Announcement

Collapse
No announcement yet.

IMPORTANT SECURITY UPDATES : WordPress & Joomla CMS!

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • IMPORTANT SECURITY UPDATES : WordPress & Joomla CMS!

    Dear customers,

    INFORMATION:

    As a popular way to create blogs, news portals & corporate sites, the WordPress & Joomla content management systems (CMS) are quite famous & of course a center of attraction for most of attackers/hackers. Many Wordpress & Joomla sites are under attack most of the time by botnets (a collection of compromised computers controlled by a malicious program, used to launch a targeted denial-of-service attack or to send spam) using brute-force methods to obtain their passwords. For at least a year now, attackers have been using such compromised servers; specifically through these famous CMSes; to launch distributed denial-of-service (DDoS) attacks against financial institutions & companies in other industries. Alleged hacktivists, have targeted financial institutions since last September, flooding the victims with tens of gigabits per second of traffic & specially crafted requests designed to tie up or crash the targeted servers.

    By default, all new WordPress & Joomla installations start with a Super Administrator account named 'admin', which is used for backend management of the site. During the installation procedure, one is asked to give this account a password, which can be a simple (easy to guess/predict) or a complex one containing a mixture of alphabets, numbers & special characters. As the user name of this highly powerful administrative account is normally well known, 50% of the security of the username/password combination is already wide-open. Now all an attacker needs to do is guess the password by trying any combinations & they're in.

    Recently attackers launched a major password-guessing (also well known as brute forcing) effort to compromise WordPress & Joomla powered sites. Interestingly, the attacks seem limited to only users who have kept the default "Admin" username for their websites' for managing from the site from the back-end, however, these attacks are only the beginning. Security analysts & IT companies fear that the attackers are attempting to build a massive botnet that is much more powerful than any other witnessed earlier. This attack, which is executed by a botnet of home computers, seeks out Websites & blogs that use the default "admin" user name & that may have generally weak passwords. The attack software attempts to log into a targeted Website's administration panel using the default system-set user name eg: "admin" or "administrator" using a combination of thousands of popular/common passwords. While the attack may only succeed a small percentage of the time, it could result in hundreds or thousands of compromised servers when averaged over tens of thousands of sites powered by particularly WordPress & Joomla application software.

    Currently, there are over 250,000 IP addresses being used to launch these brute-force attacks. These IP addresses are using thousands of passwords to hack into the WordPress sites. Right now, the botnet is limited to just using home PCs, however, the attackers could soon use the powerful servers that run these WordPress sites to launch a much stronger botnet.

    SOLUTION:

    By changing the username to something more difficult to guess, you greatly increase the difficulty of accessing the account. An attacker must correctly guess both the user name & password at the same time to gain access. This is several magnitudes more difficult than simply guessing the right password.

    If you have "admin" or "administrator" as your default username, you should go ahead & change your password to a strong one immediately. Also, in the future, if you plan on using the WordPress &/or Joomla, or any other similar platform for your site, be sure to change the default "Admin" or "Administrator" username to something unique. Once done, the sites should not be vulnerable to these attacks.

    DIRECTIONS:

    Wordpress: Create another administrator user & then login as new administrator user & delete "admin" user:

    1. Login to your WordPress Admin area.
    2. Click on "Add new" in the "Users" menu & fill in the information for the new user account.
    3. IMP : Make sure you select "Administrator" as the role for this new user.
    4. Choose a hard-to-guess password. I recommend using a combination of uppercase & lowercase letters, numbers, & symbols.
    5. Finally click on the "Add User" button.
    6. Now logout of WordPress & relogin using your new username.
    7. Click on "Users" in the "Users" menu.
    8. Hover the mouse cursor over the "admin" row. You will see links for "Edit" & "Delete". Click on "Delete".
    9. IMP : Select "Attribute all posts & links to" & then select your new username from the drop-down list.
    10. Click on the "Confirm Deletion" button.
    11. Now you have changed your administrator username & all your blog posts that were created using the "admin" username will be re-assigned to your new username.


    EDIT : Please refer to THIS LINK for complete information on securing WordPress.

