The Hackers Are Up To Something…
As a web host, we deal with a lot of hacker related activity as it pertains to attacks on websites we host. In the past six months, we’ve seen a lot of FTP iframe injection attacks on websites.
However, in the past two weeks, we’ve seen a new level of probing and attacks…
Our IDS is lit up like a Christmas tree
On all of our servers we use Intrustion Detection Software (IDS) that looks for malicious attempts at logging into an account (FTP, POP3, IMAP, etc…) and blocks these type of attempts. Normally, this level of probing and active “brute force” attempts is somewhat consistent, and we’ve come to expect a certain level of activity.
In the last two weeks though, our IDS is blocking IPs left, right and sideways! Thousands of FTP login attempts from all over the globe, trying to guess website usernames and passwords, are hammering away at our servers. Our IDS is easily detecting and blocking these generic attempts, but the volume has increased 50 fold.
It seems a new network has sprung up that has control of thousands of infected computers and servers, and is collecting information / logins. To what end? I don’t know, but it sure is a large effort by the hackers.
POP3 compromises up as well
We’ve also seen a higher rate of compromised POP3 mailboxes, where the attacker either guesses the POP3 mailbox password, or obtains it through a compromised PC that stores the mailbox login information. The hackers have been trying to send thousands of phishing and malware infected emails to further grow their network (known as a “botnet”).
DDOS attacks on the rise
In the last week we’ve seen a few Distributed Denial of Service (DDOS) attacks where thousands of compromised PC’s are directed by a hacker at a specific website. Our firewalls and routers are able to filter out most of the traffic, making this more of a nuisance, but we normally do not see very many of these types of attacks.
…
Put this all together, and we’re seeing a much higher activity level from hackers as of late. We’re glad our security systems are operating as they should, but it always raises an eyebrow as to what they may be up to in the grand scheme of things.
What can you do as a website owner to stay safe?
- Keep your FTP and POP3 passwords safe and secure
This means not choosing an easily guessable password, and changing it regularly.
- Be careful who has your password
Only give out your password to developers, designers, and employees that absolutely must have it. When a designer/developer is done with their work, change the password in case their systems become infected in the future.
- Keep your PC clean
I recommend having both an anti-virus/spyware software suite (such as Trend Micro, McAfee, or Symantec/Norton) *and* a specific malware scanner like Malwarebytes (commercial version). Make sure both software applications are running in the background, and are actively scanning all activity.
- Use Firefox or Chrome as your web browser
Both Firefox and Chrome integrate with Google’s Safebrowsing black list. This means they will warn you if you try to go to a website where Google has detected malware / malicious code on the website. Internet Explorer does not do this. Going to an infected website (often times a safe site that was compromised itself) is often a popular way hackers infect personal computers.
Looking for a web host that understands ecommerce and business hosting?
Check us out today!
Great post.
I’ve noticed a lot more attacks via my email subscription form. As i understand it, as long as you don’t click on the links, you’re OK.
We switched to (mostly) Macs about 6 months ago, and hope this gives us an added advantage over PCs. At least that’s what the ads promise!
Yes, clicking on the link is usually the required next step for these malware pages to try and infect your computer.
For now, it seems MACs are not the intended target. However, as more people use MACs, the hackers will see more reasons to start targeting them as well I fear.