Labnol: Our Theories On What Happened

labnol hackedLabnol, (or Digital Inspiration) and all of Amit’s blogs and websites were recently taken down by hackers (Fortunately, they’re back now).

Here are few theories on how hackers gained access, and how you can be safe.

What we know –

  • All sites by Amit were deleted
  • The hacking happened before 30 June 11:32PM, most probably in a 24 hour timespan.
  • They were up and running around 1st July, 9 – 10 PM.

You can refer Amit’s Tweet here: https://twitter.com/labnol/status/219317563564367872

How did the hackers get in?

There are many theories on this. Here are few of them, ordered by plausibility –

  • 1. Bruteforce attack on cPanel – If Amit Agarwal had a weak cPanel password, there are chances that his password was bruteforced. Bruteforcing is a technique, in which the person uses as many combinations of letters as he can. The hacker usually starts out with dictionary words, then include numbers, names, birthdates, and so on. If the sites were hacked using bruteforce, it could’ve taken around 1 – 25 hours for the hacker.
  • 2. Learning Amit’s password elsewhere, then trying it on cPanel/WordPressIf Amit has same passwords on every site he used, Hackers could’ve cracked a smaller, weaker site he might have registered on, got his credentials, then tried it on his cPanel/WordPress. If they worked there, they were lucky, or else they might have figured out a pattern in the password, which they then tried applying to his cPanel/WorPpress. LinkedIn was recently hacked. Could it be that hackers got Amit’s password from there, and then used it on his blog?
  • 3. Exploiting a WordPress plugin – If Amit installed a plugin recently, it could be that the plugin was vulnerable, and hackers got access exploiting it’s vulnerability.
  • 4. Exploiting WordPress’ Vulnerability(ies) – Now, this may seem the least likely to you, but there’s still a small chance that one WP’s loophole’s were exploited.

If you believe that WP doesn’t HAVE any loopholes, think about this:

What are those “fixes” that are done on every version of WordPress?

Uh-oh! What can I do?

  • 1. Try to change your cPanel username. You have to contact your host for this, most hosts don’t entertain this change, but if your’s do, you’re a lucky person :D.
  • 2. Increase your password strength. Your password should be at least 12 characters long. Preferably, having a few numbers, and special characters mixed in (!, 1, 7, *). The way this comic shows is okay too. Below I mentioned some useful resources for a secure password.

    – Tips For Creating Secure And Strong Passwords

    – Is Your Password Hackable? [INFOGRAPHIC]

  • 3. Change your WordPress username. If the people know your username, they already have a puzzle piece in place. Your name shouldn’t be the username, while the generic “admin” is the worst. Changing your username sure gives a extra level of security. (Also, make sure your nickname, which is shown on comments and posts, is different)
  • 4. Keep different passwords everywhere. If Amit’s blog was hacked using #2, it’s a good indication that you too have to have different passwords. For example, if the password to your Facebook account and that shady site you were suspicious of are same, that’s certainly not a good thing.
  • 5. Keep making regular backups. Backup your database, your wordpress posts, everything. Some useful posts about “WordPress backup”.

    – Using phpMyAdmin To Backup WordPress Database

    – Solid Tips For WordPress Backups [Simple Guide]

Conclusion

I hope that hacking of a big site like Labnol gives a lesson to everyone, you are never to secure. Be sure to follow the above tips, and you’ll (most likely) be safe.

USEFUL: 20+ Basic Tips To Protect Your WordPress Blog

This article is written by Namanyay Goel. He’s a freelance web and graphic designer. He blogs at Mos Le Tech, where you can find design articles, tips and tricks, and tutorials.

Do Your Part To Prevent Internet Censorship

Internet censorship is the control or suppression of the publishing of, or access to information on the Internet. It may be carried out by governments or by private organizations at the behest of government, regulators, or on their own initiative. (via Wikipedia)

Internet CensorshipInternet censorship is hot topics these days. Indian Government has blocked a handful of site, UK has censored The Pirate Bay, and loads more. Many people are protesting, and against this censorship, as they believe in a free (and better) Internet. This article will detail what you need to know about internet censorship, and how you can help preventing it.

Uhh… I see you wrote that India’s government is censoring things? Is it true?

Yes. The Government of India is censoring many sites. A few examples are vimeo and pastebin.

This all sparked when the producers of movie “3” took the matter of piracy to the court. Kapil Sibal, along with others, passed an order to censor many types of websites. Many video websites have been censored because of this.

Also, UK censored PirateBay? Why?

The reasons are obvious. The Pirate Bay promoted piracy, and UK couldn’t take it anymore. The good news is, people can still access the site, either by changing their DNS, or using Proxies.

