Blog for hpHosts, and whatever else I feel like writing about ....

Tuesday, 1 June 2010

Site owners: Are you listening?

I come across hundreds of malicious sites each day, both compromised sites, and bad guys sites, and send hundreds of abuse reports each day for them.

This morning, I received a rather strange e-mail from one of the hosting companies I'd sent an abuse report to, an e-mail with the following content;


Can you give me the ticket number of the tickets you have opened regarding the past?

"It is a little frustrating that I have been asking for help and opening tickets
about this IP get blacklisted and you folks check it out and say there is
nothing wrong."

I have looked through your history and unable to find anything.

Thank you.

The problem of course, is that the host had actually meant to send this to the site owner, and not to myself (and because of this, I'm not going to mention either the affected site, or the hosting company, as it was a genuine mistake on the hosts part).

The issue here, is that the site owner has obviously had his site taken offline by his host, on more than one occasion, and a quick look at the sites source code quickly told me why - he/she is STILL running WordPress 2.8. This version of WordPress is now VERY out dated, and very insecure, and is the cause of the sites constantly getting compromised.

This points to the "post of the bleedin obvious" that we keep reading - site owners are not taking care of their sites, and keeping the software they're running, up to date. In this case however, the site owner is building sites for other people. If he/she can't even keep his own site up to date and secure, how on earth are his customers going to know whether or not their sites are secure?

Now for the rest of the "post of the bleedin obvious" - a message to ALL site owners out there, that are reading this. If you're not ensuring any software your websites server is running, is kept up to date, then your site is seriously at risk of being compromised. This does not just cover any CMS/blog software, but server-side stuff such as PHP/MySQL/Apache etc etc, and for those that don't have server access, make sure you're hounding your hosts to keep this stuff up to date for you (there's no excuse for their not doing so, and if they refuse or say they can't - move the site to a new host).

If your site is compromised, and you need help, feel free to come over to the Malware Domain List forums, and we'll help you out (for free of course);

[INFO] My website has been hacked, what do I do?

No comments: