Labnol: Our Theories On What Happened
CONNECT WITH HBB ON SOCIAL MEDIA
Labnol, (or Digital Inspiration) and all of Amit’s blogs and websites were recently taken down by hackers (Fortunately, they’re back now).
Here are few theories on how hackers gained access, and how you can be safe.
What we know –
- All sites by Amit were deleted
- The hacking happened before 30 June 11:32PM, most probably in a 24 hour timespan.
- They were up and running around 1st July, 9 – 10 PM.
You can refer Amit’s Tweet here: https://twitter.com/labnol/status/219317563564367872
How did the hackers get in?
There are many theories on this. Here are few of them, ordered by plausibility –
- 1. Bruteforce attack on cPanel – If Amit Agarwal had a weak cPanel password, there are chances that his password was bruteforced. Bruteforcing is a technique, in which the person uses as many combinations of letters as he can. The hacker usually starts out with dictionary words, then include numbers, names, birthdates, and so on. If the sites were hacked using bruteforce, it could’ve taken around 1 – 25 hours for the hacker.
- 2. Learning Amit’s password elsewhere, then trying it on cPanel/WordPress – If Amit has same passwords on every site he used, Hackers could’ve cracked a smaller, weaker site he might have registered on, got his credentials, then tried it on his cPanel/WordPress. If they worked there, they were lucky, or else they might have figured out a pattern in the password, which they then tried applying to his cPanel/WorPpress. LinkedIn was recently hacked. Could it be that hackers got Amit’s password from there, and then used it on his blog?
- 3. Exploiting a WordPress plugin – If Amit installed a plugin recently, it could be that the plugin was vulnerable, and hackers got access exploiting it’s vulnerability.
- 4. Exploiting WordPress’ Vulnerability(ies) – Now, this may seem the least likely to you, but there’s still a small chance that one WP’s loophole’s were exploited.
If you believe that WP doesn’t HAVE any loopholes, think about this:
What are those “fixes” that are done on every version of WordPress?
Uh-oh! What can I do?
- 1. Try to change your cPanel username. You have to contact your host for this, most hosts don’t entertain this change, but if your’s do, you’re a lucky person :D.
- 2. Increase your password strength. Your password should be at least 12 characters long. Preferably, having a few numbers, and special characters mixed in (!, 1, 7, *). The way this comic shows is okay too. Below I mentioned some useful resources for a secure password.
- 3. Change your WordPress username. If the people know your username, they already have a puzzle piece in place. Your name shouldn’t be the username, while the generic “admin” is the worst. Changing your username sure gives a extra level of security. (Also, make sure your nickname, which is shown on comments and posts, is different)
- 4. Keep different passwords everywhere. If Amit’s blog was hacked using #2, it’s a good indication that you too have to have different passwords. For example, if the password to your Facebook account and that shady site you were suspicious of are same, that’s certainly not a good thing.
- 5. Keep making regular backups. Backup your database, your wordpress posts, everything. Some useful posts about “WordPress backup”.
I hope that hacking of a big site like Labnol gives a lesson to everyone, you are never to secure. Be sure to follow the above tips, and you’ll (most likely) be safe.
This article is written by Namanyay Goel. He’s a freelance web and graphic designer. He blogs at Mos Le Tech, where you can find design articles, tips and tricks, and tutorials.
Want to discuss your queries and interact with experts? You can connect with HellBound Bloggers (HBB) Facebook group for free!
Join HellBound Bloggers (HBB) and get Instant Updates. We'll also notify you with Great Deals, Discounts and other Interesting Tips. We won't SPAM or SHARE your Email Address with anyone.
YOU CAN ALSO SEARCH FOR YOUR DESIRED TOPICS:
Thank you for reading! We welcome and appreciate your comments, but at the same time, make sure you are adding something valuable to this article. If you have any serious queries, suggestions or anything related to this article, feel free to share them, we really appreciate that.
But, if your blog comments are a random "Thank you", "Useful Post", or anything that doesn't actually upscale the article, then we'll be removing them and it won't be appeared below. Thanks for understanding and thanks for connecting with us. If you want to give us any feedback or report any errors, you can kindly contact us and we'll revert back soon.
- Facebook Comments
54 CommentsFacebook Comments