You may have noticed that the site was off line for a period of about a week early last month which was the result of an attack by hackers. I have no idea why they would be interested in my site in particular other than it was there and it represented a small challenge. The attack was ultimately pretty devastating as several MySQL databases were deleted. The hacker then contacted me to try and get me to pay to sort out the problems that he had caused. But as they didn’t have the files they had deleted they had nothing of value and I wasn’t interested in paying.
All of this has led me to take a long hard look at the security on my server and it was a humbling experience. I was able to find the holes in the setup that had allows the sites to be hacked in the first place. The issue was that I had set the wp-content folder to 777 in order to get media uploads to work on WordPress. I also knew that this was a bad thing and promised myself that I would go back to it quickly and sort it but, of course, I never did and paid the price of not doing so. This enabled a nasty program called C99 to be installed and from there the hackers could do pretty much anything they wanted.
I spent the best part of a week putting the server back together again and plugging the holes that shouldn’t have been there in the first place. I have also strengthened my backup routine and put in place some jobs that will keep an eye on the server and alert me to anything suspicious. I will blog about what I have done at a later date.
However, the root of the issue was having the wp-content folder set with the wrong permissions. Don’t do it not ever! But a quick search on the web shows that this is not an uncommon issue – not being able to upload media to WordPress unless you do set the permissions to allow anyone access. Rather late in the day I have realised that the reason it wasn’t working for me was that the user that was trying to access the folder when I was uploading was different to the user that created the folder when WordPress was installed. Realising that and making the appropriate change has solved the issue and prevented me from setting it to 777.
I recommend that you take a look at your installation right now and don’t put it off. Not doing so could leave you with a nasty feeling when you realise that some low-life hacker has gone in and destroyed several years work. It’s not a good sensation.
One comment on “Hack Attack!”