Hacking can be done in many different ways. Two commonly used methods are explained below.
(i) Account passwords harvesting
In this method, hackers will try to collect website account passwords in large scale. We will call this process “account passwords harvesting”. Details on how they do that are fuzzy. Use of password like 123456 or use of a spyware infected PCs at home are the main reasons. Actually the complexity of the password should be beefed up to at least 8 characters. But th is does not help if the user computer is infected with a keylogger.
(ii) PHP vulnerabilities
PHP has got of lot of very vulnerable and potentially exploitable functions. Hackers have been enjoying these security lapses for a long time. In our servers, we are offering PHP after locking down most of the common security holes in PHP.
Most of the PHP applications like Word Press, Joomla, PhpBB, PhpNuke and its Plugins are community developed. These application may have potential security vulnerabilities and hackers may exploit them. Most of the website hacking are done using vulnerabilities in PHP applications.
All community developed PHP applications are patched as & when new vulnerabilities are discovered. So you should upgrade/patch PHP applications in your website time to time. Failing to upgrade/patch PHP applications in your website is equal to opening a backdoor for hacker in your website.
Mass modification of website files
Once the hacker discovered a backdoor in website either using an account password or using a vulnerable PHP application, he will try to modify your file. We will call this stage “mass modification of website files”. It looks like this stage was automated and they use a special tool, called MPACK, to install malicious IFrames. Usually only main site index documents are targeted (i.e. index.php, index.html, index.shtml, etc.). Malicious IFrames are usually installed at the beginning or at the end of the document.
Corrective actions recommended
We request you to do following as soon as possible:
(i) Immediately change your account password, as well as that of any other accounts that may share the same password. We recommend the use of passwords containing 8 or more random letters and numbers.
(ii) Review your hosted accounts/sites and ensure that nothing has been uploaded or changed that you did not do yourself.
(iii) Most importantly, upgrade/patch all PHP applications installed in your websites with latest updates.
(iv) Finally, Scan your PC with a good anti-virus.