ArJ.uNo

As the cyber space is inviting tons of people everyday, its becoming a HotSpot for people with negative mind also. That’s the only reason why thousands of tragedies happens everyday.

However security professionals are tightening the web to make it more secure, still many people are able to bypass it(its a simple CAT-MOUSE game between the both).

Recently on my site www.mywebstay.com, my whole directory got hacked by some”HackeD BY HaMaDa SCoOoRPioN”. I was worried and thought that I lost my site. Luckily, I found that it was a minor file replacement that occurred by Mr. HaMaDa SCoOoRPioN, on my index.php file(of my wordpress installtion) and changed it with another index.php file(that I had on my backup)

========================================

[root@gator1171 /home/mydirectory/public_html]# stat index.php
File: `index.php’
Size: 3834 Blocks: 8 IO Block: 4096 regular file
Device: 811h/2065d Inode: 618856449 Links: 1
Access: (0644/-rw-r–r–) Uid: ( 766/ mws) Gid: ( 766/ mws)
Access: 2010-01-26 23:15:48.000000000 -0600
Modify: 2010-03-30 13:25:35.000000000 -0500
Change: 2010-03-30 13:25:35.000000000 -0500

========================================

However I had my hosting provider HostGator.com involved on this, so I wasn’t able to analyze much on this issue as they took even less than 5min to solve this problem(voila HostGator’s support rocks).

MyWebStay.com is a target to Hackers and Spammers and it get attacked by hackers 4 to 5 times a day, but still is up almost everytime due to its good permissions and settings.

This was the first and only time(in history of its existence) that it got hacked by someone, well I will try my best to not get it handed over to foolish people.

Well is you are one of those who were stucked up in this do the following immediately after everything works fine:

The permissions on your public_html directory were set incorrectly to “755”. This is insecure and allows certain files on your account to be compromised. This should be “750”. I have restored the effected files. To secure your account further, please take the following steps:

1. Change your WordPress administrator passwords.
2. Change your WordPress MySQL database passwords.
3. Set the permissions for the “wp-config.php” files to “400”.

This would reduce your chance of getting into trouble afterwards.

For safe keeping “The “public_html” directory should be set to 750. All other directories are safe at 755. All files should be set to 644.” Never set the permissions to xx7(this can be the biggest mistakes dome by you) or xx5(this would be the second biggest mistakes, as it gives full access to public to do anything on your site.

About security of MyWebStay.com and its uptime:

MyWebStay.com is backed up by 6 server(presented and different locations) just for the purpose of linking it to the major server and the site is then hosted on 2 different servers(of different location) to provide non-stop services to its users. Also this site has 6IP’s just for the purpose of safeguarding one installations from other(as this site has many software installed) and reduce the downtime caused due to “Bad Neighbors”.