Yesterday, WhyDoWork.com was taken down by a group of hackers. We were the next target on their list after crashing a large children’s website where the main page was replaced with some choice profanities. This particular group seeks out programming flaws and exploit websites, their only reward being a few insignificant praises from their community and knowing that the websites hacked will likely take a closer look at security.
Hackers are almost always your stereo typical computer tough guy. Unless you can rationalize vandalism then you aren’t going to be able to rationalize their behavior, so don’t bother. Anyone who has been a victim of any type of crime knows the frustration and anger that accompanies it. In the real world your first reaction is to inform the police, but this is the Internet. So what do you do?
Prevent
First lets take a step back and try and prevent this from happening to begin with:
- Have Your Server on Guard – Make sure your hosting provider has some type of firewall software running. If you are very large you may even want load balancers and other hardware to handle DOS attacks.
- Know How to Code – Make sure your programmers are preventing against SQL injection, the most common type of attack. Any time external data is used in a query it needs to be cleaned up and special characters removed.
- Stay Up To Date – If your site is powered by a piece of software it needs to be upgraded as new releases are published. Once a flaw is found it becomes publicly known. You want to ensure you stay on top of all security fixes.
Plan
You have to assume that one day your site will get hacked as a growing site often does. Make sure there is a game plan.
- Backups – Ensure both your site and database are backed up on your server and remotely. You need to be equipped to grab those backups and have them restored quickly. Note: Most hosting providers do not automatically provide a backup service, this is something you should look into. If you are unable to restore the site yourself you should ensure you have access to a support team to handle the task 24/7.
- Passwords – Make sure the password you use is different everywhere. This is very important so don’t get lazy here. You will want your db, server and user accounts to have different passwords. The first thing a hacker will do once they find one password is test whether it works everywhere (including your personal email).
- Encryption – Ensure your user’s passwords or any highly sensitive information be encrypted in the database. This way, even if your database is exposed the hackers cannot exploit your users.
React
In the event of an attack its time to stay calm and figure out how to get the site back online and ensure it stays online. Once an attack has been published you are going to be a target for a follow up.
- Reach out to the Hackers – Hackers take pride in their work, keep that in mind while you deal with them. Don’t try and fight with them, its a losing battle If you try and cooperate they may tell you how your site was exposed.
- Restore – Obviously the first thing you want to do is kick off a site restoration procedure. Even if only your database seemed to be exposed you may want to restore an old code base to ensure nothing was secretly modified.
- Fix the Problem – You need to find the security hole and plug it. Count on the hackers installing back door access to your site. Find that and remove it as well.
- Change Your Passwords – This one should be obvious but you want to change all passwords to your site, as well as potentially your personal email and other accounts if they were the same.
- Assure Your Members – Be honest about the attack. If private data was exposed the important thing to do would be to inform your members so they can protect themselves. If there is nothing to be concerned about, let them know that. They will be wondering what happened and whether the site can still be trusted.
Report
Can we let these jerks get away with this? Unfortunately this type of crime is very difficult to stop. If someone walks up to you on the subway and punches you in the teeth claiming your lack of self defense skills is a “vulnerability”, it’s likely they’ll get arrested fairly quickly. Most hacker groups are hosted in the most unregulated countries where authorities have trouble existing but there are some measures to try.
- Report to the FBI – Here is a link to the Internet Crime Complaint Center: http://www.ic3.gov/default.aspx
- Email their hosting provider - Try running a report on http://network-tools.com/ for the domain where the attack came from. Often you will see an email address from their hosting provider where malicious behaviour can be reported (ie: abuse@hostingprovider.com). With some luck these guys will shut the site down at least temporarily.
If you have any other tips please share!
If you enjoyed this post, make sure you subscribe to my RSS feed!
Loading ...
Sorry to hear that hackers took down your website, that is certainly a relief though that you were able to get your website up, and come back strong from the attack. I know one of my biggest fears is getting attacked and taken out by a hacker
Till then,
Jean
It is bad, if they can read this at least. Other than taking precautions activate the web log so that it will be easier to know who and what caused the hack. Keep updating the sql injection function as people keep trying the new things. Periodically change the ftp and db passwords.
