Earlier this month, a report disclosed that a searchable database containing 1.4 billion password credentials has been leaked and is now available in dark web communities. These passwords can be utilized to automate searches for admin-level server and CMS access to websites, irrespective of the platform. A recent incident involved the compromise of a Bitcoin subReddit, underscoring that it doesn’t matter if you’re using WordPress, Joomla, phpBB, or even hand-coding your own CMS. A weak or compromised password puts your site at risk.
The hacks began swiftly. On December 18th, a massive brute force attack was reported, peaking at 14 million attacks per hour.
Google Webmaster Help Offers Advice
A timely tutorial was offered by Google’s Webmaster Help blog on fixing hacked WordPress installations. The comprehensive guide covers various common hacking types and provides practical advice for reversing a hack.
However, Google omitted one crucial fix. Hackers sometimes create an admin-level user, occasionally with FTP-level access. To completely clean your website, review your database to identify any new users with escalated permission levels. Even if a hacking infection is cleaned, it can return if this access point isn’t removed.
Another useful tool for checking if you’re hacked is using a User Agent Switcher. This Chrome browser add-on disguises your browser to appear as Googlebot. If your site is displaying hacked content to Google, the User Agent Switcher will help you uncover it.
If the User Agent Switcher doesn’t come with GoogleBot preinstalled, you can add it yourself by entering the options and filling out the bot information you want to disguise as. Complete user-agent information can be found through various sources.
Are All Sites Vulnerable to an Attack?
Since the leaked passwords aren’t specific to WordPress, it’s safe to assume that all sites are susceptible to brute force attacks attempting to guess your password and gain access. The fact that not even Reddit is immune to these types of attacks is a stark reminder that all admin-level passwords must be secured.
How to Protect Against a Password-based Hacking
Consider improving your password. Create a strong password by making it long, using numbers, symbols, and mixed case letters (both upper and lower case). Also, change not just your CMS/blog password but consider updating passwords related to your domain name registration, hosting account, and emails associated with your hosting and domains.
Be particularly vigilant during weekends and holidays. Hackers are aware that customer service staff at some organizations may be outsourced on weekends, making password changes by phone easier since outsourced staff might not always follow the same security procedures as regular staff.
Images by Shutterstock
Modified by Author