QOT Hacked!

By Posted 2010 Updated   Domain HostingSecuritySite News

A few days back our blog QOT got hacked! Someone managed to login as root user into our VPS server and accessed critical areas of cpanel and file manager…

VPS Hacked

Accessing as root user gives the hacker unlimited access and superuser powers to all critical areas and power to modify and delete any file on your server. Throughout the unauthorized access period, there was no downtime and the site functioned as usual. Though no critical function was compromised, the hacker definitely tweaked some files and log files revealed access to critical server areas.

Thankfully we secure servers with Configserver Security and Firewall (CSF), a powerful Stateful Packet Inspection (SPI) firewall, Login/Intrusion detection and security application for Linux servers, which alerted us of the hacker intrusion and tracked their IP.

Restoring VPS backup

We host our site on Knownhost VPS hosting, and their excellent technical support was super quick to respond, blocked the IP and scanned critical areas for intrusion, file access, file modification, and malware / virus implantation. They advised us to change all passwords immediately for the server, MySQL database  and WordPress. Since the site was online and functioning without a glitch, obviously some stealth changes were done to some critical files.

Since Knownhost automatically keeps regular secure backups of all VPS servers, they offered us an entire of array of dates available for VPS backup. Then they quickly and professionally restored the VPS to a previous date without a hitch in under an hour.

Of course it meant a few latest posts and comments will get lost. So we backed up our latest posts manually and reposted them after the server was restored. A few comments on the latest posts and other comments made from the period of VPS backup to the date this happened got lost.

Security Lessons Learnt

  1. Use very strong passwords –  Strong passwords are not good enough. Very strong passwords are needed with long combinations of letters, numbers and symbols – so that even the best password cracking software fails. Also remember to frequently keep changing passwords.
  2. Beware of public computers – Only login as root from your most trusted computer, as public computers (even office, friends, library PCs) may have keyloggers and other malware. Its easy to pick up your password as you type it.
  3. Back up daily– any server can be hacked any day. If you have regular latest backups, they you can sleep with peace of mind that your server can be restored easily if anything goes wrong. Regularly backup your MySQL database, or even use WordPress backup services.
  4. Upgrade and Update –  Always keep your WordPress installation and all plugins updated, and new versions also close up security holes. Don’t give hackers a chance.
  5. Install Server Security Software –  your new server usually will not come preinstalled with security software. We have found CSF a very effective server security tool which blocks several intrusion attempts everyday.
  6. Use a reliable responsive web hosting –  I am glad that we are hosted in Knownhost VPS. They have consistently shown expert, knowledgeable and superfast response time (24×7!!) over the last 1 year; and how they do it amazes me everytime. I would recommend Knownhost managed VPS any day.

Any server can be hacked, but you have to stay prepared with back up, keep you security antennae alert and chose a reliable hosting for stress free blogging.  So that was our QOT hacking experience and we hope to keep the great content rolling in…


10 comments on “QOT Hacked!

  1. Onibalusi Bamidele says:

    Wow! This is serious ;)

    I just upgraded to a VPS and I never knew there could be this type of security issue, I will have to be super alert now.

    Thanks a lot for the great tips,
    -Onibalusi

  2. Kamal Hasa says:

    Wow it bad to get hacked. Glad that the blog is all safe now..

  3. Rockstar Sid says:

    Were the logged IP’s from Russia? I am on the same VPS and got hacked regularly (lol) :(

    Now everything’s fine, though, I think somewhere if we both had the same hackers behind this then knownhost should take serious initiative.

    • QuickOnlineTips says:

      So we are VPS neighbours. IPs were not from Russia. Its good the VPS is fully managed.

  4. Mani Viswanathan says:

    Glad its back online :-)

  5. Roshan Ahmed says:

    So you’ve had some important lessons in the mean time. I’m glad that you didn’t lost any data and was able to put them all back just as it was. Great luck, don’t let those guys get hands on you again because I love reading your blog :)

  6. apis17 says:

    You also need to enable mod_security. there will be another attack thru mysql injection or web attack.

Leave a Reply

Your email address will not be published. Required fields are marked *




css.php