Site Hacked? What its All a Bot
A client recently reported some strange entries in their website statistics referrer logs. The entry was from a bot probe by a nasty outfit that is up to all sorts of evil malware stuff. The issue did raise a good questions about the security of sites and what even novice webmasters can and should do to protect themselves from site compromise.
Bot probes from a slimy outfits are common. Properly secured systems will block offending IPs but the attacking bots switch IPs all the time. This form of vulnerability probe or referrer spam is very common — just like email spam. We do everything we can to prevent it but that does not stop the evil bastards from trying… all the time.
This is why it is so important to have a strong password and to change it every few months. You should also look around in your site file structure frequently for things that don’t belong — like .c files or .exe files or even php files that you did not install. I recommend you check your site once a week for this kind of activity.
Remember, no matter how secure our servers are, your website is an open door to the world and malware developers have a powerful monetary interest in gaining control of your server resources to make money. The days of malicious teenagers gleefully scrambling your home page and laughing through a mouth full of hot pockets is long gone. Hacking websites to install malware is serious (and big) business.
So it’s also up to you as a webmaster to make sure you don’t let these demons in the door.
By the way. Take care which backlinks you click on while scanning your stats reports. That is one way referrer spam works. The malware developer creates an attack routine and embeds it in a web page. Then they deploy botnets to spider websites constantly — leaving nice little fake ‘visitor’ entries in the log files and stats. Then if you click on the link to see who visited you the malware site hits your machine with a payload. Even though you may have a great antivirus / antimalware program, pages can be constructed in ways to overwhelm your computers resources and tie up your system as the payload is being installed.
It’s a jungle. Don’t let your website become part of the food chain.
As always we’re, At Your Servers
Dwayne
FTP Exploit – Back Door to Your Website
Recently a client reported the heder.php exploit had infected their website. They needed help with the cleanup, so we got them back online, but they had questions like, “How did these files get onto my site?”
First understand that heder.php is just one type of site trojan. There are many flavors of this type of site exploit and they have some things in common, so it might be worth a blog post to cover them.
These kinds of exploits compromise your hosting account. Then they install malicious code into your html pages. They also add some entries to your htaccess file to redirect incoming traffic to the payload. Usually the payload is a version of the same exploit so the code can spread to the next victim.
So now we know how you get it… Basically, this exploit is usually dropped onto your machine when you visit an infected website. It will overwrite a Microsoft ActiveX file on your machine — which is how it hides from your antivirus. (Yes as usual it’s a Micro$oft exploit).
So what does it do?
In the background it scans for usernames and passwords. If it finds them it steals then and uploads them to the hackers. If it finds FTP credentials it uses those to upload itself to your websites and inject some code into your home page and write some backdoor ssh access files into your server space. This is how it spreads – once it is on your website, anyone who lands on it gets the new code and the process starts attacking their machine.
I have anti-virus software so I’m safe right?
Nyet! Most Antivirus software cannot find it because it is more like spyware. Also it hits your machine via php and javascript code and those are functions your web browser uses all the time — so a firewall is useless to prevent this. Since it hacks an activex helper it hides really well from scanners.
Okay so why do people do this crap? Why me? What do they get out of it?
The hackers make money by retrieving your other credentials (usernames and passwords to banking sites, credit cards etc…) as well as personal info (your SSN, address, phone numbers, etc) and then it uploads them to a public board in encrypted form that only the original programmers have the decrypt key to. So all your data is uploaded to a public forum and the hackers pull these files daily and decrypt them. Then they:
- Sell your email address to spammers
- Sell your personal info to identity thieves
- Sell your credit card details to fraudsters
- Share your exploited ftp details with partners who now have write-privilege to install other payloads to your website…
- Then they post teaser code to boards to help other hackers develop better code.
As a webmaster you should always keep a close eye on your security — particularly ftp credentials. FileZilla is one popular ftp client that is taking a big hit because it stores your credentials in unencrypted format. So if you manage 10 websites for clients and use FileZilla for FTP – you could be at real risk. FilaZilla is an excellent Windows FTP client, but please do not store your passwords in it. (Uncheck the “Save Password” box in the FTP profiles and keep a separate encrypted list of site credentials.)
Hope this helps…
There are several ways to Make Money Online with Wholesale Products?
Kelly Asks:
Dwayne – You seem kind of like a guru on the online shopping stuff. My husband and I want to try and make some extra money by doing something online. We both have jobs but we figure we can spend about 3 hours on each weeknight and one weekend day to make a go of selling something on the net. We have a few hundred (maybe $500) to put into it. Can you suggest anything? We see the wholesale and dropship ads all over. Does that work?.
Answer:
Howdy Kelly;
Okay that is a great dream and a nice nest egg to start with. First you’re not going to replace your day job any time soon with a $500 investment, but with a little elbow grease and several weekends you can parlay that into something that will pay a car note and maybe create some mad money to boot.
First while I urge you to look into wholesale and dropship options, don’t just leap into anything just because of a sales pitch. Remember that landing page sales copy can be very persuasive and is designed to separate you from your money before you have time to carefully consider. So look into these options then come back and ask for any further advice once you find one you like.
Also consider novelty. Suppliers for novelty items like sexy panties and gag gifts are also an option.
Wholesale or Dropship products:
These are fun. There are aggregators like Doba and Simplix who you pay a fee to and they give you access to many ‘so-called’ wholesale products. Be careful because they are usually closer to 25% off retail so not really wholesale. Read more…
Stop Complaining and Get Out There and Make Some Money
New unemployment numbers out today and somehow the administration has tortured the figures to show a 9.7% unemployment rate. So of course the argument starts and the complaining continues. It’s hard to have a conversation with anyone lately without the subject turning to no work and lost jobs and what are we going to do? I feel your pain.
But like we talked about earlier, there are still some great ways to make money out there. You can do it on the Internet or you can do it in your home town. For example, one of the coolest ways you can self-employ yourself and work part time while job hunting (if you must) is to set up as a booth, kiosk, or roadside vendor. It’s cheap to get started and you can make some great money.
One very nice company to work with is Moda Sunglasses. They provide nice packs with assortments of high quality wholesale sunglasses you can order and resell for a great markup and still have room to give excellent prices. Check out their site and see the styles and prices and do some thinking about how you could set up to sell these locally or even at online auctions.
Anyway, the world is changing and unless we figure out how to employ ourselves instead of running around trying to fight for the latest crappy job available things are only gonna get worse.