Religious websites getting Hacked — some solution
Tech Stuff August 21st, 2006
Recently there has been major hack terror attact by some Muslim militant outfits attacking a lot of Religious as well as social websites in United States. Our New Vrindaban community website got hacked hence my service provider provided me with some of the vital steps to prevent that. This mornign I saw that iskconnews.net - an unofficial ISKCON news provider, also got hacked and thus I called Mr. Madhva Ghosh to let him know whats happening and he suggested to me that I should blog this solution on my site. I hope it may help you all too.
Most account compromises are initiated by using a remote command inclusion vulnerability within an existing web application. This issue was likely the result of poor or lack of security on the part of one or more user accounts, including shared or weak passwords, insecure permissions on important configuration files ( allowing full read access globally ), and other factors. Please be sure that the following steps are taken to assist in preventing further intrusions:
-Perform a complete audit of your account and applications. Ensure that all content available was made available only by yourself and that any information, including applications login credentials that don’t match up are removed.
- Any PHP scripts should be chmod 600 at the very least. Any PHP scripts that contain important information, such as MySQL database connection information should be chmod 400. By default these files are likely permissioned to 644 which will allow global read access to the file by any user on the system.
- Any applications that are connecting to MySQL database should be doing so with their own individual MySQL database login credentials. Never should a set of credentials be recycled or used elsewhere. You should also avoid using your system username and password as an authorization point for these applications.
- Passwords should be 16+ characters in length and contain a mixed case of letters and numbers and should be modified on a regular basis ( twice monthly at the very least ). A password should never be used for more than one service or provider, ever!
- Any 3rd party or custom PHP, Perl and other web applications should be kept up to date at all times. Subscribe to the software vendors security or update notifications mailing list. If an application is no longer required or in use, remove it completely. Disabling the application is not always a sure fire means of disallowing intrusion attempts.
If you have trouble keeping track of your passwords, you may want to look into using a solution such as the following, which I personally find to be quite useful in both generating passwords and securely saving these details: http://keepass.sourceforge.net/
Wordpress owners: Please update your word press to the latest security fix version. The latest stable release of WordPress (Version 2.0.4) is available here for download.
About
Haribol! I’m very pleased to encounter your site. ISKCON news should be back up in the next day or two. I’m rebuilding the server using xen virtualization, as well as your suggestions, to provide security and redundancy to protect against future occurences of this.
Wordpress has a nice interface, but if it’s not updated constantly it represents a significant vulnerability.
I don’t know if I’d call it a “major hack terror attack” though, or characterize it as targeting specific “religious” or “social” websites, or servers in the US (my servers are not). It’s more of the usual - script kiddies running automated scans to detect servers with exploitable vulnerabilities and then defacing them. Happens all the time.
Dandavats!
Sita-pati das