Finally the planed WordPress Security Post get much too long so here some useful short preview and resources . If you want to check the quality of your WordPress Web Server host, Google offers a incredible tool to start you will be surprised. You will know more thatn your host about there security. Nearly every day i read about hacked WordPress and jomla web spaces even with updated software . Many Austrian Government webpages get attacked redirected or simple file folder permission was wrong and huge datasets with personal files get published on the internet. Mostly if your webpage get vulnerable its only a question of time before some one install his project on your webspace google will find it on the next time it cowls your page and Blacklist your domain. Its happen twice to me thats the reason i share some resources and hints that could be useful for you too.
You can enter yourpage or the page of your host Domain , Hosts will get a short string like AS:6830 for UPC
How it will affect you even if your webspace is clean
Most Wespaces are shared host so you share the CPU memory and mostly Linux Server with many others. If a webpage get infected or malware installed the injector will brute force the maximum output. The perfomance of your webspace will drop into hell.
2) If once you get infected Google will bann your Url form all Search results, even when its only a Search redirect.
3) Check your trafic regularly for unnatural trafic peeks or dops. If a “Bad Boy” find your server vulnerable he will work on it to prepare your webspace for his needs. Mass Email , Redirect to Pharma shops , Aviliate ect most of the stuff is to make money so they are very professional in there attacks.
4) Double check every registration visit from Poland Russia and Turkey if you dont need that trafic you can block it in the htacces with a Country Block
5) Change your Password regularly and make them strong like Arnold Schwarzenger you dont want to lose all your posts and time you spend on your Blog
6) The better your Blog is ranked in Google Bing or yahoo the higher the interest to force screw on your domain.
7) Bad code can be hidden in BAse64 coded part of your template or even in pictures uploaded to the Wp upload directory and executed
Most time Host company dont talk or blog about there vulnerable parts as its against there business , but as a client you have the right to know for what you pay. About 99% they will tell you your plugin software is not uptoodate . The true is there apache configuration will allow ftp and root acces to the attacker.
Releated Wiki Botnet http://de.wikipedia.org/wiki/Botnet
Some Free Tools to find and isolate infected pages
- Unmask Parasites
- Rex Swain’s HTTP Viewer
- Sitecheck Scanner Fully free and open, check multiple pages for malware,spam and defacement.
- Soswebscan is free online website scanner to identify iframe badwares.
- Forensics portion of my malware investigations
Best malware scanner / sURLs analysis :
- Web of Trust : Check the reputation of a website and warns of dangerous websites.
- Unmask parasites : Thousands of website owners are unaware that their sites have been infected with parasites.
- Trend Micro Web reputation : Check the reputation of a website.
- Norton Safe Web : Displays the site’s reputation.
- Finjan URL analysis : Analyze the URL in real time for threats.
- Browsing protection F-Secure : shows the site’s reputation.
- AVG LinkScanner drop zone : Analyze the URL in real time for threats.
- Wepawet : Service to detect and analyze Web-based malware.