If you have a web hosting account, manage a website or blog, you really need to be aware of the security of your account.

Detection

Look at your server logs, statistics or analytics. Are there files you don’t recognize that are getting a lot of traffic? This indicates someone may have planted some fake websites on your server for the purpose of scamming and phishing. These people are very clever and devious, to the point of using content from other successful sites that many people legitimately search for and get high page ranks in the search results, even more than your site.

Look at the files on your server. Search for the same directory or file names that looked suspicious in your logs. Check for other folders you don’t recognize. If you find any, look at the files to determine if they are yours or if they are unauthorized files planted by someone who has gained access to your FTP account. A word of CAUTION; make sure you have a good antivirus and malware program running on your computer. The contents of some of these suspect files are likely to contain malware. I thought I had found all the bad files in a recent incident. However, as I began to download my site for backup, my antivirus program (BitDefender) caught and quarantined a trojan horse.

If you even suspect an unauthorized person has access to your FTP account, change the account password immediately and make it a really strong password.

Contact your web host provider so they can help you find and safely remove the files planted by the people who hacked your account. A good hosting company will have a way to scan for problems.

Prevention

If you use scripts or other web apps on your site, update them to the latest version available. Many blog applications and content management systems are based on PHP and MySQL that may provide hackers an avenue into your site. It’s a little extra work that might just save you a lot grief. Hackers like to get the biggest bang for their buck (don’t we all?). That’s why they target the most widely used products, like computers that run Windows. The same goes for products and services that are widely used such as popular blogging apps, content management systems, and social networking sites.

Minimize Impacts

Backup your site regularly; files and database. Backup the files on your computer.

Be careful when implementing free, third party scripts. Do a little research and determine if the script is widely used successfully without problems. Sometimes, free scripts are not written to eliminate vulnerabilities to hacking.

Limit access to your FTP account to your IP address. If you use a shell app to access your server, use the SSH protocol if possible.

Secure your own computer. It’s quite possible for malware to get into your computer. Consider this scenario. A trojan virus infects your computer undetected. It phones home and installs a key logger. Now, everything you type on your keyboard is recorded and available to the bad guys, including your user names and passwords. It should go without saying, use good antivirus software, keep it updated, and scan often. Keep all the software on your computer up to date also. This is especially most important to computers running Windows.

If you’ve ever had a server or site hacked, share your experience in the comment section below.

You’ll find this article on the USA Today website very interesting and educational.

http://tinyurl.com/5olver

Then take a look at the blog post I wrote back in November.
http://www.cultivatedweb.com/blog/category/online-security

It’s about rootkits and provides links to some of the preventive measures and tools you can use. Here’s what I’m using on my PC now.

Signature Based AntiVirus: BitDefender
http://www.bitdefender.com/PRODUCT-2216-en–BitDefender-Antivirus-2009.html

Behavior Based AntiVirus: Threatfire
http://www.threatfire.com/

COMODO Firewall
This is a great firewall. It monitors inbound and outbound network traffic, unlike the firewall in Windows that I’ve read only blocks inbound traffic. Think about it. If you get a virus that tries to phone home, the Windows firewall may not stop it or notify you of it. Firewalls must monitor outbound traffic too. But COMODO is almost too good. it also monitors program behavior. I get a lot of warnings about legitimate programs creating files, trying to launch another program, or accessing memory. Maybe I just have not configured it adequately yet. I suggest you may want to consider a less technically demanding firewall. Take a look at the firewalls reviewed at Top Ten Reviews and see what’s available for free at Download.com.
http://personalfirewall.comodo.com/download_firewall.html

As I mentioned, keeping ALL your software updated is an important step to thwart malicious software. I use Secunia Personal Software Inspector.
http://secunia.com/vulnerability_scanning/personal/

I’m also running a program from TrendMicro to detect bots like the Conficker virus that’s been in the news. It’s called RUBotted.  Still in beta and free but has not caused problems. Although, it does seem to be giving me a false positive on the 404 error pages (the page that you see when a page doesn’t exist) from sites hosted with IX Web Hosting. I’m working through the problem with IX and TrendMicro.
http://www.trendsecure.com/portal/en-US/tools/security_tools/rubotted

Read a review here:
http://blogs.zdnet.com/security/?p=802

Finally, read this series of pages on “Ten free security utilities you should already be using”.
http://content.zdnet.com/2346-12691_22-95490.html

This is a ton if info so take your time to work through it and be a responsible internet computer user. The fact that I’m still using these programs after about 6 months and don’t have any problems (as far as I know) is my testimonial and recommendation.

Mitch

If you’ve never heard of rootkits let alone what they are, now is the time to learn. I’ve heard of them before but never really knew how bad they can be. Not only can they hide from many of the most widely used antivirus programs, they can actually start running on your computer before your operating system even starts.

What’s worse is how they get into our computers. Many of the most frequently and widely used programs are the most likely targets of the criminals who spread viruses, spyware, and whatever other kind of program we don’t want, especially the programs that make use of the internet and the web. But why? Why do people make viruses? Do I really need to tell you? They do it for money. And usually their stealing it from our bank accounts and our credit cards. That’s why the bad guys find ways to take advantage of the programs we all use to inject their malware into our computers. And that’s why the responsible software companies figure out how to fix the problems and patch, or update, the software on our PCs. Some of the most common targets are:

• web browsers such as Internet Explorer, Firefox, and Opera, among others
• office software such as Word, Excel, Thunderbird, and many more
• media programs such as Flash, Acrobat, Quicktime, and yes, other.

On top of that, the software that runs on the web servers that deliver the web pages we all love is also at risk of being compromised. Hackers find ways to use parts of the server operating systems (Windows and Linux), blogging software, content management systems, forums, you name it.

What To Do About It

So let me tell you about what “inspired” this post. I recently learned about the Sinowal (also known as Mebroot) trojan rootkit in a couple of articles written by Woody Leonhard on the Windows Secrets website. The first article, “Don’t be a victim of Sinowal, the super-Trojan”, was posted November 20, 2008 and gives a good description of this bugger and how it spreads, infects, and steals your private information, like your bank or credit card account user name and password. Woody’s second article gets down to the business of detecting Sinowal/Mebroot, removing it, and what you can do to minimize your risk of infection.

There are two tools Woody recommends for us to use, F-Secure Backlight and Secunia Personal Software Scanner. Use Backlight to scan your computer to find Sinowal/Mebroot and remove it. Backlight does not need to be installed like many programs. It’s completely self-contained. To run it in XP, just double click it. But in Vista, you need to run Backlight as the Administrator. To do this, righ-click the Backlight icon, and select “Run as Administrator” from the pop-up menu.

Once Backlight is done, use Secunia PSI to inspect the software on your computer to see if it is the most current and secure version available. The advantage of using PSI is that once it finds programs that are vulnurable, you can download and install the updated and secure version with just a few clicks. Without PSI you would have to open every program installed on your computer, check the version, then go to the publisher’s website to see if there’s a more recent version to download and install it. I’ve tried both these programs on my HP Pavilion dv9000 laptop running Windows Vista and was pleased with way they worked. I also ran them on my Windows XP desktop. XP users are the most at risk. Fortunately, Vista seems to be immune for the time being. Backlight and PSI ran just fine on the XP desktop and I was relieved that Backlight did not find any rootkits.

I urge you to read Woody Leonhard’s first article about the Sinowal/Mebroot rootkit for a basic understanding and then look at the second article to better understand how the tools work and how to use them.

Have you ever encountered this kind of problem? If you have, how about leaving a comment to share your experience? Everyone be safer.