Site Hacked? What its All a Bot
A client recently reported some strange entries in their website statistics referrer logs. The entry was from a bot probe by a nasty outfit that is up to all sorts of evil malware stuff. The issue did raise a good questions about the security of sites and what even novice webmasters can and should do to protect themselves from site compromise.
Bot probes from a slimy outfits are common. Properly secured systems will block offending IPs but the attacking bots switch IPs all the time. This form of vulnerability probe or referrer spam is very common — just like email spam. We do everything we can to prevent it but that does not stop the evil bastards from trying… all the time.
This is why it is so important to have a strong password and to change it every few months. You should also look around in your site file structure frequently for things that don’t belong — like .c files or .exe files or even php files that you did not install. I recommend you check your site once a week for this kind of activity.
Remember, no matter how secure our servers are, your website is an open door to the world and malware developers have a powerful monetary interest in gaining control of your server resources to make money. The days of malicious teenagers gleefully scrambling your home page and laughing through a mouth full of hot pockets is long gone. Hacking websites to install malware is serious (and big) business.
So it’s also up to you as a webmaster to make sure you don’t let these demons in the door.
By the way. Take care which backlinks you click on while scanning your stats reports. That is one way referrer spam works. The malware developer creates an attack routine and embeds it in a web page. Then they deploy botnets to spider websites constantly — leaving nice little fake ‘visitor’ entries in the log files and stats. Then if you click on the link to see who visited you the malware site hits your machine with a payload. Even though you may have a great antivirus / antimalware program, pages can be constructed in ways to overwhelm your computers resources and tie up your system as the payload is being installed.
It’s a jungle. Don’t let your website become part of the food chain.
As always we’re, At Your Servers
Dwayne