Thanks for this plan of how to deal with hackers. If you’ve had a website hacked before, you know how frustrating it can be. It is very easy to get overly emotional about it and end up causing more problems. You definitely don’t want to piss the hackers off or they will be back.
Hey WDW,
I have studied about hackers, the general acts of hacking were performed by the kids or people who sees hacking as a fun thing and gives them a chance to brag over their friends.
However to save oneself from such attacks, we must ensure our internet security so that we can avoid such immature hackers attacks.
Thanks for sharing your experienced and steps on how to prevent our websites from hackers. I believe that hackers only hack well known websites and blogs, but it’s better to do prevention before incident happened no matter how big or small is our website.
WDW, here is a new halloween logo.. looks so cool though.. Any big posts schedules for the D’day?
Seems that many internet marketers and bloggers change their logo to something related to Halloween. WDW has a nice halloween logo though!
Happy Halloween to all of you!
Regards,
Lee
You are right Lee, WDW has a great Halloween Logo. Actually out of all the blogs I visit there’s only been 2 blogs that have had Halloween special logos, this one, and my friend Tyler’s blog.
Till then,
Jean
Unfortunately I was too late to view the special Halloween logo. Is there a screenshot that somebody can share so I can also see what it looked like? It would be appreciated! Belated Happy Halloween to everybody nevertheless!!!!
Yea, WDW had a great Halloween logo as well as Tyler. I like Tyler’s Halloween logo too, very unique but he spent quite much on the logo. That’s him and sit on blood, a very cool logo.
I’ve visited his logo design company, that might cost him few thousand to get his logo design, but superb!
Regards,
Lee
Yeah Tyler usually spends alot of money on designs and everything, but Jacques I guess you will just have to remember and wait for the next Halloween
Till then,
Jean
Most hackers want even more information about your system. Many free programs are available for download that can provide key information beyond that of simple OS types and versions. One of the most common tools is GFI LANguard Network Scanner. Among other things, it provides information such as:
* Service pack level
* Missing security patches
* Open shares
* Open ports
* Services/applications active on the system
* Key registry entries
* Weak passwords
* Users and groups
You can see where this kind of information could be used to compromise your systems.
Yes this kind of information could be very dangerous in the wrong hands. With this kind of information available, it shows how important it is to stay updated with security patches and use quality anti-virus software.
I’m sorry to hear about you guys getting hacked, but I like the pro-active advice you’re dispensing on how to cope with this eventuality. What was the final result of your experience? Were you able to finger the culprits?
I have no idea what I would do if I am attacked by a hacker. Looks like our main safety measure is prevention and planning.
I read this article.it is really nice post with have a great info…
Thanks for passing on this information. I don’t have a website, but I have had some runs ins with hackers recently – stemming from an ex who won’t move on. I think the thing to do is to document everything they are doing and let them know you are reporting it. My hackers leave clues sometimes, but it’s like stepping on landmines as they put them in unsafe places. Also, be careful if you are on a lan they can also hack you through one of the other computers.
Nice that you give those tips that could be helpful for many web users that are not very experienced and do not have specific knowledge about preventing an attack. The truth is that every site can be hacked but some are just much more safer than other.
I guess I did pay enough attention to this post on my first read. Someone apparently hacked one of my websites again recently. This time I have had enough. One of the things I plan on doing for sure is switching to a new web host. I have a strong feeling that my current web host is not doing enough to protect me. They have quite a bad reputation and I’m sure it is justified.
This a very nice report and information to help fight back the hackers. I wish I would have known this several years ago a domain of my got hacked and I really lost big time on it.
Thanks again!
From what I’ve heard, some hackers got into personal emails and climate data and basically showed that the whole global warming theory is a farce. Any truth to this? Links please.
The truth is that anyone can be hacked and there are no exceptions from that rule. I just hope that no one is going to spend a real attack on my server. I believe that there are no safe places on internet.