How Did They Get My Password???
Answer: It was either guessed or keylogged.
If you've eliminated the possibility of someone looking over your shoulder while you were entering your password, or using a public WiFi connection insecurely, then these are the two most likely possibilities.
It's very simple and critically important to understand. If a hacker is able to obtain your email account password then they have access to your incoming messages and they can also send email from your address (without your being aware). All it takes is regular off-the-shelf email software but usually cracked email account access info is fed into sophisticated email broadcasting software.
When a hacker uses your email account to broadcast spam and viruses, your email address and domain could be blacklisted world wide as a known source of spam. It can be very difficult to be removed from such a blacklist.
If on the other hand, a hacker is able to obtain the cPanel/FTP password for your hosting account, then it's "game over" for your website. Damage to your online business can be substantial. Many security professionals agree that once there has been unauthorized access, it's best to completely delete everything in your web space including any supporting MySQL databases. Then make a fresh start. Once unauthorized access has been achieved, the likelihood is very high that the hacker installed multiple back-doors in the account, which could provide them with easy re-access in the future.
QUESTION: Why would some hacker want to break into my hosting account? I don't have anything in there that anyone would want!
ANSWER: Actually you do! All the power and capabilities of your Linksky web hosting service is in there. Even if no pages or other web data currently resides in your web space, you still posses what the hackers need. This is like leaving your keys in the car because, "Heck, there's nothing in there anyone would want."
For example: If a hacker gains access to your web space, they could upload a small script which could then be triggered (run) by accessing the file with a browser. Such a script could be available to the hacker at any time to use your Linksky services to launch attacks against other websites, servers, networks, government offices, banking institutions, etc. etc. etc. all under your domain name. Such attacks are usually part of a large distributed attack coordinated by a small group of hackers who use any number of cracked hosting accounts in unison. These are referred to as a Distributed Denial of Service Attack ( DDOS). And the use of a large number of sites to perform such attacks are often referred to as a Botnet. When such a thing occurs involving your domain, similar to the email account blacklisting described above, your web URL based on your domain name will incur the dreaded Google or Firefox warning page, "This site could be unsafe." or "This site has been listed as an attack site that may harm your computer." This message would stick with any URL based on your domain name, no matter where it is hosted, even after removing all the malicious content.
What I've described above is just one of many examples of how a hacker could use your hosting account for malicious activity once unauthorized access is achieved.
How do you prevent such disasters from occurring? Generally, the answer is to take a straightforward, three pronged approach:
1 -- Make sure you are using a computer that is free of malware and viruses.
2 -- Make sure you always use secure, hard to guess passwords that are changed regularly.
3 -- Keep any script and script packages that are installed in your hosting account, up to date at all times.
Let's examine each of these important guidelines:
Use Only a Malware Free PC
To anyone who has ever had their PC hacked, this probably sounds easier said than done, but this is as simple as always abiding by few basic guidelines:
Always keep your software up to date. This includes your operating system, all program utilities such as email programs and web browsers and NEVER install unsafe software programs or utilities on your computer. This includes freebie programs and games that can be downloaded from various sites (as these can be uploaded for access by pretty much anyone). Don't click on attachments in suspicious email you receive. Don't click a link in an email and install something just because the notice says, "Your computer's security is out of date, click here to update...", and similar. Too many people are fooled by such phishing schemes and end up doing exactly the wrong thing.
Use Secure Passwords for Everything
A secure password is usually defined by the following parameters:
-- No logical sequence of numbers or other characters, e.g. 123456, or qwerty, etc.
-- No use of dictionary words, or formal names.
-- Nothing related to any other aspect of your hosting account, e.g. do not incorporate part of your domain name in a password.
-- At least 8 characters long.
-- A mix of letters (both upper and lower case), numbers and at least one special character such as #$*%^&
Question: How would I even remember such a password?
Answer: Use a mnemonic method. Here's one, I'll use examples as I go along:
-- What are the first two letters if your name (Paul):
pa
-- Add the first two letter of your Dad's name (Hank):
paha
-- Add the first two letters of the street name where you live (Oak Lane):
pahaoa
-- Add the first two numbers of your telephone number (415-555-5555):
pahaoa41
-- Now say to yourself "Voila, I've accomplished a really secure password!" Except just add the exclamation mark on the end:
pahaoa41!
Now you have a secure password that you can remember, as long as you can recall: Your name. Your Dad's name. The street where you live. Your telephone number. And how you felt about yourself when you came up with such a secure AND memorable password.
NOTE: It is a MUST that you change password at least once every 30 days. Otherwise, it WILL be guessed, perhaps not in 30 or 60 or 90 days, but eventually a hacker will be able to figure it out. They do this though the process of deduction. How does that work? I'll demonstrate:
Firstly, hackers know that the cPanel system is the most popular control panel. They also know that email accounts on cpanel servers use the email address as the login ID for any mailbox. As soon as they learn your email address, they're half way there.
Secondly, after determining the IP address of your email server (easy to do using an IP lookup of your domain), they set up software to continuously guess your password. Each bad/wrong guess is written in a database so it is not used again.
A note about Linksky server security. Your Linksky hosted email system has what are known as brute force protections. These prevent someone from trying to log in to your account over and over again. Too many bad guesses in a short period of time and your IP address is blocked. This is fine, except if you happen to be a hacker who has thousands of IP addresses handy. You just rotate to using a different IP address after "x" number of guesses and keep on going.
Guesses, even low frequency access password guesses (designed to evade brute force protections) can add up to a cracked account in a relatively short period of time. Let's say there is one guess every 5 seconds. The total number of guesses after only one month would then be north of half a million guesses. If the password is not changed over the course of a year, that number begins to look astronomical at 6,220,800.