    Joomla: Similar to the above, but doesn't need user deletion, just a rename:

    1. Log into the Back End of Joomla.
    2. Select User Manager.
    3. Select the 'admin' user record.
    4. Change the value in username. (Secure user names contain a mixture of letters & numbers).
    5. Save & you're done..


    Or you might want to add an extension in Joomla, which will do the necessary configurations. ie: Admin Tools

    Admin Tools is a true Swiss Army knife for your site. It'll detect, notify about & install new Joomla releases, fix your files' & directories' permissions, protect the administrator directory with a password, change the database prefix, set a secure Super Administrator ID, migrate links pointing to your old domain on-the-fly & perform database maintenance, all with a single click.

    Please get in touch with our Support Helpdesk (24x7), if you've any queries, concerns or need any information/assistance on the above & we'd be glad to assist you in securing your websites/servers for you.

    Good Luck!
    Rock _a.k.a._ Jack Daniel

    Follow eUKhost on Twitter || Join eUKhost Community on Facebook

  • #2
    Ive been the constant victim of these attacks for a while to the extent I gave up on one of my domains since the last hack as neither euk or myself has a decent back up. Murphy's law with this domain on Joomla.

    Definitely change the user name as it stopped almost instantly on one domain when I did it.

    Also use software like Akeeba Admin Tools to keep your joomla up to date, fix file/dir permissions and it will help password protect the /administrator/ directory.

    Sent from my SGH-T989 using Tapatalk 2


    I am just a voluntary moderator here, I do not speak for eUKhost officially!

    Comment


    • #3
      Re: IMPORTANT SECURITY UPDATES : WordPress & Joomla CMS!

      Originally posted by Brian View Post
      Ive been the constant victim of these attacks for a while to the extent I gave up on one of my domains since the last hack as neither euk or myself has a decent back up. Murphy's law with this domain on Joomla.

      Definitely change the user name as it stopped almost instantly on one domain when I did it.

      Also use software like Akeeba Admin Tools to keep your joomla up to date, fix file/dir permissions and it will help password protect the /administrator/ directory.

      Sent from my SGH-T989 using Tapatalk 2
      Hi Brian,

      Thank you for your inputs & for adhering to security.. Indeed, disabling/renaming the default admin account rules out the cause of a major security breach from taking place on your website & in fact being a victim; rather unknowingly; for fueling a massive global DDoS attack.. Recently after this outbreak, many clients have approached our support staff & we've promptly assisted them in securing their websites.

      Site/server admins should definitely take certain countermeasures against such online attacks, for example by implementing steps which will limit the number of attempts that a password can be tried for by introducing time delays between successive attempts or by locking accounts out after specific amounts of unsuccessful or for trying more than a predetermined number of password logon attempts. Using CAPTCHA is one better way to increase the possibility of ensuring human existence behind any or every login attempt & term it unacceptable if not found to be valid so. Sites, which have login screens specially, should be protected with a CAPTCHA for sure, which in turn would generate & grade challenges that human beings can pass through but computer programs cannot. They can be implemented in order to prohibit misuse done by automated programs which are mostly used for automatic registrations or login access attempts mainly used in dictionary/brute-force attacks... We can implement them in such a way that after a certain number of unsuccessful/failed login retries, a CAPTCHA should prevent a computer from being able to repeat through the entire space of passwords by imposing it to solve a CAPTCHA & then only advance further to the next level..
      Rock _a.k.a._ Jack Daniel

      Follow eUKhost on Twitter || Join eUKhost Community on Facebook

      Comment


      • #4
        Re: IMPORTANT SECURITY UPDATES : WordPress & Joomla CMS!

        More good points Rock. My files seem to be doing OK and not getting hacked the last few days but I have fixed my .htaccess file and within minutes it has been injected again. Ive put in a few more recommended settings to the file to see if that will clear up. Ill know in a few hours if it does and if its worth posting the fix here.


        I am just a voluntary moderator here, I do not speak for eUKhost officially!

        Comment


        • #5
          Re: IMPORTANT SECURITY UPDATES : WordPress & Joomla CMS!

