimThumb Zero Day Vulnerability Affects Hundreds of WordPress Themes (pressography.com)
- 712 Fewer Vulnerable TimThumb Scripts in Existence (vaultpress.com)
- Zero-day bug found in WordPress image utility (theinformativereport.com)
- TimThumb security issue with WordPress (blacknight.com)
- Timthumb.php Security Vulnerability - Just the Tip of the Iceberg (sucuri.net)
Fine Gael's new website has been defaced.
They were the only major political party to still host their website in Ireland up until very recently.
UPDATE 2135: The Fine Gael site is now completely offline with this default holder up instead:
There is now a more official looking holder page up:
Wait for the wonderfully vague (and inaccurate) excuses and explanation from Fine Gael spokespeople in the coming days ...
The Fine Gael website is back up and running with no evidence of the defacement in sight. It's also not clear whether they have taken any measures to improve the coding of the site to stop the kind of attack that that happened last night. It seems that they had another message on the site during the night which tried to spin the hack (via Kieran Lane) :
I have a few problems with this message and the total lack of any message on the site at present.
To start with trying to spin the defacement in this manner is really not that bright. Either they think we're all dumb or their spin doctors are more naive than I thought.
Secondly it's not clear if the defacement's attack vector has been patched properly or not. Under normal circumstances I would assume that it had, but considering how simple the "hack" was I wouldn't be overly confident of them having fixed it.
It now transpires that the defacement was a lot more serious and several thousand people's contact details may have been compromised. No mention of any of this that I can see on the Fine Gael site.. And their WHOIS data doesn't exactly instil any confidence in them ..
the spin continues.
Fine Gael are now claiming that the site was "professionally hacked". Even though several people have pointed out how the site was easily compromised they seem to be ignoring this completely.
They sent the following email to their "supporters" with the subject line: FG Website Professionally Hacked / Authorities Notified
At some point today, probably after they sent out the email above (?) the Fine Gael website was taken offline and the following message put up:
It's basically the same text as they used in their email.
Some sources are stating that the FBI has now been contacted. This is quite normal and has nothing to do with the site's profile.
Update Tuesday 11 January 19:25
At present Fine Gael does not have a functioning website. The .ie (finegael.ie) which they had been using for years is still redirected to the .com, which has been offline since yesterday. FineGael.com is currently pointing to a default IIS7 page.
So the main opposition party in Ireland is basically "offline"
UPDATE Wednesday 12 January 17:45
While searching for an article related to this incident I got the following (click to enlarge) :
ice a couple of things:
- Fine Gael are paying for Google Adwords to drive traffic to a holding page. I've no idea how much they're paying per click, but it's a waste of money at present due to the site being completely offline.
- The link to Enda Kenny's page on the Fine Gael website no longer works, as they've redirected ALL traffic for *.finegael.ie to the new site, which is still offline. Oddly enough Fine Gael sub-sections in the format www.politicianname.finegael.ie are still working.
According to an article on Forbes the Anonymous group are denying responsibility for the hack and have also given some very plausible explanations as to why they could not have been involved. Worth reading.
UPDATE Friday 14 January 19:00
The Fine Gael website is back online. It's now carrying a message from Enda Kenny about the hacking incident:
A couple of weeks ago I said that I wanted to hear from you and despite the recent interruption to the website, I still do.
You may be aware this website was hacked on January 9, 2011 and Fine Gael is now assisting the relevant authorities in their ongoing investigations. We very much regret that contact data that the public supplied as part of an open and genuine conversation about the future of our country was accessed in the course of this hacking incident. For now we have removed the email and mobile phone sections of the Comment forms but we still want to hear your views, opinions and concerns about the issues facing our country.
This video I recorded at the end of last week was a response to the overwhelming participation on the site, since going live. The message in the video remains the same, even if we have been delayed in posting it to this site.
I am looking forward to hearing your comments on what's needed to change our country once more.
I'm a little confused by the removal of the email and phone sections of the comment forms. Does this mean that they still haven't secured the site completely, or is this some kind of attempt to make people feel that they're being more careful about personal data?
Speaking of Enda Kenny .. ...
Googling for him at the moment gets some rather "interesting" results.
His page on the Fine Gael site is not reachable, as mentioned before. However it is quite easy to get to endakenny.com. You'd think this was either his site or that of the folk singer based in Australia. It's not. It's a Bebo page which is obviously a "spoof site" setup by someone who doesn't particularly like Enda Kenny or Fine Gael ..
I hate paying to attend events. More often than not the organisers use the event as a "money spinner" and attendees get very little value from it.
So it's nice to see that another event is taking place next month which is going to be free to attend and promises to be interesting.
IRISS-CERT's Annual Conference is being held on November 19th in the D4 Berkley Court hotel. While details on the day's sessions are a bit scant at present I'm sure they will be interesting. What's also interesting is that they are also organising "Hack Eire" on the same day:
"HackEire, will be held to identify Ireland's top cyber security experts. HackEire will see 10 teams, up to a maximum of four people per team, compete against each other in a controlled environment to see which team will be the first to exploit weaknesses in a number of systems and declare victory. The purpose the HackEire competition is to demonstrate how attackers could gain access to your systems and allow you to learn from the event on how to prevent such attacks from impacting your network."
More information will presumably be available on the IRISS site
While Macs are a lot less likely to get targetted by viruses there are still some viruses "in the wild" that target them.
So which antivirus software should I be using?
Which is the best?
Which is the worst?
Why is one better (or worse) than another?
I'm not concerned about costs, but I am concerned about functionality etc., ie. I don't want some RAM hogging pile of junk that leaves my desktop completely unresponsive
Any / all suggestions welcome !
At some time in the last couple of months an Irish website got hacked and its member database was stolen. The database contained email addresses and the associated passwords to login to the website.
The list of email addresses and these passwords was published on a website which has since been taken offline (though you could find it in Google's cache as recently as 48 hours ago).
While some of the email addresses and password combinations could give you access to a lot of things this would only happen where the person used the same password for everything.
The list was NOT a list of email account passwords ie. if you could actually use the password to access the person's email account it was purely coincidental.
How do I know this?
My email address is on the list, as I was informed by someone a couple of days ago.
Though even the person who informed me was doubtful that I'd have opted for such a stupidly weak password for something as important as my email. They'd be right. I hadn't! I had used a weak password on several websites - in some cases semi-intentionally
Unfortunately some people seem to like scaring people and also have zero respect for privacy and zero understanding of security or anything else, so you'll find the list of email addresses published on at least one Irish website. (I'm not going to link to them, since they don't deserve a link if they're going to be that careless with other people's data, but I do hope that someone flags their idiocy with the data privacy people)
On the plus side, hopefully some people will realise that having a password policy wouldn't be such a bad idea after all ....