Family on Bikes

A Family Cycles from the Arctic to Patagonia

familyonbikes

familyonbikes
Location
Boise, Idaho, USA
Birthday
August 31
Bio
Our family of four (with 13-year-old twin boys) dreamed the impossible dream and reached the unreachable star! On March 21, 2011 we pedaled the final mile to arrive at the end of the world in USHUAIA, Argentina! We spent three years cycling 17,300 miles through 15 countries starting in Alaska to get there.

MY RECENT POSTS

Familyonbikes's Links

Salon.com
MAY 7, 2012 1:29AM

How to protect your website from hackers

Rate: 0 Flag

A while ago my wife sat quietly at her computer, responding to comments on our blog. “John,” she frantically shouted, “something’s wrong with our website. Nothing is coming up.”

I raced to where our files were stored and my heart sank as I sat staring at the directory on our host provider. We had been hacked.

Everything had been deleted and replaced with a single file enticing people to enter their Chase Bank username and password. Dozens of thoughts raced through my mind as I slumped in my chair.

“When was the last time I did a backup?”
“How am I going to fix this?”
“Was anyone compromised by using our site?”
“Was our WordPress database still intact; are the thousands of links still valid?”
“Were the hundreds of hours my wife and I spent meticulously putting captions on the thousands of photos in our gallery all in vain?”

Fortunately the databases were untouched and our host service restored a copy of the backup they took a few days before our site was hacked. Our blog was down for a day and a half but, after an enormous hassle with our host provider, a fifty dollar restoration fee, and some configuration adjustments our site was back to its original state. The only thing we lost were a few comments.

At this point I concluded I must take security seriously or, I should say, much, much more seriously. The entire next two days I spent scouring the web researching web security. I was shocked to learn how many sites have been hacked and overwhelmed by all the different ways hackers can break into a site. The hardest part of the research was sifting through all the advice posted by people who don’t know what they are talking about.

Here’s what I learned about how to protect your site and the solutions I came up with. Maybe our attack can prompt you to take measures to protect your site so you won’t be staring at a blank screen.

If a site is hacked the source of the attack originates from one of three places:

  • The host’s server
  • Confidential information can be intercepted as it travels between your computer and the host’s server
  • Your home computer

Your host’s server

This is a fairly common point of attack. Hackers embed scripts into your code or put harmful files in your site. The code or files could be anywhere or anything: html files, WordPress code, or configuration files to name a few.

I took care of this by updating WordPress and all other programs we are using (which should always be done regardless!). I didn’t just click the update button on the admin dashboard; I saved a few critical files and then deleted ALL WordPress files. I then replaced all the files I deleted with safe, updated files I downloaded from the WordPress website.

The few critical files I saved were visually scanned using a text editor for embedded malicious script and uploaded back to the site, replacing the ones I downloaded from WordPress and the other programs. In this way I’m guaranteed that all harmful files have been eradicated.

I also replaced all the html files with the ones I had on my home computer which I knew were safe.

On another note: your host’s server could be infected and a hacker could gain access to your site this way. There is little you can do about this. Google can let you know how many infections your provider’s server has had which will give you an idea of how safe it may be. Check out this link: www.google.com/safebrowsing/diagnostic?site=YourProvider.com (substitute YourProvider.com with the URL of your provider).

Interception between your computer and the host’s server

Information such as passwords can be intercepted in cyberspace as they are sent from one place to another. One way to prevent this is by encrypting the information using an SSL connection. Since in my case this is a relatively rare occurrence I will look into this only if I get hacked again.

Your home computer

This is the most common way your site can be compromised. Hackers can infect your home computer and then through it gain access to your website. They place malware on your computer which can steal your passwords (and other private information). I spent most of my time dealing with this threat.

The first order of business was cleaning all the malware off my computer. I did this using a free program called Ad-Aware and found over fifty instances of malware. We thought Norton was protecting us, but it turned out it wasn’t.

Since you are never guaranteed to be 100% malware free, critical passwords must be protected. I came up with an eloquent and simple solution to protecting my WordPress admin and FTP passwords using a free program called KeePass.

I also found out that my FTP program, FileZilla, wrote my password to a text file that was vulnerable to hackers. With a simple change to the configuration file, I prevented this from happening. I wrote detailed instructions on how to make this change.

We learned an important lesson by being hacked and have responded by beefing up our security. My hope is that you pay attention to security BEFORE it is too late. If you care about your blog or website, it’s worth the extra time to set up some security features now.

Enjoy this Post? Join 30,000+ Monthly Readers
Don't miss the inspiration!

Subscribe to our
RSS feed
Like us on
Facebook
Follow us on
Twitter

How to protect your website from hackers is a post from: Family on Bikes. Sign up for our monthly newsletter to receive your free e-book: Bicycle Touring with Children; A Guide to Getting Started.

Your tags:

TIP:

Enter the amount, and click "Tip" to submit!
Recipient's email address:
Personal message (optional):

Your email address:

Comments

Type your comment below: