I recently posted a piece – Webmasters Struggle With Hacked Sites – A Commtouch, StopBadware Report – which read in part: “Recent statistics indicate (surprise, surprise) – cybercriminals are increasing their targeting of websites for identity theft, virus distribution, and spamming.
And, according to a newly released survey (Compromised Websites: An Owner’s Perspective), from Commtouch and StopBadware – in which webmasters were queried on their fight against hacking – almost half of the survey participants (who had been hacked), had no idea until they received a warning from their own computer’s protection technology.”
Since I use WordPress as my blogging platform, I rely on the security apparatus WordPress has in place to protect me from the various cyber criminal attack schemes currently in play. Still, I would be more than a little naive if I didn’t consider the possibility that WordPress’ site security is vulnerable to hacking.
If a security developer’s web site can be hacked – and, many have been in the last year – including Panda Security in just the past few days*, it lends credence to the suggestion that any site can be hacked.
*Late Tuesday night, at least 35 public facing websites belonging to Panda Security were hacked and defaced by the LulzSec and Anonymous hacking groups. The defacement also posted multiple usernames and passwords associated with Panda Security employees.
Frankly, it absolutely infuriates me when I consider that the 4 years plus that I’ve put into writing and maintaining this Blog could, in little more than a moment, be destroyed by a single act of a cyber criminal. In my weaker moments, I have visions of lining these creeps up against the wall and being done with them.
But, the reality is much different, of course. So, it’s incumbent upon me to ensure that visitors to this site are protected (imperfect as that might be), from the nasties which cybercriminals can load onto a site.
There’s no foolproof solution but, one measure which I employ frequently is taking advantage of a free service offered by Sucuri Security – which, quickly scans for the most common threats as illustrated in the following screen capture.
Additionally, all links within the site are scanned. The following screen shot shows a small representation of the hundreds of links which were scanned.
If you’re a blogger or a site owner, I suggest that you take advantage of this free service so that you can check if your site has been compromised. It’s one more tool in the fight against the increasing threats posed by cyber criminal gangs.
Bill Mullins' Weblog - Tech Thoughts 
Hey Bill,
Its a nice service for blog owners like us,I use it frequently whenever I find any error in my cloudflare nameservers.One of my procrastinated posts under security and useful websites,sometimes I think you read my mind lolz nevermind just joking.Seem you are busy was thinking dint get any update from Bill.
Well said nothing is secure as its not 100% pure
Thanks
Regards
Hey Neeraj,
But, I DO read your mind. 🙂
Glad to hear you use this tool as well – like you say “nothing is secure as its not 100% pure”. I like that.
Best,
Bill
A related read from yesterday
http://threatpost.com/en_us/blogs/fake-antivirus-lives-now-infecting-200k-wordpress-sites-030712
Thanks Dave. A perfect example.
Best,
Bill
“In my weaker moments, I have visions of lining these creeps up against the wall and being done with them.”
All of these attacks upon one’s privacy and in the case of Identity Theft, one’s entire life, should be among the most serious of crimes in at least the US and Canada and so forth. I realize some nations actually engage in this business for various purposes, but one would think our respective countries would TAKE THIS STUFF SERIOUSLY. Having been the victim of ID theft I can tell you it just about destroys you. Yet the penalties are among the lightest.
Hi Fred,
I quite agree with your view that cyber crimes “should be among the most serious of crimes”. Given the destructiveness involved, it’s shameful that this issue continues to be largely ignored by the legal system.
I can’t begin to imagine the painful experience you went through following your experience. I have no doubt that it was traumatic, however.
Thank you for commenting.
Bill
Ooops …. sorry Bill, wrong reading without glasses ;-(
Please, delete my wrong message, THX !!!
paradoX.
Hi Johannes,
A paradox indeed. Thanks for pointing this out.
Best,
Bill
A million thanks for you Bill for sharing this information. I just checked my website and thank God it’s clean. Sometimes we don’t know that our site is being hacked till we can’t controlled it anymore. And it’s too late to fix it. Check the site regularly with this tool, I think, will make us more aware. Thank you Bill.
Hi Ace,
Good to hear you found this useful.
Best,
Bill
<<>> …. U R nice person, Bill & I enjoy like always your BLOG.
THX for all your good works & effort, to educate novices ….
Best regards : paradoX
Hi Johannes,
Just got back from some time away – appreciate the kind words. 🙂
Best,
Bill
Nice one Bill,
I gave that link a run on a few of my sites and they came up clean.
Unfortunately I have had several episodes where all my wp sites on a shared hosting account were hacked. The Bs also advertised (boasted) each of the urls they had hacked. I went to a lot of trouble to make it hard to crack again; got rid of “admin”, super-secure random passwords, blank index php and html files, security plugins, tighter permissions.
They still got in. Malware scans reveal no problem and now I am told they can get in via someone else’s account on the same server!
Talk about insecure security.
Now I am looking for a service (free) that scans and alerts you if any of your sites are hacked/defaced. Do you have any advice?
Hi Peter,
It seems this is an escalating problem judging by the number of new “fee” based services coming online. Another one just today – StopTheHacker Launches New Suite Of SaaS Website Security Service Offerings.
Unfortunately, I have no experience with “free” services that provide the coverages you describe but, I’m keeping a close watch.
Best,
Bill
Hi Bill,
My company website recently got hacked. It was the infamous Pharma Hack. I found that a good way of checking for malicious scripts running on webpages was to make use of the tools found in the useful tools section here:
http://redleg-redleg.blogspot.co.uk/
Including this one: http://redleg-redleg.com/file-viewer/
Also elsewhere on Redleg’s blog a link is provided to this very useful information:
http://25yearsofprogramming.com/blog/2010/20100315.htm
I don’t pretend to be an expert on tracking down malicious scripts but allthough Securi SiteCheck did a great job of flagging up that the site was indeed compromised Redleg’s file viewer did a great job in actually tracking down the scripts!
All the best,
Chris A.
Hi Chris,
Some great info available at these links (just finished a few runs – impressive). Thanks.
Best,
Bill