The Day My Blog Was Hacked.
It started, as these things so often do, with web content of dubious taste.
I logged onto my blog and the “loading” bar at the bottom of the page showed my browser was trying to pull in content from an Eastern European adult web site.
Slight panic.
I managed to log into the management console, and I couldn’t post new content. When I tried to add tags, the page disappeared. Nothing worked.
Okay, major panic.
My self-hosted Wordpress site had been hacked. I didn’t have a clue what I’d done wrong, how to fix it, or whether the site could even be rescued.
In the end, a writer friend who works as a Wordpress security consultant in her spare time (as you do) sorted the site for me. She fixed everything and told me lots of things about read/write access, updates and Trojans that, frankly, I didn’t fully understand.
The lesson I learned is that you don’t have to actively open a door for your blog to be vulnerable to attack – sometimes just not tweaking settings, or applying updates, can be enough for a hacker to add malicious code to your site that could redirect your visitors to another site entirely, or steal confidential information, such as passwords.
It’s not just hacking that can you should be aware of, either. Bloggers can make themselves vulnerable just by sharing too much information. I still snigger (guiltily) at a blogger friend who once posted a picture o himself outside his house, as captured by the Google Streetview camera.
A week or so later, he blogged about the shiny new wireless network he was installing in his house, explaining how it was connected to all his home entertainment systems and mobile devices. The next night, he blogged about how his house had been burgled while he was at work, and all his kit had been stolen. It’s a cautionary tale – life’s risky enough without advertising your home and belongings to burglars.
To help you avoid this kind of experience, BitDefender has put together a guide to the key security risks faced by bloggers, with some advice on how to protect yourself and your blog from attack. Feel free to check it out in the Resources section by clicking the link at the top of this page.
As the man on the telly used to say - be careful out there.
Sally
I logged onto my blog and the “loading” bar at the bottom of the page showed my browser was trying to pull in content from an Eastern European adult web site.
Slight panic.
I managed to log into the management console, and I couldn’t post new content. When I tried to add tags, the page disappeared. Nothing worked.
Okay, major panic.
My self-hosted Wordpress site had been hacked. I didn’t have a clue what I’d done wrong, how to fix it, or whether the site could even be rescued.
In the end, a writer friend who works as a Wordpress security consultant in her spare time (as you do) sorted the site for me. She fixed everything and told me lots of things about read/write access, updates and Trojans that, frankly, I didn’t fully understand.
The lesson I learned is that you don’t have to actively open a door for your blog to be vulnerable to attack – sometimes just not tweaking settings, or applying updates, can be enough for a hacker to add malicious code to your site that could redirect your visitors to another site entirely, or steal confidential information, such as passwords.
It’s not just hacking that can you should be aware of, either. Bloggers can make themselves vulnerable just by sharing too much information. I still snigger (guiltily) at a blogger friend who once posted a picture o himself outside his house, as captured by the Google Streetview camera.
A week or so later, he blogged about the shiny new wireless network he was installing in his house, explaining how it was connected to all his home entertainment systems and mobile devices. The next night, he blogged about how his house had been burgled while he was at work, and all his kit had been stolen. It’s a cautionary tale – life’s risky enough without advertising your home and belongings to burglars.
To help you avoid this kind of experience, BitDefender has put together a guide to the key security risks faced by bloggers, with some advice on how to protect yourself and your blog from attack. Feel free to check it out in the Resources section by clicking the link at the top of this page.
As the man on the telly used to say - be careful out there.
Sally
Views: 0
Comment
-
Comment by Matt Hicks on May 26, 2010 at 7:29am -
Hi Alex,
Thanks for the comments. In the coming weeks we're going to be building up resources on many different aspects of Internet/ IT safety - if there's something you'd like us to work on in particular just drop me a line.
Here at BitDefender we offer a free scanner too - and always eager to hear feedback, good or bad, on how we measure up against other programs.
Best,
Matt
-
Comment by Alex Walsh on May 26, 2010 at 6:40am -
I'll have a read of that guide. Whilst its interesting to note that trojans, keyloggers, virii etc can all compromise your machine and either provide a load of saved passwords to someone or put your machine in a zombie botnet, by far the most common way online stuff is compromised is by social hacking.
Symantec did some research that showed 40% of people had shared a password with a friend, and that's even before people pick stupid passwords or use the same password for everything.
An interesting recent security paper showed the two most common online passwords were 123456 and....................... 12345. The most common alpha password was "password" and the most common alpha numeric was "123abc" (taken from an analysis of 32m passwords hacked wholesale from a social networking site). It's small wonder people get hacked really.
Making sure you're running an up to date virus scanner like MS Essentials, Nod32 or Avira (two of which are free) is the easiest thing to do, and always making sure that a link you hover over shows the same address in the status bar as the link (ie if it says hsbc.co.uk but the hovering shows you're being directed to homebanking.hsbc.co.uk, you're being directed to a phishing site thats going to steal your login details).
© 2012 Created by BitDefender.
Powered by 
.
You need to be a member of Safer-Surfing to add comments!
Join Safer-Surfing