Your website has been HACKED!
This is one of those statements that send shivers down the spinal cord.
Over the last few days, a number of Kenyan websites have been hacked. We have a list of more than 50 websites. Some are hacked and owners are not aware, while others have been taken offline by the owners.
Typical indications that your site has been hacked:
- When you search for your site, search engines are advising you that your site has been hacked.
- Your web browser alerts you to say its not safe or has found spyware or malware within the code
- Unwanted content is being displayed when you load your site (defacement).
- Your computers AntiVirus or Anti-Spyware software indicates a threat when you visit your sites pages.
- You find unexpected files have appeared on the FTP server in your hosting directory.
The first thing to do is make a note of the date and time that you first became aware of the changes, along with all the pages/files you feel are affected. Now disable FTP access in your control panel (if the option is available), and change the passwords of any FTP enabled accounts. If possible enable or upload a holding page whilst the compromise is investigated further. If you can fix your site yourself we recommend that you do so to limit downtime on your site, but we do request that you report your findings, and retain copies of the files involved to the system administrators or your website master.
Note: Please do not delete the affected files, as they may prove useful in helping qualified webmasters to determine the method used or even who is responsible. To save these affected files rename them, and move them outside of your web-root (/web) to prevent them being used/viewed again.
What can I do to prevent site hacking from happening?
Unfortunately there is no clear cut method to prevent hackers from attacking your web site/s, you can only take precautions to greatly reduce the risk of their success. The two most commonly used methods of attacking websites are to either gain access to the server via FTP, or to use a badly written websites page to attack the site. We recommend that you always have an up to date AntiVirus program as they should alert you when you visit an infected site.
How can I prevent unwanted FTP access?
The Online Control Panel allows you to remove your FTP access from the accounts you use to manage your sites files remotely. We advise you to remove this access from accounts during long periods where FTP is not being used.
Change your FTP passwords as often as you can. The more regularly you change the passwords, the lower the risk of your FTP account being used against your site.
How can I prevent a web page being used to attack my site?
Many sites are created using widely available content management systems (CMS), such as Joomla! or Wordpress. The source code for these CMS's are generally in the public domain. This allows hackers to identify security holes in these systems quickly, but also the CMS developers can release patches and updates regularly to fix them.
Note:
If you have chosen to use a CMS or other such 3rd party software for your site, you must ensure the live site is kept up to date with all patches and updates released by it's developers.
For ANY site hosted on Linux/Unix services, file permissions are a critical aspect of a sites security. Ensuring that your directories and files are assigned the "least level of access" necessary is a key point in preventing a site from being exploited.
Note:
If you are using a CMS or other 3rd party software, please ensure you follow the developers guidelines on file and directory permissions. Finally, if you are unsure what the permissions should be, seek advice do not grant world write or execute if you are not certain.
If the site does not use widely available software, then the sites developers need to ensure that it is written with security in mind.
- Ensure that the data handled by the site is always screened, using white-list and blacklist techniques to filter input. Never trust a page visitors input.
- If a form is available, place a CAPTCHA on the form, and again filter all received data from the form.
- When inserting information into a database, make sure you have screened the data and suitably escaped it.
- Use .htaccess files to limit access to sensitive areas of your site e.g. administration sections.
- Regularly update administration passwords, following the same guidelines given for FTP passwords.