Forum Moderators: phranque
The tech support at my hosting company said it was very suspicious and they recommended I immediately change my cpanel password. So I also changed my webhost manager password, being as it and the cpanel pw were one in the same. For whatever reason something got screwed up and when I changed the WHM password it didn't work right and I was unable to log in. So I emailed them and they sent me a new one.
Fine, right? Everything is as it should be.
Well, now I have all but lost the desire to work on my websites or any new ideas. How did I get hacked? As far as I know I did nothing to allow my account to be compromised. I have long usernames and passwords consisting of upper & lower case letters and numbers.
My main site provides a service that, if it were to go down for a day, could really piss off my users. And what if all their data gets deleted by a malicious hacker? I had intentions to develop a lot of content and build up a lot larger user base than I have, but now I'm very apathetic about it all because I'm certain one day it will all just be gone.
I run an updated version of Norton AV, but for all I know I have a key logger hiding somewhere. I don't understand security as well as I should, and it seems no matter how much I learn there's always a loophole for some hacker to get in. And if they have access to my email, which they would with a key logger, then they also know my new cpanel password which was emailed to me.
So my first thought was to switch over to linux so I won't have to worry about key loggers or other spyware. I've tried several times to do this but with no luck getting past slackware or debian's installation process. They ask too many questions for which I simply don't know the answers. And after all is said and done, hours spent on each try, it just doesn't work right.
Walmart & Staples both have Linspire preinstalled on a desktop or two, and I'm considering getting one of them. But then I read that Linspire runs in root, that Linspire is a bad distro, etc. So I look at Mandrake, hearing it's easy to learn. I type "mandrake sucks" into google and up pop even more matches than it did for Linspire. Not to mention I can't find it preinstalled on a desktop anywhere.
Then almost jokingly I went to apple's website and wondered at the possibility of getting one of those new cheapie mini macs. But I don't know anything about them, nor do I know what/if/how to switch, or if it's even a security upgrade from what I have. $500 is a lot of money to me, and I'd like to be certain it's everything I hope before I bankrupt myself.
And in the end who knows if I even was hacked. All I know is that every day I go to bed I'll have this anxious feeling that something could go wrong, and one day it probably will. I suppose I could be as proactive as possible, backing up files every day, etc.. but still.
Am I just too paranoid, should I just get on with things and hope nothing is wrong?
Any suggestions as to what I should do to beef up my security? Switch to a linux distro - if so, what do you recommend for a newbie looking to learn FAST? I used to criticize Macs mostly out of ignorance, but from what I hear the security is quite tight. Is this a better option for somebody needing to make a quick switch?
And I'm on dial-up, as if things already weren't bad enough already.
I haven't tried it yet, but I'd guess that Ubuntu would be a bit easier to install than Debian, though you'd get pretty much all the advantages of a Debian install plus a few more. I'll be trying it as soon as I feel I have some extra time.
There are a number of places where you can read about installing Ubuntu - here [workaround.org], and here [linuxbasics.org], I know I've read more newbie-friendly install instructions than these but can't find the url. There's also a slideshow of the install process here [shots.osdir.com], if the link doesn't work directly, click on the 'screenshot gallery' link. Note: you'll also find other step-by-step install instructions to do this.
If Ubuntu doesn't do you right, try getting a Knoppix live disk, see if it works live on your machine, and then follow the install script instructions you'll find on [knoppix.net...] .
It is most likely you have a loophole somewhere in your methods which you would only repeat in a new setup.
You might try logging better/more (use traps to log unusual behaviour -keep these separate so you can view them often), change some key script or file names, secure access to files better (htaccess), and by all means change passwords (get a new password from your host over the phone), empty your computer cache after finishing (to remove trace of logins) and protect files on your computer (where did you leave that email with new password?). If you have perl forms scripts and such, read up on security for these, many people have poor security in their home written scripts or free scripts they installed. Make sure access to your mysql can only emanate from your website, that sort of thing.
Make sure you have backups of backups.
Make sure you have backups of backups offsite.
Get a mac.
BZ
It is possible that someone added some SQL into a form on your site. (The 'ole SQL injection attack) this would allow them to do certain things to your database. You might try adding a MAXSIZE value to your form fields and then parse the data to remove any harmful characters or SQL commands.
Don't sweat the small stuff though, putting a site on the internet is like building a sand castle on the beach, eventually some little brat kid is going to come along and try to mess with it. All you can do is try to track that little twirp and ban him from your section of the beach! ;o)
You'd be amazed just how many sites are vulnerable to SQL injection or XSS attacks, among other things.
my two bits...