          Originally posted by Brian View Post
          More good points Rock. My files seem to be doing OK and not getting hacked the last few days but I have fixed my .htaccess file and within minutes it has been injected again. Ive put in a few more recommended settings to the file to see if that will clear up. Ill know in a few hours if it does and if its worth posting the fix here.
          Good luck Brian, I'm eager to hear back about how it goes.. I'd also like to suggest changing the file attributes (using chattr) of the .htaccess file, doing so it'd make the file immutable/changeless, unless you're (or any other installed plugins) going to make changes to it manually or automatically.
          Rock _a.k.a._ Jack Daniel

          Follow eUKhost on Twitter || Join eUKhost Community on Facebook

          Comment


          • #6
            I had it at 644, what do you recommend?

            Sent from my SGH-T989 using Tapatalk 2


            I am just a voluntary moderator here, I do not speak for eUKhost officially!

            Comment


            • #7
              Re: IMPORTANT SECURITY UPDATES : WordPress & Joomla CMS!

              Originally posted by Brian View Post
              I had it at 644, what do you recommend?

              Sent from my SGH-T989 using Tapatalk 2
              You can chmod it to 444 (chmod 444 .htaccess) or rather run this command leaving the permissions intact "chattr +aui .htaccess".
              Rock _a.k.a._ Jack Daniel

              Follow eUKhost on Twitter || Join eUKhost Community on Facebook

              Comment


              • #8
                Re: IMPORTANT SECURITY UPDATES : WordPress & Joomla CMS!

                I cant go more than 30 minutes without my .htaccess being hijacked. I am not sure if there is a rogue file thats writing to it, I cant changed the chmod to 444 via FTP for some reason it defaults back to 644. Rick D on live support did set it so I will see how it goes. My FTP shows it as 644 for some reason but he says its set at 444 so I will leave it for the night and hope I dont get hijacked.


                I am just a voluntary moderator here, I do not speak for eUKhost officially!

                Comment


                • #9
                  Re: IMPORTANT SECURITY UPDATES : WordPress & Joomla CMS!

                  Originally posted by Brian View Post
                  I cant go more than 30 minutes without my .htaccess being hijacked. I am not sure if there is a rogue file thats writing to it, I cant changed the chmod to 444 via FTP for some reason it defaults back to 644. Rick D on live support did set it so I will see how it goes. My FTP shows it as 644 for some reason but he says its set at 444 so I will leave it for the night and hope I dont get hijacked.
                  Hi Brian! I see that setting 444 permissions on the .htaccess has done the trick.. the file remains unchanged as I type...
                  Rock _a.k.a._ Jack Daniel

                  Follow eUKhost on Twitter || Join eUKhost Community on Facebook

                  Comment


                  • #10
                    Yup, this is the longest time in a while too .

                    Sent from my SGH-T989 using Tapatalk 2


                    I am just a voluntary moderator here, I do not speak for eUKhost officially!

                    Comment


                    • #11
                      Re: IMPORTANT SECURITY UPDATES : WordPress & Joomla CMS!

                      Originally posted by Brian View Post
                      Yup, this is the longest time in a while too .
                      .. Fingers crossed__
                      Rock _a.k.a._ Jack Daniel

                      Follow eUKhost on Twitter || Join eUKhost Community on Facebook

                      Comment


                      • #12
                        Re: IMPORTANT SECURITY UPDATES : WordPress & Joomla CMS!

                        Thanks for the advice Rock - very informative.

                        As you say, Wordpress and Joomla are probably the most popular blogging and CMS software on the web today.

                        Some of the changes that you mentioned are relatively small changes to make but increase security by hundreds, if not thousands of percent.

                        Great post! .
                        David Smith
                        Managing Director
                        DPS Computing Limited

                        - Massive update! (September 2011) - It's now not neglected!!
                        - New Site (10/2009)

                        Comment


                        • #13
                          Re: IMPORTANT SECURITY UPDATES : WordPress & Joomla CMS!

                          Originally posted by DPS Computing View Post
                          Thanks for the advice Rock - very informative.

                          As you say, Wordpress and Joomla are probably the most popular blogging and CMS software on the web today.

                          Some of the changes that you mentioned are relatively small changes to make but increase security by hundreds, if not thousands of percent.

                          Great post! .
                          Thanks for the heads up David.. Where & how have you been?
                          Rock _a.k.a._ Jack Daniel

                          Follow eUKhost on Twitter || Join eUKhost Community on Facebook

                          Comment

                          Working...
                          X