Selamlar,
Open source yazılımlar her geçen gün daha da popüler oluyor. Wordpress de bunlardan biri. Bildiğiniz gibi Wordpress bir içerik yönetim sistemi, son derece çok plugin ve template desteği ile oldukça yoğun kullanılan bir websitesi sistemi oldu. Hatta dünyada ki websitelerinin %14 ünün wordpress ile yapıldığı bilgileri internette dolaşmakta.
Son günlerde Rusya ile yaşanan politik kriz ile birlikte, Türkiyemizdeki websitelerine oldukça yoğun saldırılar yapılmaya başladı. Hatta geçen günlerde ülkemizin gururu Ayyıldız Hacker Team den yapılan açıklamada ülkemizdeki websitelerinin günvenlik yönünden oldukça zayıf olduğuydu. Bu tabiki çok büyük bir sorun ve halledilmesi oldukça güç. Çünkü binlerce güvenlikten anlayan Web uzmanı bütün websitelerini kontrol edip güvenlik önlemlerini almak zorunda.
Madem bütün dünyada olduğu gibi ülkemizde de wordpress oldukça çok kullanılıyor. O halde wordpress ile yapılmış olan websitelerinde ne gibi önlemler alabiliriz? Bugün sizlere birkaç güvenlik önleminden bahsedeceğim eğer websitenize bu önlemleri yapabilirseniz, en azından otomatik olarak yapılan saldırıların büyük bir bölümüne karşı bir zırhınız bulunacaktır.
Eğer geçmişten günümüze websitelerinin nasıl hacklendiğine bakarsanız, bunun bir kaç evresi olduğunu göreceksiniz, Eskiden websiteleri hacklenir ve siteniz haklendi yazısı çıkardı. Fakat bugünlerde artık siteniz hacklenmekle kalmıyor, başkalarının web sayfalarını sizin sitenizin içine enjekte ediyorlar ve gönderdikleri spam maillere sizin sitenizdeki kendi koydukları sayfaya yönlendiriyorlar yada yazdıkları code ile siteniz üzerinden yüzbinlerce spam mailleri gönderiliyor. Bu yüzden siteniz google ve benzeri arama motorları tarafınan bloke edilebiliyor, yada webserver ip adresiniz kara listeye girerek artık hiç bir büyük mail sunucusuna mail gönderemiyorsunuz ve bu birçok sorunu da beraberinde getiriyor.
Şimdi websitemizin güvenliği için yapabileceklerimize bir göz atalım.
- Wordpress kurulumu sırasında dikkat etmeniz geren birkaç şey var, öncelikle Database prefix inizi mutlaka "wp_" den başka bir şey seçin,
- Kurulum sirasinda sizden istenen yönetici kullanici ismini kesinlikle admin yada administrator şeklinde çok bilinen isimler seçmeyin, ayrica websitenizin ismi, firmanizin ismide olmamalı.
- Kurulum bittikten sonra wordpress security key leri mutlaka wordpress sayfasından oluşturup wp-config dosyasinin içine yerleştirin (eğer otomatik oluşturulmadıysa).
- Hosting firmasından gelen FTP bilgileri ile sitenize FTP client ile bağlandığınızda dosya ve klasör yazma haklarına dikkat edin, klasörler için 755, dosyalar için 644 olduğuna dikkat edin, asla 777 yazma hakkı kullanmamaya çalışın.
- Kurulum bittikten sonra wordpress yönetim panelinden güncellemeleri kontrol edin ve gerekiyorsa hemen yapın,
- Websiteniz sadece firmaniza ait bir site olacaksa ve aktif olarak üye kullanıcılar olmayacaksa post ve sayfalara yorum yazma hakkını ve yeni üye kullanıcı oluşturulmasını kapatın.
- Robots.txt dosyasını kullanarak websitenizin gerekmeyen klasörlerine arama motorlarının uğramasını engelleyin. Eğer WP için önerilen bir robots.txt dosyası isterseniz:
User-agent: *
Disallow: /wp-admin/
Disallow: /trackback/
Disallow: /xmlrpc.php
Disallow: /feed/
olacak şekilde dosyayı hazırlayıp FTP programı ile sitenizin ana klasörüne kopyalayın.
