Home / Security / An Early Warning System for Hacked Sites 
Security
Aug
18
2008
An Early Warning System for Hacked Sites
Written by Steve Burge   
Avatar

After Joomla's recent security issues, people have been double-checking their sites. In some cases it's easy to tell if your site has been hacked (the large Turkish flag and blaring music are strong hints) and on other occasions, the hackers might leave no trace.

One of my colleagues found a very subtle hack ... his robots.txt file has been altered to block his entire site from being indexed by Google. The hack had been in place since June, causing him to lose all his rankings. It's likely that this was a highly motivated rival rather than just another group of script kiddies.

Is it possible to defend against these subtle attacks? In this case, yes.

How to Track Indexing Problems Daily

  1. Register your site with Google Webmaster Tools
  2. Go to Tools >> Gadgets
  3. Select "Crawl Errors"
  4. Repeat with all your important sites.
  5. Visit your iGoogle.com page daily. You'll see any crawl errors as soon as Google does. In the case of the hack mentioned above, the "URLs restricted by robots.txt" would jump to 100s or 1000s:
 

Read more articles by this author:

Comments  

 
#1 DannyG 2008-08-18 13:40
Cool tip.
One of my sites got hacked i also used Xenu's Link Sleuth.
Took a few minutes to run and you never know those nice little script kiddies may have left you a nice link back or popup to a cool Turkish bathing.
;-)
Quote
 
 
#2 Steve Burge 2008-08-18 16:18
Hi Danny

Thats a nice tip ... I see hidden links inserted often in Wordpress hacks. Unlikely to be long before hacks become more common in Joomla too.
Quote
 
 
#3 DaveC 2008-08-18 19:42
Another important thing to do is to keep an eye on the development of your chosen platform. All of them Joomla, Wordpress, Drupal, etc... have vulnerabilities so you need to keep an eye out for updates. Just like a windoz machine, keep your stuff current!

Also, Backup your site!
Dave
Quote
 
 
#4 guysmiley 2008-08-19 06:27
Another great article - I admittedly read your posts regularly for insights and suggestions. Terrific stuff.

On a side note, I recall a blog post earlier (though I can't find it now) where you ask about the top sites using J!. I came across these devs who have designed a community that runs in J. Now, my question is, are all these sites running this community in J! or are these other CMSs?

http://www.kickdeveloper.com/sshow.html
Quote
 
 
#5 Steve Burge 2008-08-19 07:32
Welcome guysmiley - a nice spot :-)

Kickapps integrates with Joomla but is separate software.
www.alledia.com/blog/joomla-news/kickapps-integrating-community-features-with-joomla/

It mentions that one or two of that list use Joomla.
www.campuran.com
www.trainingforwarriors.com
Quote
 
 
#6 guysmiley 2008-08-19 12:09
Thanks for the quick reply, Steve.

Sniff... I was hoping that some of the bigger (TV) sites were J! driven. I know this is a touch off topic still, but is there any way to determine if a site is J driven other than simply adding '/administrator' to the url, or checking the meta generator tag?
Quote
 
 
#7 Ulas ALKAN 2008-08-19 17:34
hi steve;

your tip is one of the most intresting tip that i've read about joomla security but it's so useful.

thanks
Quote
 
 
#8 deee 2008-08-20 04:29
hi to all

would anyone be able to tell if this affects joomla 1.0.15 as well ?

regards
dee
Quote
 
 
#9 Herbert-Jan van Dinther 2008-08-21 04:20
Hi Steve. Nice Tip going to check it for some sites.

You might also want to consider some external monitoring services like site24x7.com that with its free account even offers a "Web page content check" that you can use to track if certain words to appear, or not to appear on a sites page.
I use it to check if the words like "unavailable" come up to see if the site is in a possible error state.
I will get an e-mail to inform me to check the site.

You can also monitor response times and get a weekly overview of the sites availibility.
Quote
 
 
#10 Iain Mace 2008-08-21 05:51
another tip is to use a script called filist.php - it is very useful but needs to be used with caution (eg delete it once you have finished using it). It displays a list of ALL your files and their associated "last modified" time stamp. You can sort the list and see your most recently modified files. If .htaccess or any other critical files have been modified they will be high on the list, Very useful but just remember to delete it (or at the very least rename it) once it has run. [I had a look for it on the Joomla forum but i couldn't locate it - probably needs some more digging]
Quote
 

Add comment


Security code
Refresh