Thanks for the heads up Chris.
We're currently down but should be back up later today.
Even a 24 letter password of random hieroglyphics was not enough to do the job. Irritating to have to run a restore, but no biggie as we have not lost any content at all.
Good time to look at your passwords CS'ers?
Last edited by TC; 22nd November 2014 at 07:00 AM.
Thanks for the heads up Chris.
24 random characters is quite a challenge to brute force - perhaps they found another way in?
The password is probably not how they got in. Usually its vulnerabilities in the code of the underlying hosting system or content management system (CMS). I recently got rid of a Joomla system on a site that I manage as I was always worried about it being vulnerable. The CMS code needs to be kept up-to-date with any security patches. The trouble is that this takes time and sometimes your site can break when an update is done.
Often these hacks can be very amusing (unless your the site owner) and often there are "mass defacements" where a cracker will deface several dozen websites in one go. There are sites on the web that record the defacements so years later you can see what happened to a site. (yep your listed http://www.zone-h.org/mirror/id/23289036 )
Sorry to see it hacked Chris, but the graphics and sound was funny and they had a serious message to make :-)
Last edited by speleomike; 22nd November 2014 at 09:39 PM. Reason: Added zone-h listing
FWIW, I'm not that worried about it. We'll just wait while the web guys do their stuff and we'll be up and running again once it's done.
Chris I think you run Wordpress for your website...It looks like it with maybe Woo commerce for the sales side, If so there was an update put out just recently as there was a major vulnerability in the earlier wordpress platform.
As someone who runs a (small) web server and follows security issues, if your password really was "24 letter password of random hieroglyphics" then it's almost certain that that wasn't how they got in. That said, length on its own is not a guarantee of anything, especially if you cobble together words in a dictionary, but carefully constructed passwords of sufficient length should be enough.
If your site was based on Wordpress, then that is top of the list of suspects. I have occasionally been tempted to run a site like this, but the issues that MIke mentioned have always deterred me.
Sounds like you're not a propeller-head yourself, but I do think you've got some hard questions to ask your IT people, because these things should not happen, or hardly ever, if the software behind the site is well-configured and kept up-to-date.
SQL injection is the most common cause of these. Most likely a bot.
You just need to have your guys harden the code against the common methods.
OWASP will help them.
Also as diode123 said, some of the Wordpress plugins need a close look.
It's easy for someone without much knowledge to run your domain name against builtwith to check out everything you're running and google for vulnerabilities so it needs to be watertight or they'll walk right back in once it's up again.