Stand Out Blogger -

Blog Security Info From An Expert I by no means can call myself a blog security expert. With This 90 Page Tutorial You’ll Systematically Be Walked Through Each Step It Takes To Lock Out The Bad Guys So You Can Protect Your Profits. WordPress Security Blog Lockdown

The last two days have been incredibly hectic for me after I found out that my reseller account with HostGatorhas been hacked by this annoying back phishing scam people!

It started off with an email from a company that Lloyds Bank had contracted to assist with anti fraud and security, which went something along the lines of this:

It appears that your website has been hacked by a fraudster. It is now hosting a phishing attack against Lloyds Banking Group plc
Please remove the fraudulent folders/files as soon as possible and secure your website as it has been compromised.
Please note that it is possible that the fraudulent content is embedded in your website’s legitimate files.

http://www.website.com/halifaxonline/halifaxonline/formslogin.asp.html

In addition, please send us any source files of the attack.
Please let us know if you have any questions or need further assistance. We appreciate your cooperation.

Best Regards,

RSA Anti-Fraud Command Center
RSA, The Security Division of EMC
US Phone: +1-866-408-7525
Email: afcc@rsa.com

As you can imagine my mind started going crazy trying to work out the ‘what, how and why’ or what was going on because I knew this was serious.

I was frantically checking my ftp to see if I could find the files that they mentioned when I started getting about 8 emails from HostGatorall saying the same thing (for my different domains).

Hello,

We have received complaints of a phishing site being hosted on your site as referenced above. Upon inspection, we found that a phishing site had been installed on your account. The vast majority of phishing sites are installed by malicious users who have found exploits in scripts previously (and legitimately) installed on the account. We have taken the above actions to prevent further malicious activities. Please make sure to update your password to something more secure at this point and to update all the scripts/plugins on your account to the latest version.

Your new account password is: (removed)

The following malicious scripts have been removed from your account:
./hsbc.zip
./hsbc
./hsbc/files
./hsbc/files/user-prefs.js
./hsbc/files/util.js
./hsbc/files/btn_view_demo_dgrey.gif
./hsbc/files/logging_data
./hsbc/files/logging_data/c
./hsbc/files/optimise.js
./hsbc/files/090615_btoffe_b_len_cre_sa_490.txt
./hsbc/files/btn_lgon_g_red.gif
./hsbc/files/default.js
./hsbc/files/header-base01.css
./hsbc/files/logo-on-white.gif
./hsbc/files/sidebar.css
./hsbc/files/header.js
./hsbc/files/print.css
./hsbc/files/top_section.js
./hsbc/files/continue.gif
./hsbc/files/idvFieldsValidation20071023.js
./hsbc/files/ExitPublicFusedSite.js
./hsbc/files/logging.js
./hsbc/files/p2g_piblogon.js
./hsbc/files/hw.js
./hsbc/files/nav_logon.gif
./hsbc/files/default_002.js
./hsbc/files/content.css
./hsbc/files/Styles.css
./hsbc/files/Styles_002.css
./hsbc/files/form_utils.js
./hsbc/files/btn_fom_dgrey.gif
./hsbc/files/pr.js
./hsbc/files/logging.htm
./hsbc/files/onlinesavings.css
./hsbc/files/logging-code.js
./hsbc/files/0510wealth_v8_240.gif
./hsbc/files/generic.css
./hsbc/files/ib.css
./hsbc/files/bottom_section.js
./hsbc/files/icon_help.gif
./hsbc/files/3103savings_obs_v1.gif
./hsbc/files/menu.css
./hsbc/files/mdghsb_personalinternetbankinglogonpage_10.gif
./hsbc/index.htm
./hsbc/details.php
./hsbc/confirm.php
./email
./email/wp-config.php
./email/error_log

Warm regards,

Christopher D.
Level 2 Internet Security Division
866-964-2867 (General Support)
281-476-7801 (Abuse/Security Fax)

This made me freak out further, but also told me two things:

1. Obviously it was something to do with WordPress (because that is the only script I run on any of my websites.
2. HostGatoris brilliant.

Since HostGatorhad deleted all the infected files (and I went and checked to make sure), the first thing I did was go and change all my passwords (hosting and WordPress) then open up the big G (Google) and start searching for increasing security in WordPress.

My Tips For Beefing Up WordPress Security!

1. Make Sure You Have The Latest WordPress Install

   In my research I found that a lot of the upgrades have security fixes and hackers target websites that are using older versions of WordPress. Since a couple of my websites using WordPress are normal company websites – I never thought to update them!

2. Don’t Use The Default ‘Admin’ User

   This just makes it easier for hackers to guess a password. Probably not the most important thing, but something that will definitely make it harder for some hackers.

3. Install Some Security Plugins

   Like insurance, security is something that you never think about until you need it. And this is what happened to me. I had no idea there were so many great plugins that you could get that would beef up your WordPress and make it much harder for hackers.

   Here are a  few I recommend:
   Login Lockdown
   Secure WordPress
   WordPress Antivirus
   WordPress Firewall

This should go a good way to preventing successful hack attempts on your websites!

Why I Love Host Gator!

When I was doing some research on how to fix my problem I found countless website owners from other hosts who mentioned how the first thing they new about their website being hacked was a letter from their host canceling their account.

I am so glad that HostGatordidn’t cancel my hosting account, but instead HELP FIX MY PROBLEM and point me in the right direction of how to stop this from happening again.

This is the sign of why HostGatoris one if the best blog hosts!

The good news is that it seems to all be sorted out, and while I can’t guarantee that doing these things will prevent your WordPress blog from being hacked – the more you can do and the more security flaws you block up, the more you will deter people from trying!