After blogging about my previous web host being slow, I’ve subscribed for another web hosting package for this blog to run smoothly. For the past few days, I’ve been working on this blog to ensure that the web hosting migration will be smooth.

Migration is now done for felixker.com and from now till June next year, this blog will be hosted with FRRO.

Do comment and let me know if anything here isn’t working well. And also, don’t forget to tell me how you feel about this blog.

Read on to find out how I got hacked and eventually defaced and what I did to recover & protect my website.

I was surprised one evening (last year) when I came online and found my blog defaced by hackers. I still remember the page being very simple having big headers “h4ck3d by xxxxx”. Let’s not name anyone in this scene okay.

When I googled my own site, even Google’s Cache shows the hacker’s page. My page must’ve been hacked the night before when I didn’t come online.

How felixker.com got hacked?

As I’m on a shared hosting environment, there were other sites that had security flaws that enabled the hacker to enter through the vulnerability. That was all I know when I told my provider I got hacked, as I wasn’t the only one reporting the issue.

Next, I went into Plesk (Hosting Control Panel) to check Apache’s logs for suspicious activity. This was when I found out that the hacker got in through a neighbouring site (on the same host) and placed a php backdoor script in my site. Next, he renamed my index.php to index2.php and placed his own index file (that contained those hacked messages).

I looked up the IP address (on apnic.net) I saw along with the access records and identified that the IP belonged to Indonesia. Not surprising at all.

How I recovered my blog?

I don’t have much files inside my public folder, so all I got to do was to browse around my folders through FTP and identify those files I didn’t add. After that, delete all them to prevent the hackers from being able to access my site through the backdoor.

Other than that, I set all folders I don’t need to 644 permission.

Hacked second time!

I thought I was smart by removing all the files and no one could use the backdoor to play pranks. I was wrong.

The hacker went back to the main site that could be exploited, replaced the backdoor file on a different folder and put back the same hacked message.

I had to contact support regarding this to have them help out. They took down the affected sites and removed the exploits before putting the sites online again.

Prevention

I shall share some prevention tips whether you’re on shared or dedicated environment.

1. Update your softwares regularly! There shouldn’t be much issues with Apache/PHP these days, but it’s still wise your provider updates the software into the latest stable build.
2. Make sure you’re not running out-of-date PHP softwares! If you’re using any CMS programs, check the program site regularly for updates and tips on security. It’ll do you good in the long run. You’re likely to encounter less bugs too.
3. CHMOD folders and files to 644 when not needed to modify/create files. Unless your programs need to create files inside any folders, don’t leave them as 777. 644 is always safest. FTP into your host now to change the permissions. Don’t invite unwanted files.
4. Secure your passwords. That could be the weakest link. When your login details are too easy, e.g username:admin password:password. Its always wise to use a password with 8 or more characters and should be alpha-numerical!

You can also attend a Complimentary Workshop on Cybersecurity if you’re interested to learn more about security..

There are many tips, but I can only think of 4. What can you share with me with regards to hacking and prevention?