I put together a lot of marketing strategies that revolve around a corporate website or microsite as a destination for visitors. A lot of effort goes into creating and executing these strategies. So you can probably imagine the anxiety I went through when one of the sites I manage was hacked. I was on the phone with my hosting company, Rackspace Cloud and they walk me through the steps of cleaning out the injected data, getting the site back up and running and finding the vulnerabilities. I thought I had taken the proper steps to protect the site, but I was wrong and I want to share that information with you so that you can avoid that same mistake.
What areas of your site are vulnerable?
Forms/ input fields:
This is the most common source of an attack. Hackers use form fields as a way to inject malicious code into your site or databases in an attempt to gain control of, destroy or steal information. (Like customer credit cards)
FTP:
(File Transfer Protocol ) is how you transfer files and folders to your server. If hackers can find or guess your password they can have complete control of your servers.
Files and folders:
If a file or folder has the wrong permission settings a hacker can copy, overwrite, or delete it.
File Permissions: Thats how they got me
Without getting into the details, there was a single file with the wrong permissions. This file was found and rewritten so that it would inject other files with malicious code. That one file opened the entire site up to the hacker! I didn’t think it was an issue because this file was in a folder that wasn’t linked to anything on the public site, so I didn’t think anyone would ever know it was there. I couldn’t have been more wrong! Luckily, I was able to catch it earlier and the most damage it created was a small down time to the service.
What the heck is CHMOD?
CHMOD is a Unix/Linux shell command used to change permissions on files and is an abbreviation of “Change Mode”. ¬†The permissions say who can do what to the files and folders on your server. These permissions are usually represented by three numbers like (644) or (777). Each column represents the access level for a user. The first number shows the access level of the “owner” of the file, the next represents the “group” ¬†and the final column is “public”.
What the numbers mean:
- 7 = read, write, and execute
- 6 = read and write
- 5 = read and execute
- 4 = only read
- 1 = only execute
- 0 = no permissions
So a file with the last digit of “7” means that anyone can read write or execute that file.
This is how I fixed it
Folders:
Since I don’t want anyone in the public to be able to add files to my directories I changed all of the folders to 755. The “owner” is the only one who is allowed to read, write and execute the directories, while the rest of the world is only allowed to read and execute those directories.
Files:
Since I don’t want anyone to be able to write to a file or execute it I am going to make sure all of the files have 644 as their file permissions. That means the owner can read and write but the public can only read. Since executable files like PHP are read into memory and then interpreted, they don’t need to have executable permissions.
What kind of measures have you implemented to safeguard your website?
Image by: Zach Klein