Security Alert: Website Defacement / Hacked Pages
Our Security team found that majority of the website being defaced are using CMS (Content Management System) e.g common CMS are Joomla or WordPress. Currently CMS itself doesn’t have that many security constraints [though new versions versions are launched very frequently by them] it is not that very secure, so it is better to take care of your blog by following the steps below:
i) Make Sure CMS is 100 percent secure
Do not assume that your open source CMS is 100 percent secure. All software have issues and mess ups or security holes. If a CMS has a security flaw hackers will find them at some point.
ii) Keep yourself updated on security issues in your CMS
Do not forget to keep yourself updated on security issues in your CMS. Most open sources systems release updates on a regular basis “just like Windows or OS X”. However not all systems check for updates instantly and some can’t install them with a single click. Keep yourself updated by joining the open source service mailing list or following their Twitter account.
iii) Updating your CMS
Do not forget who is accountable for updating your CMS. Maybe you have used your hosting provider’s 1 click installer or perhaps your web designer has installed the CMS for you. But do they update it for you? Rarely. Keep in mind it’s your responsibility that your CMS is updated with the newest security patches. However you could outsource the task to your webmaster, website development expert or website designer.
iv) Don’t neglect
If your CMS does give you update alerts, then don’t neglect them. Systems like Umbraco and DotNetNuke have a function that checks if there are updates available when you log in. A system like WordPress also checks and by only a few clicks in the admin you can update your CMS very easily (don’t forget to backup before you update). Take the update alert seriously and update straight away!
v) Update third party modules
Don’t forget to update third party modules. Developer other than the open source team can develop modules on your CMS. These modules can also contain security issues. Just as you have to be updated on the CMS updates, you also need to be updated on updates on any of the third party modules your CMS uses.
vi) Team up with an expert or a supporter
Don’t forget to team up with an expert or a supporter. Keeping your system up-to-date can be difficult. However, if you team up with a consultant who is used to update your kind of open source system, you are able to save valuable time and concentrate on running your business. You can pay him monthly and he is going to make the updates when available, or your can pay by tasks.
vii) Robust password policy
Do not forget to have a robust password policy. This is really the biggest reason why hackers get access to systems – weak passwords! Try to make a long password, at least 8 characters with both numbers and letters. Do not use your name or zip plus city. If you find it hard to remember long passwords, attempt to make a sentence with a number, and then use the 1st letter of each word to make a password. E.g. “The Rabbit jumped over 4 Stones and 7 Flowers” makes the password TRjo4Sa7F.
viii) Backup your full system
Do not forget to backup your full system, both files and database – constantly. Do not take for granted that your hosting supplier backs up everything. Well they do, but mistakes happen even in the largest hosting suppliers. Also the hosting suppliers’ backup history may be only a couple of weeks long. If your system gets hacked, the very first thing a hacker does is leaving a backdoor. After weeks perhaps months he returns and defaces the homepage. When your hosting supplier revives from the newest backup the hack seems to be resolved on the surface, but the backdoor is still there.
If you choose a free open source CMS for your homepage, then remember that it does take some time to upkeep and update it. Outsourcing this part might be a brilliant idea. Do get back to us if you have any feedback or concerns. Read more on SECURITY ALERT: Website Defacement on Joomla.