Hacked and Attacked: Why?

203049 Resource 76407 21 21 1210082084995 1210082084995 Controlled Hacked and Attacked: Why?

San Diego Real Estate Blog and 18 Other Real Estate Sites Still Reeling

One might morph the popular real estate adage for applicability to marketing websites:  Security, security, security.A <a title="Hacked and Attacked: Why?" href="http://sandiegopreviews.com/2008/04/18/hacked-and-attacked-why/" target="_blank">recent posting by Roberta Murphy</a> describes how her WordPress-based San Diego Real Estate blog was viciously attacked by unknown entities who tried to delete everything ever written at San Diego Previews, <a title="Luxury Homes Digest" href="http://luxuryhomedigest.com/" target="_blank">Luxury Homes Digest</a>, and 18 or so other real estate blog sites.  Roberta is understandably angry about the incident which took her site down, leaving some wondering if she was still in the San Diego real estate business.  But more deeply, she was left wondering, Why someone would bother to hack her site since it did not contain credit card numbers or other sensitive data?Having been responsible for the security side of the <a title="Amplify Your Voice on the Web with a Professionally Managed MyST Blogsite" href="item/196675">MyST Blogsite</a> infrastructure almost five years now, I certainly sympathize with Roberta.  And while I also wonder why some people are driven to such such abusive acts, I have absolutely no doubt that there are lots of such people in the world.  Whether its so-called "script kiddies" doing the Internet equivalent of the joy riding, sophisticated criminals executing well-planned schemes, or well-intended (but not so skilled) programmers trying to address legitimate integration requirements, the Internet is teeming with nefarious activity.Here's a simple rule of thumb:  If your site has any significant visibility at all, it will be attacked at some point.As I described in my <a title="Compromised WordPress Blogs Become an Army of Hacker Zombies" href="http://faseidl.com/public/item/200919" target="_blank">FAS Talk</a> blog, last month I discovered that a federation of hacked WordPress servers—over a thousand servers to date—were (and still are) being used to try to hack into our company web site.  At the time I first noticed slower-than-normal server response times, that site was receiving over 50,000 requests per day attempting to gain authoring access.  Thankfully, our company web site, like every other advertorial marketing site powered by MyST Blogsite, is protected by multiple security layers and was never actually hacked.<img style="MARGIN: 0px 10px 3px 0px" alt="Security" src="docs/security-150.jpg" width="150" align="left" border="0" />MyST SlimeGate™ is one of the security layers that protect all commercial sites powered by MyST Blogsite.  (There are others; see, for example, <a title="Overly aggressive RSS feed aggregators can cause server performance problems; MyST Blogsite introduces new technology to detect (and reject) egregious offenders." href="public/item/178941">Fighting Back Against Big, Hungry, Orange Alligators</a>.)  This layer serves as a blogsite's immune system by killing nefarious requests before they ever reach the blogsite itself and by restricting subsequent access by offending machines through dynamic firewall technology.  Once this immune system layer "learned" to recognize requests from compromised WordPress servers, the 50,000 number quickly dropped to about 20 and response times returned to normal.<hr />Do you have a security related story or question? Post a comment below. 9 application/xml marketing website MyST Blogsite MyST SlimeGate real estate security WordPress Hacked and Attacked: Why? April 18, 2008: San Diego Real Estate Blog http://sandiegopreviews.com/2008/04/18/hacked-and-attacked-why/ Compromised WordPress Blogs Become an Army of Hacker Zombies Somewhere in the shadowy underbelly of the Web, there is an intelligent, and slimy, hacker exploiting WordPress security holes. http://faseidl.com/public/item/200919 Fighting Back Against Big, Hungry, Orange Alligators Overly aggressive RSS feed aggregators can cause server performance problems; MyST Blogsite introduces new technology to detect (and reject) egregious offenders. http://blogsite.com/public/item/178941 false We are just now starting to recover from an attack that has left me stunned... This was an attack not only on real estate blog sites, but also on reputations, livelihoods and peace of mind. Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 127.0.0.1 127.0.0.1 aseidl 68.40.167.222 false true false false true 174050 false false true false false false true 76407 blog blogsite/Blogsite/web