Our best advice: Change your online password regularly and keep ahead of this hacker-password-guessing curve. This will go along way to keep your online accounts safe.
Keep Your Scripts Up To Date
This too is critically important. Keeping old, outdated test scripts in a test directory within your web space can offer a window to unauthorized access and perhaps malicious lines of scripting being inserted throughout your account, whether the other installations are up to date or not.
Likewise, allowing Wordpress, Joomla, Drupal, etc. to fall behind even by just one minor version update can be hazardous for your security. Most minor version updates are in fact security patches. The script package developer publishes these updates only after hundreds of websites have been hacked due to some previously undiscovered vulnerability. Failing to perform updates in a timely manner may be equivalent to parking your car on the train tracks. You'd be safe for a while, but the next thing you know everything has gone to shreds.
Even worse, you may NOT know that your site has been exploited/compromised.
The trend these days is for hackers to conduct silent exploits. This is especially true for Wordpress and Joomla sites. This kind of exploit is primary embedded in the database that the package uses and these are more difficult to detect by common exploit scanning methods. (Keep in mind that Wordpress uses almost exclusively database generated content.)
Once such an exploit has been achieved, the website can then be used for all sorts of nasty stuff, including:
-- Being incorporated as part of a bot-net designed to attack and damage other sites, servers, and networks.
-- Being incorporated as part of a bot-net that is used for criminal ransomware lockups.
-- Using your hosting account and the Linksky service processors to manufacture black market bitcoins. (This would be similar to having criminals break into your basement and set up a counterfeit money printing press.)
The list goes on and on regarding what a hacker could do once they get a foothold in your hosting account due to some vulnerable script. And if you believe your test directory, etc. may be hidden, then please rest assured that anything within your public root web area can be found, and usually quite easily. Hackers often use Google.com to find vulnerable files. They can do this because the Google Bot is quite aggressive. Unless you have installed a Google Sitemap or a robots.txt file in your root web that directs the Google bot NOT to crawl certainly directories or file types, then all a hacker has to do is use a keyword search at Google.com to find your vulnerable files. Another method comes out of knowing where vulnerable files usually reside. The hacker will test your URL with the typical directory extensions and file names to find the security vulnerable file that could give them access.
And again, once any hosting account has been breached, it becomes a trivial task to insert multiple (dozens or even hundreds) of back-door scripts all throughout the hosting account. When this happens it makes a total rebuild of your site almost inevitable, and that could take months. On the other hand, it only takes a minute to log in to your admin page or dashboard to click the update link.
IMPORTANT NOTE: Installed plugins for any content management system (e.g. for Wordpress, Joomla, etc.) are also extremely important to keep up to date. For example, by default Wordpress plugins have direct access to the core database/installation. Website owners need to make sure only quality plugins are installed from developers who keep pace with needed security patches, etc. and who publish updates as frequently as is required. Otherwise, the entire script package installation where the plugin is installed could be compromised, even if the CMS package is kept totally up to date.
Keylogging
Hackers who design malware to steal passwords often use keylogger scripts.
A keylogger is a type of spy-ware often installed by a computer virus. The script runs a program to make log file entries of all of the computer user's key strokes. The log files are covertly sent to the hacker at various intervals. After a period of time, the hacker will sift through these logs to find access credentials that have been entered by the user. These logs can contain additional information useful to the hacker such as the addresses/URLs which were used to log in at the time the password and other information was entered.
Hackers take advantage of the fact that most people place their focus on the SSL security lock icon on log in webpage, but know little or nothing about this kind of spyware. No amount of webpage encryption will prevent a keylogger script from doing its work; not 32 bit, nor 264 bit encryption, nor will using 26 character passwords. NOTHING will keep your password from being stolen if your computer has a keylogger installed. Why? Simple! A keylogger records the key strokes as soon as they are typed and well BEFORE they can be encrypted.
Of course, the best protection is to avoid getting a key-logger installed on your PC in the first place. Even if you do your best to keep from downloading freebie games and tool bar utilities (which can be Trojaned to install compromises), or from clicking on those tempting file attachments in email messages, you still need more protection.
Linksky strongly advises that every Windows PC owner install insurance against keylogger scripts. We recommend at least the free version of the anti-keylogging software offered called QFXsoftware.
This utility will scramble your keystrokes before a keylogger script can record them. If you do have a keylogger installed, what is recorded is scrambled text that they can't use. This should not interfere with any programs you have installed, nor any of your PC's internal operations.
Disclaimer: LinkSky Value Host Inc, is not an affiliate of QFXsoftware.com. We do not receive any kind of reward or financial kick-back from recommending their product(s).
In Conclusion
This post is not nearly a comprehensive approach to internet security for website owners. But we did cover enough to give you some good basic groundwork upon which you can build a more complete foundation. Not included here is mention of social engineering techniques that can be used against most any online organization, nor the individual package enhancements that can also help to shore up security, such as anti-bruteforce plugins for Wordpress and other similar plugins and extensions to help keep CMS packages safe.
If you are a Linksky member, do not have an IT person to manage security updates, etc. and would prefer not to have to be quite so "on the ball" when it comes to security. Then please know that we do offer two new account plans that feature online website builders which live totally on line and are kept secure by our staff at all times. Side-grading, or opening up new accounts with these website builder plans are every easy to do. Please feel free to ask us for more information about either of these site builder centric plans:
Please feel free to contact Linksky support any time if you have any specific questions or tasks that we can help you with.
Here's to your on-going, online success!
-- LinkSky Value Host - Staff