Keeping Your Site Secure
I have been active on the internet long enough to know how serious the constant threat of hacking can be. Due to my involvement in several online movements, controversial petitions and day-to-day website administration I’ve experienced my fair share of targeted (and random) hacking.
My Experiences:
Sims Central Forum:
This site, running Simple Machines Forum has been hacked twice since I have operated it.
The first time:
The first time was a random spam injection by either a bot or script kiddie, the site was running an outdated version of SMF which was vulnerable to the attack.
The second time:
This was a targeted attack from a group of criminals that I managed to upset. They acquired my password (since I was foolish enough to use the same password on another site.) Once they got access they deleted the entire database, theme and managed to lock me out of my website with an IP block.
Photobucket:
Someone managed to gain access to my Photobucket account around the same time as the second attack on my forum. They executed a script that was able to delete all my images and replace them with disgusting pornographic images.
Luina Sims
My first ever website for The Sims 2 game series. This site experienced a minor downtime on day as somebody attempted to download the same file 2000 times within a single hour. Eventually the server kicked them off, as it figured 10gb of bandwidth is too much for a single person to use in such a short period of time.
That Sounds Sucky, How Do I Prevent It?
Knowing that hacks really do happen, now would be a good time to beef up security measures on your websites and accounts. Here is a few general tips that are essential for owners of any site.
- Use a different password for you admin accounts than you do anywhere else. Almost all attacks on websites involve acquisition of passwords from other sites that have been exploited. Ensuring the uniqueness of your admin account password is essential.
- Follow the Highlander rule – the fewer administrators you have the better. You may trust the people who moderate your forum or website, but that doesn’t mean they don’t have an agenda. I can think of at least 5 attacks on people I know that were inside jobs within the last two years.
- Make sure your forum/CMS/blog software is updated frequently and always running the most recent version! The developers of popular website scripts, such as WordPress, SMF, phpBB, VBulletin, MyBB, Joomla and Drupal update their code frequently to protect against known vulnerabilities. If you don’t patch your website you leave yourself very vulnerable to attack.
- Keep hacker-bots away from your sites using blacklists like “BotScout” and “Akismet.” These systems compile enormous lists of millions of spam/hacker bots and stop them from accessing your website.
- Backup your site databases and all your files regularly. This is the most important step! Keep a copy on your local computer and update it frequently. For added super-paranoid protection, keep a second copy on a secure file upload site such as Windows Live SkyDrive, Box.net or on an external hard drive in a bunker resistant to nuclear warfare. Backup! Backup! Backup!
- Ensure that hackers aren’t reading your keystrokes. A key logger is a small program that monitors your computer and records when you type something. They could be stealing bank account details, passwords or even important letters to mother! You should make it a habit to scan your computer regularly for spyware using a free product such as SuperAntiSpyware or Ad-Aware. You should also make sure you are running an up-to-date Internet Security application.
