How do Hackers get in?

09 Nov 2013

People that don’t want to worry about the technical side of running a blog must feel helpless when it comes to preventing hackers from entering their website. There’s lots of conflicting and unhelpful advice and what is out there is often technical. This post will try and demystify some of the reasons that hackers get into a site which should help in understanding other sources.

When someone views your blog in their web browser, the following things happen:

  1. The browser asks your host for a file, such as MyPost.html
  2. If the file exists the host sends it. Otherwise it passes the request to your blog software, such as WordPress
  3. WordPress figures out that it’s supposed to show a post called MyPost and loads the content of the post and the comments from the database
  4. WordPress loads the theme for your website and starts executing it in order to generate the HTML page that will be sent to the browser.
  5. As it’s going through the theme it’s also executing plugins and core functions that have hooked into the theme. For example, a plugin might add a link to Twitter after the post. The core of WordPress also adds the sidebars, menu, and the contents of the post itself.
  6. Upon receiving the entire page, the browser starts asking for some of the files referenced in the page such as images, stylesheets, and scripts.

What do hackers change?

Hackers work their evil by adding something else into the page or replacing it entirely. They may add extra links, replace your site with a message, or inject malicious code that is served to the web browser.

It’s helpful to think of a blog engine as having the following components:

web server
+- blog core
|    + Code
|    + Static files
|    +- theme
|       + Code
|       + Static files
|    +- plugins
|       + Code
|       + Static files
|    +- database content
+- other files such as media

A hacker must compromise one or more of the above in order to change your site.

  • They can overwrite code files in the core, theme, or plugin to add links, change the content, or run their code on your server
  • They can change the data in the database so that your blog software silently sends whatever they want to the browser
  • They can change media files or static files such as JavaScript to add their own code. For example, they could inject ads or malware into your web page by changing the JavaScript.

How do they change my site?

There are a few ways hackers get in.

  • Guessing passwords - if hackers can guess your FTP or admin passwords then they can change or add posts, or change theme, core, and plugin files.
  • Trojan horse - the malicious software can be bundled with a theme or a plugin. It could be as simple as the plugin adding a spam link to your site, it could be more complicated like a back door
  • Exploiting a vulnerability - Software is written by humans and subject to mistakes. If the hacker can give the script input it didn’t expect, the results might allow the hacker to change files or the database.

How do you protect yourself?

Once you know how hackers do what they do, the solutions become apparent:

  • Get your themes from reputable sources, such as your CMSes offical site or well known commercial sites
  • Limit the plugins you run, and stick to popular ones. This will limit the ways an attacker can get in, and also make sure your site is faster
  • Check for updates frequently and make sure you update when they become available
  • Choose a strong password for your administration and FTP accounts
  • Scan your site for vulnerabilities, including signing up for Google Webmaster Tools