1. Home
  2. Forums Index
  3. Local / Foo 9:16 pm May 5, 2026

Forum Moderators: open

Message Too Old, No Replies

Rise Of The Hackers

Must See TV, esp. for webmasters

         

incrediBILL

9:43 pm on Sep 28, 2014 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



I watched the NOVA episode Rise of the Hackers on PBS this week and I highly recommend it just to help you see how hackers find twisted ways into your security:
[amazon.com...]

It's a real eye opener as I knew some of this stuff but they even surprised me with some of the hacks they explained.

All I can say is: WOW

Anyway, it reminded me of a real world hack that happened to a customer of mine when we were hosting their ecommerce sites a few years back.

Credit cards used on their web site kept showing up used elsewhere, often very soon after the purchase from their site, and we're talking LOTS of customers, not just a few.

Like all of our ecommerce servers, everything was hardened to hell, access to certain protocols like SSH and SFTP was restricted to just our network and the client's network, it was a completely walled garden except for SMTP and HTTP.

I checked everything, there were no changes to any scripts, there was no access by any IPs other than ours or the clients, and for the days the CCs were stolen there was ZERO access from our company to the server which meant it wasn't any of our employees stealing them. Whew ;)

Additionally, they did their credit card processing offline, not in real time, so every time they downloaded them we erased them from the website. The CC's did not persist on the server.

While the website is usually the prime suspect, in this case there was absolutely nothing on the server, not a thing, it was clean as a whistle.

I told them they needed to check their side, which was behind a hardware firewall, etc.

What it turned out to be was a hacker from Canada was eventually caught by the feds. He had sent emails targeting their employees and when they opened those emails, the file attachment installed malware on the client machines inside their firewall that was then used to access the website from inside the firewall. It's also possible they just grabbed the downloaded file off the clients machine. I was never given the exact specifics of how he got the data except that is was from the clients machine inside the firewall.

Therefore, you just learned a valuable lesson here that no amount of sever hardening, firewalls, or security does a damn bit of good as long as you have one weak link in the process: a human.

Human's can be tricked into doing things many ways and a couple explored on the NOVA video I referenced above include people leaving malware infected flash drives and CD's laying around that are specially designed to make nosy people insert them into a computer and thanks to auto-run files the computer is HACKED! just that quick.

Watch the video with an open mind because while the attacks they describe may not specifically be applicable to your situation, the concepts could easily be revamped and make you a target as well.

People need to be alert, don't open file attachments you don't know, don't insert flash drives and CD's you know don't.

Common Sense is the biggest tool in computer security.

Sadly, common sense is lacking for most and the laissez-faire attitude people have regarding computer security is why botnets are so prolific.

When I hear people claim they don't run AV software and never have, I want to take a flame thrower to their computer to make sure it's clean.

See my other post about using VM sandboxes to possibly try to solve this malware issue:
[webmasterworld.com...]

RhinoFish

3:36 pm on Sep 29, 2014 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



People log into non-https pages on public wi-fi all of the time. Like putting up a poster of your bank username and password at the mall. And many of them use the same pw everywhere.

blend27

9:03 pm on Sep 29, 2014 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



In addition to that, most hosting providers go El_Chipo on their security scans.

I just discovered that one of my oldest shared hosting accounts, ever, an entire server was compromised on July 30th. I sounded an alarm yesterday with no reply, cause Help is OFF on weekends.

Had several domains that were just siting there, pointing to 403 at the default document.

Now every domain has over 4000+ pages indexed that try to promote Canada goose and Vuitton Apparel.

:(

incrediBILL

10:08 pm on Oct 1, 2014 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



public wi-fi all of the time.


Even better, the hackers now create fake wifi hotspots all over the place. When you go the the airport you have to ask what the real airport wifi is if you dont want to get hacked. Even better is someone can go to a restaurant that doesn't offer wifi and suddenly the place has wifi! They could even leave a wifi hotspot running in a car in the parking lot next to the building and collect stuff all day long.

Heck, just change your personal mobile hotspot to say "Xfinity" and see what happens. LOL

an entire server was compromised on July 30th


I'd bet real money that they told you to change your FTP password or switch to SFTP. That's been the standard non sequitur response by web hosts for years now, even when you show them a script injected URLs into every index page on the server and the server is hacked.

Shared hosting is a high value target so if you find any angle of attack, then you've got maybe a thousand sites with your links on them all at once, maybe more with todays faster machines and thanks to the cloud, maybe tens of thousands at once.

Was this a WordPress site by any chance?

Years ago I wrote a script that could check for hacked content on multiple domains on a single IP but the service I used quite functioning. I should put it back online as typically 50% of the index pages were compromised on a all shared servers on a couple of hosts I tested. To be fair, some other hosts were clean as a whistle, or only had one or o bad accounts, so some are really good.

I should put that script back online now that I have a new source to get all the IPs for a server as it was a real eye opener.

The only solution to that problem is MOVE to a new host, a dedicated server would be best, a VM second best. I use a control panel on my dedicated server so it's just like shared hosting, comes pre-installed, totally turnkey and ready to use. If you have a lot of domains (25+) it's worth doing as the cost of all those domains usually easily pays for the server.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Local / Foo 9:16 pm May 5, 2026