Is anyone doing ANYTHING?

Yes. Censoring The Pirate Bay has led to the rise of many Piratebay Proxy sites, which can be easily used by one to access all torrents of The Pirate Bay.

For India’s issue, Anonymous has launched Op_India. There is also going to be Occupy India, with Occupy Delhi coming up on 9th June. You should follow Op India on Twitter, and like this page for regular updates.

Okay.. So tell me, what can I do?

As a internet user, there are a lot of things you can do.

Own a website? Sign up for Internet Defense League

The Internet Defense League aims to have a kind of a “Bat signal” for the internet. A code is given to a webmaster, and the code is updated when some movement is launched. If the webmaster updates the code, he takes part in the protest against the movement.

In the US? Sign to stop American Censorship!

Stop American Censorship is another movement by Fight for the Future, this is specially for the US.

Not is US? Petetion against State Department!

Google details some easy steps with Take Action. Google launched Google Take Action, which allows user to take part with a simple tweet, and google’s hashtag. The tags are counted, and then are used against internet censorship.

Prevent PIPA and SOPA from happening, Stop the Internet Blacklist Bills!

Stop the Internet Blacklist Bills is a site promoted by Mozilla, which needs a simple zip code.

Demand Progress! Another movement to stop Internet Blacklist Bills!

Demand Progress is aimed to stop the internet blacklist bills, and adds you against the US senators.

Just following these steps will make you a better net citizen. Who knows, your vote might be the deciding one in stopping Internet Censorship?

Guest Blogging Vs Social Media. Which Is Better?

guest post vs social mediaReading a few articles on SEO will tell you, that there are two main ways of promoting your blog and getting readers – Guest Posting, or Social Media. However, each work out only for a specific group of people. This article will discuss the pros and cons of each, and will conclude with which is better for you, the blogger. What are they?

Guest Posting – Posting an article on another blog, as a “guest”. Thus called Guest Posting. A guest post usually gives you 1 – 2 dofollow links at the end of the article.

Social Media – Using social networking sites such as Facebook, Twitter, and Google Plus to promote your blog. Using social media may have different results based on the person.

Pros and Cons of Guest Posting/Blogging

Pros

  • Have around 2 dofollow links – These links are placed at the end of the article, and thus are sure guaranteed to be seen by the readers.
  • Have author description – The description tells people about you, and your work, that other types may not offer.
  • The links are valued more than others – You may think, that a link in the comments will give you same credibility of the link in the article, so guest posting would be useless. Actually, that is wrong, and links in the article are valued more by Google. Moreover, links in the comments are usually nofollow, which gives no actual SEO benefit. Then, links in the comment have less chance of being clicked, whereas links in the end have more chance of being clicked, thus having more authority.
  • Target Audience – posting guarantees that your links are shown to the target audience. This means, that if you have an SEO blog, and write a post about SEO, the only visitors will be the people searching about SEO, not something entirely different.

Cons

  • The most obvious disadvantage is that you have to write a big, long, suitable article everytime, for the actual owner of the blog. This is not necessary in other methods.
  • You have to contact the admin, which could take time, and thus results aren’t instant.

Conclusion

The links in the author description are high valued by Google and Readers alike. On a blog with good ranks, this could be a potential boost to your SEO. The only problem is that you have to write an article everytime, which may not be everyone’s cup of tea.

Pros and Cons of using Social Media

Pros

  • Very easy to do – All you have to do is copy the link from the article, and paste it on your profile. No need of doing something tough.
  • Mass exposure – If you have 200 friends, you got your link to 200 people, with no actual work.
  • Easy to spread the word – Your post has chances of going viral, and thus getting loads and loads of readers with this method.

Cons

  • The post is not shown to target audience. If you have 200 friends, it’s not necessary that all 200 of them are interested in the topic. Most probably, 5 – 10% of them would be interested.
  • Amount of clicks. Even if you have 20 – 30 people familiar with the topic, there will be only a few that click the link. Maybe because the info presented in that article is known to them, or they just miss the link.

Conclusion

Upon reading this article, it would be obvious that only a certain type of people get benefits from the methods.
Guest Posting is always appreciated, and if you are a good writer, then you can establish trust. It is a bit difficult, I agree, but it gives you an SEO boost if not readers.

Using Social Media is very easy, you can get views, but they are not guaranteed. Thus, we can say that Guest Posting is great for people of all types, but they do need to have a bit of writing flair. Social media may not prove beneficial to those who do not have friends interested in the topic, but if they have a page, with good number of likes, and they post the link there, it is sure to attract some attention, and get readers.