An unknown error occurred:
DBError
db=/stand/base/analytics/t_user.db&AUTONUMBER=ID
Database file could not be found or opened

Reader's Favorite Nuggets
Recent Hits All Time Matt's Favorites
Recent Reader's Favorites

Our Nugget List

Identifying and Dealing With A Hacked Website

by
Identifying and Dealing With A Hacked Website daily-golden-nugget-1196-18
During my Throwback Thursday Nugget last week, I dug up the old story of bad neighborhoods and how they could negatively impact your website.

The negative impacts I mentioned included slower website response time, potential for server downtime, and lower Google ranking if too many of your website neighbors involve porn, gambling, or E.D. drug websites.

However, the negative impact I personally worry about the most is hacking. When it comes to shared website hosting, it doesn't matter how good your password is because your website is only as secure as the weakest password used by other people on their websites.

As soon as a hacker gains access to one website on a shared web server, they can also gain access to all the other sites on that same IP address.

Unexpectedly enough, during my website review, this past Friday, I found evidence of hacking on the Coffin & Trout Fine Jewellers bog. Instead of mentioning it as part of that review, I am presenting this specific case study today.

Take a close look at this screen grab for the Coffin & Trout blog:
Identifying and Dealing With A Hacked Website 1196-coffin-trout-blog-26
(click to enlarge)

Up in the header, there's a link that says "discounted cialis" right next to the telephone number! That's obviously a hacker's footprint. That link goes to http://georgieandjohn.com/discounted-cialis/, but clicking it, brings you to a dead website.

Following the directions I gave in last Thursday's Nugget, I searched Bing.com for the IP address of the blog, which is 184.168.238.1. Here's the specific link:
http://www.bing.com/search?q=ip%3A184.168.238.1

According to Bing, there are 51,300 web pages associated with that IP address. That doesn't mean there are 51,300 website; it just means that the total number of web pages for all those shared sites is more than 51,000. However, just browsing through the results, I counted at least 36 different sites, but the georgieandjohn.com site was not among them. It looks like georgieandjohn.com moved their hosting to a different server.

I wanted to see how many of these sites on this shared server were also compromised with a "discounted cialis" link, so I searched Bing for this specific query, including the quotes:

ip:184.168.238.1 "discounted cialis"

These are the returned results:

Identifying and Dealing With A Hacked Website 1196-bing-serp1-77

There are 2 other pages in that SERP relating to Cialis:

http://valleyvista.net/discounted-cialis-online/
http://valleyvista.net/cialis-cost-low/

Here's what those two pages looked like:

Identifying and Dealing With A Hacked Website 1196-online-pharmacy1-34
(click to enlarge)

It turns out that the Valley Vista website isn't an online pharmacy, but rather a waste disposal company. Here's their home page:

Identifying and Dealing With A Hacked Website 1196-valley-vista-home-38
(click to enlarge)

Obviously, they have no idea their website was hacked like that. In fact, the hacker is hoping that the website owner never notices.

Digging a little deeper, I then decided to search Bing again with the IP address and only the word Cialis.

The Bing SERP tells me there are 5660 hacked pages on that shared web space. Here's a very long screen capture that I compiled showing 43 different hacked pages that now have the word Cialis on them:

Identifying and Dealing With A Hacked Website 1196-bing-serp2-10
(click to view larger)

Some of those pages include a Baptist Church website and a little league baseball team. In fact, when I tried to click on the website for the Baptist Church, I was given this Bing popup message instead:

Identifying and Dealing With A Hacked Website 1196-bing-careful-86

I also found a few pages in Bing that had already been cleaned up by the website owners. Sadly, those owners probably believe that their website was hacked somehow, and they probably went through the trouble of changing passwords and cleaning all the hacked paged. Unfortunately, the entire shared hosting environment is compromised and the entire server needs to be cleaned up.

If this ever happens to your website, then the best course of action is to move your website to another web server or web host. For the 184.168.238.1 web server I've shown here, it looks like the WordPress installation is compromised. The web host should tell all their clients and move them to a new server in order to reformat and reinstall that hacked server.

This is certainly a tough situation, and the cost to clean it up will be very expensive for the web host, and for every hosted client because it's very tedious.

Bottom Line Thoughts


I don't particularly like the WordPress system because so many people use it and there are a huge number of security holes. Using WordPress in a shared hosting environment like the one shown above is very dangerous.

If you insist on using WordPress then you should have it installed on a dedicated IP address, a Virtual Private Server, or a Dedicated Server. That way you can control the installed plug-ins and the security patches.

The labor cleanup cost for an issue like this will probably be greater than the 12 month cost of a dedicated IP address or a Virtual Private Server.

Also, if you happen to be the victim of this type of hacking attack, don't be quick to blame your web programmer or your staff for having weak passwords. Using the Bing IP address search technique I've shown to see how many other websites are infected. Most likely you are not the original hacking point-of-entry.

Lastly, even if you do clean your website up, there's a strong possibility that you can be defaced and hacked again as long as you stay on a compromised server.





AT: 02/23/2015 07:58:56 AM   LINK TO THIS GOLD NUGGET
Confused and worried about your mobile website options? Click here to find out how to get your own website evaluation and a game plan to make it better.

Like This Jewelry Website SEO Gold Nugget? Please Share!

Like Our Site? Follow Us!


0 Comments on Identifying and Dealing With A Hacked Website

Post a Comment
Name:

Check here for Anonymous
Email

Website:

 
Please contact me at the phone number and address below
Phone Number

Address:

 
Comment:

 
User Verification
1 3 0 9 1 1 1 5
Please enter the number you see in the box.
[ What's This? ]
Sign Up For Emailed Daily Gold Nuggets

"...articles are easy to follow and seem to have information one can use right away."
-Ann, Gallery 4, Hamden CT


"...serious kudos to you. We love your straight talk, pertinent information and plain language. I don't know how many industries have something of jWAG's caliber available, but I learn from the emails every day. Really, really nice work, and very appreciated."
-Cheryl Herrick, Global Pathways Jewelry