Protecting Your Site5 Account And Other Personal Data
Over the past few weeks we have begun seeing a significant rise in account compromises. These compromised accounts are then used to send out a large volume of SPAM, which leads to our server being put on mail black lists. The account compromises we usually see are normally due to out of date or otherwise insecure PHP scripts. Although script attacks are still a problem, these latest brand of attacks have been much different in style.
The biggest change is that these attackers are logging in to the main FTP account to upload their scripts instead of gaining access through a vulnerable web application. The passwords are not being brute-forced (guessed), so it is possible that they are obtaining them through the use of key loggers installed on client’s machines or perhaps by sniffing insecure wireless networks. Please understand that the passwords are not being obtained directly from Site5 or any of our workstations or servers.
After the attacker gains access to the account, the scripts are uploaded through FTP and then started through the customer’s web site. After the attacker has the mailing script started, the script is then deleted, but it continues to run in memory. This makes it very difficult to determine that you have been compromised because your account directory listing does not look any different.
Site5 is already working on developing some mechanisms that will either stop or help decrease the success rate of these attacks. Some of the immediate changes we are looking into include tougher firewall rules, better process tracking, and custom mod_security rules to block these scripts from being called. We are also looking into long-term changes that will include the implementation of centralized mail servers. A fully centralized mail system would allow us to have greater scrutiny over outbound mail and make it easier to apply changes and further customize our anti-spam configuration. Although these improvements will help reduce the frequency of these attacks, there are still many changes that you can make to prevent your workstation from being compromised and used to send unsolicited mail:
Anti-virus Software
The first step you should take is ensuring that you have anti-virus software installed on your machine and it is up to date. Most importantly, the virus definitions must be current. Anti-virus software is not very effective unless you keep the definitions up to date. New viruses are coming out every day, so you may find yourself unprotected from new threats. More information about anti-virus software can be found at the following URL: http://www.getsafeonline.org/nqcontent.cfm?a_id=1147.
Anti-spyware Software
Similar to anti-virus software, spyware protection will detect programs running on your computer that are spying on your computing activity. Although most spyware is only meant to deliver unwanted ads on your computer, some variants will actually scan your machine for sensitive information (often via key logging) and send it to a third party. Some anti-virus software has spyware protection built-in, but it is important to check with the developer to be sure. For more information about spyware protection, please check the following article: http://www.getsafeonline.org/nqcontent.cfm?a_id=1149.
Network Security and Encryption
It is very easy for someone to capture login details and other sensitive information if you are connecting to an untrusted network and you are not using encryption. For example, if you connect to an FTP server while on a wireless network that is not encrypted, it would not be difficult for someone to capture your login information. If you absolutely have to use an untrusted wireless network, you should either use a VPN or only connect to encrypted services. We offer SFTP (port 22) as an alternative to FTP and you can even connect to your control panel securely by going to https://yourdomain.com:2083. IMAP and SMTP access is also available with SSL support by connecting to port 993 and 465, respectively.
Firewall
It is important that there is some kind of protection sitting between the Internet and your computer. If you are behind a wired or wireless router, you already have a fair amount of protection against most attacks due to the way those devices work. However, if you are directly connected to the Internet, you should consider adding a firewall in front of your workstation or adding firewall software to your computer. For more information, please check the following article: http://www.getsafeonline.org/nqcontent.cfm?a_id=1146.
Phishing
Phishing is another serious threat that you need to be on the lookout for. Phishing is when an attacker attempts to obtain sensitive information from you by forging e-mails or websites (fake bank login pages are common). Someone could easily forge an e-mail so that it appears to be coming from Site5 in an attempt to acquire your account login credentials. If you ever feel uncomfortable about an e-mail that appears to be coming from Site5, please contact us immediately through Backstage (https://backstage.site5.com).
For other great tips regarding on-line security, check out the Get Safe Online website at http://www.getsafeonline.org.
Recent Comments