- Sitenizde yaptığınız değişikliklerin sıklığına göre her ay en az bir kez yedekleme yapın.
Bütün bu yapılanlardan sonra, size tavsiyem All in one WP Security isimli plugin yada benzerlerinden birini kurup güvenlik ayarlarını bu plugin in tavsiye ettiği şekilde yapın.
Bütün bu bilgiler bence yapılması gereken en az ayarlar olmalı, daha sonrası için websitenizin büyüklüğü ve işlevliğine göre başka güvenlik tedbirlerini araştırın.
İyi çalışmalar dileklerimle.
12 Ocak 2016 Salı
8 Ocak 2016 Cuma
Securing a Wordpress website against hacking or hackers attack
Hi Guys,
The Wordpress is an opensource content management system (CMS). It is one of the most popular CMS right now. Approximately 15% of the websites on internet uses wordpress. Therefore, hackers are trying every moment to hack wordpress websites.
Why do hackers want to hack your website?
Most of them want to use your website to hosting their own webpages or, they want to send million of spam emails because of earn money. Some of them want to get sensitive information or all emails of your users.
There are a lot of methods to hack a website but famous methods are vulnerability of the source code of wordpress or vulnerability of a plugin on your website.
So you must always update your wordpress website if there is a new update. Fortunately new version of wordpress installs new updates automatically. But you must check the website update page every day or every week for updates.
There are some extra precautions that you can make.
- First of all you must install all updates of wordpress and all plugin updates,
- Secondly, delete or uninstall unnecessary plugins and templates that you don`t use,
- Check out your directory permissions with FTP client. Never use 777 write permissions.
- If you want to use a plugin, check always the update frequency of the plugin. If it is not often updated then never use it.
- I recommend "All in one WP security & Firewall Plugin", this plugin is easy to use and configure. It is a free plugin. This plugin has almost all kind of security improvement settings. This plugin uses especially htaccess file for securing your website thus there will be no changing on your wordpress core files. htaccess file is one of the best website securing method for me. Also it is easy to edit.
- Never use easy password and admin name as admin user.
- If you have some technical skill than my advise is checking your website access and error logs. This log files gives a lot of information about your website visitors. You can see what they want do to and this will give you some idea about their behavior.
- With robots.txt file you can make some extra security too. So my recommendation is:
User-agent: *
Disallow: /wp-admin/
Disallow: /trackback/
Disallow: /xmlrpc.php
Disallow: /feed/
Sitemap: http://example.com/sitemap.xml
You must change example.com to your website name.
The Wordpress is an opensource content management system (CMS). It is one of the most popular CMS right now. Approximately 15% of the websites on internet uses wordpress. Therefore, hackers are trying every moment to hack wordpress websites.
Why do hackers want to hack your website?
Most of them want to use your website to hosting their own webpages or, they want to send million of spam emails because of earn money. Some of them want to get sensitive information or all emails of your users.
There are a lot of methods to hack a website but famous methods are vulnerability of the source code of wordpress or vulnerability of a plugin on your website.
So you must always update your wordpress website if there is a new update. Fortunately new version of wordpress installs new updates automatically. But you must check the website update page every day or every week for updates.
There are some extra precautions that you can make.
- First of all you must install all updates of wordpress and all plugin updates,
- Secondly, delete or uninstall unnecessary plugins and templates that you don`t use,
- Check out your directory permissions with FTP client. Never use 777 write permissions.
- If you want to use a plugin, check always the update frequency of the plugin. If it is not often updated then never use it.
- I recommend "All in one WP security & Firewall Plugin", this plugin is easy to use and configure. It is a free plugin. This plugin has almost all kind of security improvement settings. This plugin uses especially htaccess file for securing your website thus there will be no changing on your wordpress core files. htaccess file is one of the best website securing method for me. Also it is easy to edit.
- Never use easy password and admin name as admin user.
- If you have some technical skill than my advise is checking your website access and error logs. This log files gives a lot of information about your website visitors. You can see what they want do to and this will give you some idea about their behavior.
- With robots.txt file you can make some extra security too. So my recommendation is:
User-agent: *
Disallow: /wp-admin/
Disallow: /trackback/
Disallow: /xmlrpc.php
Disallow: /feed/
Sitemap: http://example.com/sitemap.xml
You must change example.com to your website name.
