Blogging about scripts

Valuable lessons for webmasters

Passing more than 2 months since I got most of my sites hacked, I’m still dealing with its direct and indirect effects.
Anyway I’m not going to give up, instead I’m going to share my experiences with other webmasters, hope it prevents someone from being in such horrible situation.

Lesson 1: Keep all your scripts up-to-date and subscribe to receive security updates.
I don’t think it needs any more explaination! I love open-source free scripts like WordPress but there is also a huge disadvantage in them; When a bug or security hole is found, it becomes public in close to no time.

Lesson 2: When possible DON’T store all your sites under the same ftp account! Some web hosting providers like DreamHost let you create unlimited ftp usernames and host each domain under an individual ftp account. This way, in case someone break into one of your sites, the rest will be safe.

Lesson 3: Once a while, briefly check the log file reports. You may get surprised finding some hackers/spammers footprints, trying different methods to find their favorite backdoor. There is also worse situation which they’ve already sneaked in and uploaded their own script or modified yours for their purpose. Either way, checking log file report will show you all the requests served. Remember, tag based/Javascript based reports show only activities on the pages tagged with the tracking code and not all the pages.

I think that’s enough for now :)
There is a huge checklist to keep in mind but in my idea, these 3 are the most important ones.


No comments

No comments yet. Be the first.

Leave a reply