Lemons and lemonade.

Earlier I wrote about my website getting hacked and about what I did to fix the situation. This post is about the lessons I took away from the experience and about making the most of a crummy situation.

First off let me disclose that I am not a computer security expert. I don’t do this professionally and I don’t have very many facts about my particular case other than the code that I found while cleaning my website. I know just enough PHP and javascript to be dangerous and to extract a basic understanding of what the malware code was attempting to do. Most of what I put forth here is based on Internet research (it’s got to be true doesn’t it?) and personal conjecture.

OK, how did this happen? From what I understand there are about a jillion different ways to get hacked. But with a self hosted WordPress site three popular techniques are:

1. A WordPress vulnerability (outdated version)
2. Acquiring malware from shared hosting account web server
3. An FTP vulernability

A WP vulnerability works by exploiting know bugs or holes in the actual WordPress installation. Hackers will look for flaws in the WP source code and exploit them to gain access to your computer or files. This is why it is really important to always keep your WP site up to date with the most current release. I used to worry about compatibility with my WP version and plugins, but not any more. As soon as a new version comes out, UPDATE. You can clean up the plugin bugs later.

You can also acquire malware if you are on a shared hosting plan. With this method your site gets infected by files from another website that are on the same web server as you. I imagine this is a lot like sitting next to someone on an airplane that is sneezing and coughing with a cold. You might not get sick, but chances are you will. This is the chance you take for your $4.99 per month hosting plan.

An FTP vulnerability is probably the scariest of the three. With this method your FTP credentials are compromised (stolen) and the malware is simply placed on your site via legitimate unauthorized file modification and update. What’s so scary about that? Well, how do you think your FTP credentials get compromised? They are stolen from your local computer!

This means two things (1) your computer is infected with a trojan and (2) your passwords you think are safe are not really safe at all. I was shocked to find out that my favorite FTP client, FileZilla, does not protect your passwords. In fact, many FTP clients don’t protect your passwords. I believe this also includes the popular DreamWeaver.

But it gets even scarier. It doesn’t even have to be your local computer which is compromised. It just has to be a computer on your network. This means that if you are on an infected network your FTP data can be can be filched literally right out of thin air.

So what are the take home lessons here?

1. Keep your website software up to date
2. Don’t let your FTP client store your passwords (don’t let any program store your passwords)
3. Consider not being a cheap-ass and pay for a better hosting plan
4. Be vigilant with your websites. Stay up to date on software and keep an eye out for suspicious stuff on your site

If you host your own site you have the responsibility to keep it clean. Your site is part of a bigger network and if you don’t take care of it you may unknowingly be contributing to the ongoing problem of malware.

Last, if you do get hacked, the first thing you need to do is clean it up. After that, you can take some comfort in the fact that even the big boys fall prey to hackers once in a while.

What about you? Has your site been hacked? What lessons did you learn?