6 Ocak 2016 Çarşamba
My server is sending a lot of spam (webserver CentOs 6 with qmail smtp)
Hi Guys,
I have a very interesting story about our webserver. Our web server send a lot of spam emails since couple of days, but we can not see any mail queue in qmail smtp server logs. Than our server's ip adres is blocked and listed in spam blacklist. We have checked our websites with some malware programs, such as Malware detect Linux, ClamAv virus scanner for Linux, but there were no php scripts or java scripts. But our server is still sending a lot of spam mails.
This was a very big challenge for me because, I have limited experience with Linux systems, But I am very familiar to command shell that because of the old DOS systems.
Step by step i have used some virus and malware programs on websites and the server local files to locate this malware;
Securi Security Plugin for Wordpress
Anti-Malware Plugin from GOTMLS.net for Wordpress
Malware detect Linux from R-fx Networks
ClamAV Virus scanner for Linux
I have scanned all files on the server with ClamAv virus scanner.
I have scanned all vhosts folders with Malware detect Linux
I have scanned all websites with Anti-Malware Plugin GOTMLS.net
There were no infected file or files.
Ok, So far no resolution.
Today, I have found very useful information on internet, so I have begun to work and THAT's it!!!
I have found the malware infection and deleted file and others, and our server has stop to send spam emails,
What I have done is;
I have checked out my smtp port whether it was intensively used or not with this command;
watch 'netstat -na | grep :25'
I have seen lot of smtp connections and that means malware is active.
Then I have checked out all cronjobs of all users with this command;
for user in $(cut -f1 -d: /etc/passwd); do echo $user; crontab -u $user -l; done | more
And TATAA!!!! one of my FTP users has a cronjob with the strange command,
Then I have edited this cronjob with this command,
crontab -u username -e
I have removed the cronjob line and than deleted the file in TEMP folder, and after that I have rebooted my server.
I have checked out smtp connections again and there were no connections any more.
If you want to learn how to the hacker has hacked your website, you can look at the creation date of this file in TEMP folder, than you can look at all log files of your website from that date. Then you can see your website's security hole and you can fix it.
I have a very interesting story about our webserver. Our web server send a lot of spam emails since couple of days, but we can not see any mail queue in qmail smtp server logs. Than our server's ip adres is blocked and listed in spam blacklist. We have checked our websites with some malware programs, such as Malware detect Linux, ClamAv virus scanner for Linux, but there were no php scripts or java scripts. But our server is still sending a lot of spam mails.
This was a very big challenge for me because, I have limited experience with Linux systems, But I am very familiar to command shell that because of the old DOS systems.
Step by step i have used some virus and malware programs on websites and the server local files to locate this malware;
Securi Security Plugin for Wordpress
Anti-Malware Plugin from GOTMLS.net for Wordpress
Malware detect Linux from R-fx Networks
ClamAV Virus scanner for Linux
I have scanned all files on the server with ClamAv virus scanner.
I have scanned all vhosts folders with Malware detect Linux
I have scanned all websites with Anti-Malware Plugin GOTMLS.net
There were no infected file or files.
Ok, So far no resolution.
Today, I have found very useful information on internet, so I have begun to work and THAT's it!!!
I have found the malware infection and deleted file and others, and our server has stop to send spam emails,
What I have done is;
I have checked out my smtp port whether it was intensively used or not with this command;
watch 'netstat -na | grep :25'
I have seen lot of smtp connections and that means malware is active.
Then I have checked out all cronjobs of all users with this command;
for user in $(cut -f1 -d: /etc/passwd); do echo $user; crontab -u $user -l; done | more
And TATAA!!!! one of my FTP users has a cronjob with the strange command,
Then I have edited this cronjob with this command,
crontab -u username -e
I have removed the cronjob line and than deleted the file in TEMP folder, and after that I have rebooted my server.
I have checked out smtp connections again and there were no connections any more.
If you want to learn how to the hacker has hacked your website, you can look at the creation date of this file in TEMP folder, than you can look at all log files of your website from that date. Then you can see your website's security hole and you can fix it.
Kaydol:
Kayıtlar (Atom)