{"id":263,"date":"2012-02-25T22:34:58","date_gmt":"2012-02-25T22:34:58","guid":{"rendered":"http:\/\/www.innerquests.netstorms.org\/?p=263"},"modified":"2012-02-25T22:34:58","modified_gmt":"2012-02-25T22:34:58","slug":"hacked-off","status":"publish","type":"post","link":"https:\/\/innerquests.chidakasha.co.uk\/index.php\/2012\/02\/25\/hacked-off\/","title":{"rendered":"Hacked Off"},"content":{"rendered":"<p><a href=\"http:\/\/www.innerquests.netstorms.org\/wp-content\/uploads\/2012\/02\/med040.gif\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/www.innerquests.netstorms.org\/wp-content\/uploads\/2012\/02\/med040.gif\" alt=\"\" title=\"med040\" width=\"210\" height=\"314\" class=\"alignleft size-full wp-image-264\" \/><\/a>Malware problems on several of my websites affected all my php files. This is literally thousands of files. My reaction to this reminded me of an image I saved which says something about how small things can really upset us (maybe computer related things in particular).<\/p>\n<p>This attack has prompted me to look seriously at website security. In addition to cleaning the php files, I&#8217;m getting rid of a lot of old scripts and directories that have built up over many years and are no longer used. A cleaner script found at <a href=\"http:\/\/www.php-beginners.com\/solve-wordpress-malware-script-attack-fix.html\" target=\"_blank\" rel=\"noopener\">php-beginners.com<\/a>, helped me to clean whole directories rather than each php file individually. However I need to address underlying vulnerabilities after I&#8217;ve done the clean up.<\/p>\n<p>I think that my host Dreamhost may have more vulnerabilities than most, also it appears that WordPress has vulnerabilities and WP sites have suffered a number of attacks recently. Dreamhost was recently attacked: <a href=\"http:\/\/techcrunch.com\/2012\/01\/20\/dreamhost-hacked-password-changes-made-mandatory\/\" target=\"_blank\" rel=\"noopener\">techcrunch.com<\/a>. Also there has been some criticism of the way DH handles WordPress installations: <a href=\"http:\/\/www.wpsecuritylock.com\/dreamhost-one-click-wordpress-installed-timthumb-vulnerability-and-security-risks\/\" target=\"_blank\" rel=\"noopener\">wpsecuritylock.com<\/a>. Since the attack came the day after WP installations on NYPO and Netstorms there is a strong likelihood that this is the source of the current problem and I&#8217;m following the advice on the <a href=\"http:\/\/www.wpsecuritylock.com\/dreamhost-one-click-wordpress-installed-timthumb-vulnerability-and-security-risks\/\" target=\"_blank\" rel=\"noopener\">wpsecuritylock.com<\/a> site.<\/p>\n<p>A May 2010 article on <a href=\"http:\/\/www.seoservicesgoa.com\/2010\/05\/malware-attacks-on-php-based-websites.html\" target=\"_blank\" rel=\"noopener\">SEO Services Goa<\/a> suggests that hackers use a complex strategy for attacking PHP based site. The suggestion that all PHP files should be made read only does not seem feasible since there are thousands of PHP files on a site like WP or Joomla site.<\/p>\n<p><strong>Related:<\/strong><\/p>\n<p><a href=\"http:\/\/www.1stwebdesigner.com\/wordpress\/security-plugins-wordpress-bulletproof\/\" target=\"_blank\" rel=\"noopener\">1stwebdesigner.com<\/a><\/p>\n<p><a href=\"http:\/\/www.ait-pro.com\/aitpro-blog\/2841\/bulletproof-security-pro\/bulletproof-security-pro-overview-video-tutorial\/\" target=\"_blank\" rel=\"noopener\">bulletproof-security-pro<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Malware problems on several of my websites affected all my php files. This is literally thousands of files. My reaction to this reminded me of an image I saved which says something about how small things can really upset us (maybe computer related things in particular). This attack has prompted me to look seriously&#8230;<\/p>\n<p class=\"read-more\"><a class=\"btn btn-default\" href=\"https:\/\/innerquests.chidakasha.co.uk\/index.php\/2012\/02\/25\/hacked-off\/\"> Read More<span class=\"screen-reader-text\">  Read More<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[103,67,70],"tags":[],"_links":{"self":[{"href":"https:\/\/innerquests.chidakasha.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/263"}],"collection":[{"href":"https:\/\/innerquests.chidakasha.co.uk\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/innerquests.chidakasha.co.uk\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/innerquests.chidakasha.co.uk\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/innerquests.chidakasha.co.uk\/index.php\/wp-json\/wp\/v2\/comments?post=263"}],"version-history":[{"count":0,"href":"https:\/\/innerquests.chidakasha.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/263\/revisions"}],"wp:attachment":[{"href":"https:\/\/innerquests.chidakasha.co.uk\/index.php\/wp-json\/wp\/v2\/media?parent=263"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/innerquests.chidakasha.co.uk\/index.php\/wp-json\/wp\/v2\/categories?post=263"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/innerquests.chidakasha.co.uk\/index.php\/wp-json\/wp\/v2\/tags?post=263"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}