Posts Tagged ‘hacking’
Earlier this month, WordPress users across the world (as well as users on other platforms) fell victim to a massive brute-force attack on their sites.
The hack, or attempted hack, used a large botnet (a network of compromised computers doing the bidding of someone else) to repeatedly try and guess passwords on WordPress sites to gain administrative access to them. From there, the botnets would take over the sites and attempt to integrate them into a new bothnet, one made up of high-powered servers with better connections to the Web.
For most sites, the hacking attempt was pretty harmless. If you don’t use the original “admin” account and have a password that is easily guessed, you were most likely safe from the attack. Rather, the attack was an attempt to cast a broad net in hopes of finding the low-hanging fruit, sites that can be trivially broken into.
But while your site is probably fine as long as you took even the most basic precautions, there were still repercussions. The weight of thousands of attempts to login put a strain on many people’s servers, especially if the server had many different WordPress sites. This resulted in websites slowing to a crawl and even shutting down, including ones not directly affected.
But while the worst seems to have passed for now, there are still some lessons to be learned from it and it’s important to grasp them before the next wave hits.
Because if there’s one thing that’s for certain, there is another wave coming. Read More
It’s Halloween in the United States (and much of the rest of the world). As such, people are gathering together for parties, going trick or treating and telling scary stories.
In that spirit, last week on Performancing I discussed legal nightmares that can happen to you and your blog. Specifically, there were three scenarios that, while sounding like nothing more than legal theory, actually happened to one or more bloggers.
In that spirit, here are five more practical horror stories to keep you awake when it comes to your blog. Best part of all is that I don’t have to give specific examples because each and every one of these have happened not once or twice, but hundreds, if not thousands, of times.
So if you’re wondering about the gruesome ways your blog can be mangled, kidnapped or killed, here are just five of the more common (and more sudden) ways to consider. Read More
Imagine sitting down to your computer one morning and opening up your blog. However, instead of finding your homepage your admin panel staring back at you, you instead see a bright red warning screen telling you that malware has been detected on the site and you are advised not to enter.
The realization quickly sinks in that, if you are seeing that error, so is everyone else trying to visit your site. You begin to hurry and try to figure out what happened but quickly realize that your site has been compromised and, if you’re even able to log in, you have a very big mess to clean up. Worst of all, when you’re done, you have to apply for reconsideration with Google and other security companies and then wait 12 hours or more for the warning to clear off.
It’s a painful process and, in the best of circumstances it can ruin an entire day and, in the worst, it can destroy an otherwise healthy site.
Still, it is an all-too-common occurrence on the Web. Bloggers learn too late that their sites are vulnerable and are left to clean up the mess an attacker leaves behind. That mess could be as simple as adding malware to the site, inserting spam links into the theme or defacing the site but in some extreme cases, it can go as far as to delete everything the blogger has done.
To help keep you, your visitors and your site safe(r) from hackers, you need to make sure your server is secure. Fortunately, it isn’t very complicated but failure to spend the time and energy today can be very costly tomorrow. Read More