How embarrassing. This morning, someone hacked into my WP account and created a new entry announcing to the world I'd been hacked! Fortunately, the hackers were more puckish than evil. As far as I can tell, all they did was create a new blog entry, added a blog category, and changed the title of my site. Naturally, I changed that back, and breathed a sigh of relief they didn't do more.
I guess these are "nice" hackers. After all, their actions showed me I have a big security hole.
Now, I admit, since I don't know for sure how they hacked into my WordPress directory, I don't know whether I have one hole, two holes or whether my whole site might not be a Swiss Cheese of holes.
During the process of getting rid of the pesky non-knitting related entry, restoring my title, and getting rid of the "hacked" category, I realized I could plug at least on humongonormous hole. As WordPress users know, they need to create a login and password to manage the site. Unfortunately, it's pretty easy for anyone to guess the login for most Wordpress users. Guess what mine is? Yes. You guessed it. Oh, I know what you guessed, and I'm sure 99% or readers guessed right.
Once the username is guessed, all hackers need to do is guess the password. They don't even need to be good at guessing; they can write a computer script that loads up the login page that keeps entering passwords over and over. Scripts are patient; you can be pretty sure they'll get in soon.
Of course, I went and changed my password. But, I realized something else: I'm the only person whoever uses my site, and I only connect using my ISP. My IP address is nearly static. So, it occurred to me that I should at least add an .htaccess file to my wp-admin directory. If I wrote it correctly the files should exclude access by people using IP addresses other than mine.
I found the bit of code at caltech's site.
To restrict access to Caltech machines only, they suggest creating a file called .htaccess containing these lines:
<Files *>
Order allow,deny
Allow from 131.215
Allow from caltech.edu
</Files>
Since I want to restrict access to people using the IP my ISP provides me, I changed the number "131.215" to the IP address I use to access my site. (I'm share a line with some of my neighbors, so a few other people can get in. But, I sincerely doubt the 7 year old next door is the hacker.) I also deleted the line containing "Allow from catech.edu"; after all, there are a lot of students, facutly and staff at Caltech, and who knows? Anyway, they have no business managing my blog, so there! (If I had co-bloggers, I'd add lines allowing their specific IP addresses. Basically, I want to create pinholes permitting access. )
Once I'd created this file, I loaded it into my wp-admin directory, and made sure it was named .htaccess. Then I checked that I could access the management functions of my site.
What if it you iminate me, and turns out you can't access any files in your/wp-admin folder? You probably made a typo. If you type the IP address you use to access your site incorrectly, or you have any typo in your file, you won't be able to access the wp-admin files. Just delete the file, and start over. In fact, it's worth practicing by typing your IP incorrectly and verifying you can't access the file. Then edit to the the typo and try again.
Don't worry too much about things while you do this. As long as you are dropping things in wp-admin, and not higher up in your blog directory, visitors to your site won't notice anything at all.
I know if this probably won't keep me entirely safe, but it should keep some hackers out. So, maybe it will be 80% safe? (Just a guess.)
Hackers. Sigh...
Please leave comments!
Stumble it (and place in Knitting/crochet!)4 Comments »
RSS feed for comments on this post.
Leave a comment
Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Previous posts: ( Cross Without Cable Needle | Home | My Aran is growing slowly. . .)
Lucia Liljegren: Copyright 2005-2007 Rights to all site content including knitting patterns, generators and haikus reserved.
Oh my, are you a Caltech alum too, like my husband and my father? You must be if you’re accessing them from where you live. I’m really going to pay attention to this post, since I know I’m vulnerable. My host didn’t do much more than a basic setup when I moved my blog. Thanks!
Comment by Sonja — 8/23/2005 @ 7:50 pm
No, I went to IIT undergrad and MS and Ph. D. at University of Illinois in Urbana. I found the CalTech site by googling. It was the first site I found that provided a very clear snippet of code to do this.
Comment by lucia — 8/23/2005 @ 8:46 pm
You totally defeated those hackers, hopefully. Why would someone go through so much trouble to hack into a knitting blog? Unless it was Debbie Stoller or something? That is weird. Last night someone broke into my girlfriend’s car (we still don’t know how–unless she forgot to lock it which is highly unlikely) and didn’t take anything but left it a mess.
Comment by Bevin — 8/28/2005 @ 5:03 pm
I hope I’ve got the “doors and windows” locked now.
Why hack my site? I checked my access logs and did some googling. It appears there is some sort of “game” where teams get points for hacking into sites. They post the names of sites they managed to hack.
So, no matter how trivial your site, it’s worth battening down the hatches!
Comment by lucia — 8/28/2005 @ 5:24 pm