[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: my wife's website was hacked
- To: silug-discuss@silug.org
- Subject: Re: my wife's website was hacked
- From: Nathaniel Reindl <nrr@corvidae.org>
- Date: Sun, 9 Sep 2018 17:07:44 -0700
- DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=corvidae.org; h=content-transfer-encoding:content-type:date:from:in-reply-to:message-id:mime-version:references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=mesmtp; bh=cgHJbsdo1QkXbopWblyQoZgO5vUB+Am9CNZVmhxoxrA=; b=hu1xFQkNzcXXR3Wjpg1UosfefRcDHnef7Th39FsNFoRAQZ4IpDnpI2UQXMGwFiY6ets0RuO0Vp6c9KVNEjnRTDcGpJCfw/lI0t4MR8Ua+UkE6N9iszLbDa2g1suxt1qASKKHRHHAcXKlzJOU+Eu+1k/b+8gFK9YYMAtA9J+nVwA=
- DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=messagingengine.com; h=content-transfer-encoding:content-type:date:from:in-reply-to:message-id:mime-version:references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=cgHJbsdo1QkXbopWblyQoZgO5vUB+Am9CNZVmhxoxrA=; b=MFjEeFFNxQp2MhAsKtDrNOhnZ2bH15UxNC5+i7Q0XL+mCO/ByfFzyIiC6lPToQDyhk1vnFK4Jdn81yKufqyFM2Q7mkuhMxo8JSoJqxxL5yAh5bJNpgg01eGqoqk/JvKtUN8VCk/1ZHyNcU7j/RYJK8IePvUVorQNfXMJvhuMRX38D4DGMvQS0meyQvh0ieutXPa1mm12zVVG3XwRlfA/1L3MKr1TAuRQS189bi/7qJk1O8DlOzPY+9uRodPLadz62G9PQMt8z19L36xhf7P3vUYqI1+JWLDZC0hoCU3aXjbxMwiBrko51neYTj5NkSFt7ms34hN1shZSka3kLkzwuA==
- In-Reply-To: <CAKvFd2u8p_yEVdtCpNj6Z=rfcrMQDbOTDXw2gExFpb5Nmf=aBg@mail.gmail.com>
- Organization: Southern Illinois Linux Users Group
- References: <BN6PR01MB2419B8425EED6B63303ABE18C6070@BN6PR01MB2419.prod.exchangelabs.com> <CAKvFd2u8p_yEVdtCpNj6Z=rfcrMQDbOTDXw2gExFpb5Nmf=aBg@mail.gmail.com>
- Reply-To: silug-discuss@silug.org
- Sender: silug-discuss-owner@silug.org
> On Sep 9, 2018, at 06:09, Andrew Bauer <knnniggett@gmail.com> wrote:
>
> So this was all about creating bogus links to get people to click them, which in turn, I suppose, would somehow get the attacker paid for people clicking on the ads? I'm uncertain what the benefit is exactly, but I don't have the mind of someone like this.
It’s actually a somewhat clever exploit of SEO as well. Building that sitemap makes those pages reachable by spiders—noting well that weblogs prohibiting crawling via robots.txt is exceedingly rare—and hence also searchable on search engines like Google.
You’ve doubtless had a search or two filled with some of those noisy results that are a lot less content and more collections of keywords. They’re most often for things like what you’d often find on Pinterest.
Same idea.
> It's still a mystery how exactly the attacker gained access to her site. Her passwords have been changed of course.
With Wordpress, it’s extremely hard telling. It could be a weak password, or it could be an exploit of some too-permissive configuration options in Wordpress, or it could be an outright exploit in the software, hardened or not.
If you and your wife are keen on sticking with Wordpress and evading these kinds of attacks in the future, you do luckily have a couple of options. Unfortunately, neither of them are particularly great.
If you’re wanting to be less hands-on: Wordpress.com is probably your best bet in terms of hosting. I’m not familiar with how pricing or any of the business-side concerns work, but this was the only way we used Wordpress when I was at Turner Broadcasting. The software’s security track record was otherwise something that my small production engineering team couldn’t keep up with when also considering business demands.
If you don’t mind the slightly-more-than-occasional sharp edge: There are a couple of really good security/hardening articles online, one of which is by Cloudflare. (I’m mobile; otherwise, I’d link it here.) This will take time and a bit of knowledge about how to conduct some penetration testing on your own to get it right, but it can be a rewarding project if you can keep on top of what it means to be hardened in the context of Wordpress.
Sorry to hear that you got hit with this. Hopefully, it becomes and remains merely a bitter memory from this point forward. Happy hardening! —n
-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.