What to do when your WordPress blog’s been compromised (Round Two)
Posted: under writing.
Tags: 5-Rings, Anati, theme, write
This is part two of a two-part series of posts on what to do if your self-hosted WordPress page has been hacked. If you haven’t yet, I strongly advise reading part 1 first.
Round Two – Begin!
- The automation quandary.
One thing that’s a pain in the butt for sure: There’s no way to automate updates for WordPress!If we want true peace of mind, we pretty much have to visit the WordPress backend every single day, or at least get Emails notifying us when updates are available for WordPress, and be unusually proactive about it–Especially with your add-ons, checking to see whether or not your active plug-ins are even being updated any more.
(If you know of a way to automate updates on WordPress, please let me know.)
So now, not only do webmasters have to keep their website software in check, but they also should be keeping track of program updates on all of their computers all of the time (And not just FTP programs. I’m talking about programs you’d never think of updating, such as Adobe Air).
One way they may have gotten to my website is through an FTP program called Filezilla. Hackers can get full access to your website’s files using exploits if you happen to have an FTP installed on one of your computers and it happens to be outdated.
I use three different computers, two of them on a regular basis. One of them had an outdated installation of Filezilla on it. Now it’s been updated. But every time I see another update, I pretty much have to run to the other computers and make sure they get updated, too.
Pain. In. The. Ass.
Luckily, I’ve found a better way.
I don’t know if you have a smartphone, but one thing that’s great about them is they notify you when updates are available for all of your applications. You just touch ‘download and install’ and it starts doing just that in the background, much like how Windows Update works. No extra footwork required from you.
There’s a program that behaves much the same way for Windows-based computers called Secunia PSI. It scans for installed programs, and listens for updates in the background, installing them right away (that is, if you choose to set it to’ automatic’). Once you have your PCs and laptops on auto-pilot, Secunia will make sure everything from Winamp to Avast! Antivirus stays up to date, up-to-the-minute (it even listens for Firefox and Chrome plug-in updates). And in most cases, there’s no extra footwork required.
- The structure of web files, and their ‘rights’.
When I first got my web space, one thing that was overwhelming to me was the file structure. It’s nothing like a C:\ drive, and there was no explanation from the web hosts telling me what’s what. I had to experiment and use a lot of guesswork to try and piece things together.Unfortunately, if you don’t know why the structure is the way it is and what files do what and go where, it’s very difficult to track down a hack and fix it, much like looking for the proverbial needle in a haystack (if you’ll excuse the cliché), except it’s multiple haystacks and you don’t even know what the needle looks like.
Certain files and folders need certain rights, and if you don’t have them PERFECT, if you make one single mistake, your entire site can be compromised.
The domain root folder structure:
I’ve only been on one web host, so I can’t be sure they’re all the same, but mine’s laid out like this: (I’ll label the directories we’re concerned with right now.)
=============================================
/ <-(This is the system root directory. There are important config files in here. These are not publicly accessible.)
/.cpaddons
/.cpan
/.cpanel
/.cpcpan
/.entropybanner
/.fantasticodata
/.fontconfig
/.htmltemplates
/.htpasswords
/.MirrorSearch
/.sqmaildata
/.trash
/access-logs
/bin
/cpmove.psql
/etc
/mail
/php
/public_ftp
/public_html <-(This is the web root, where all the files that are publicly accessible are located. Literally, this is www.5-Rings.com and all of its subdirectories.)
/quarantine
/sql
/sql_restore
/tmp
/www <-(This is literally a redirect to public_html.)
Starting with the System Root directory (the plain ol’ forward slash), there may be an .htaccess file here, depending on if your server is being run with Apache or not.One interesting thing to note is if there is a dot in front of a file, browsers ignore the file entirely. But that doesn’t mean the web host cannot preprocess commands from one of these dot files before displaying a web page to the end-user (a server-side command).The rights to the files in this directory should be ‘644’. That is, everyone can read the files, but only you can write to it.
Comments (3)
Apr 10 2011
