Security Issues With the Blog
Yesterday, I had been notified that my blog’s web pages sometimes contain malicious scripts. I had to shut down the blog and investigate the issue. Sorry for the inconvenience. I didn’t want to expose you to any threats.
The Unmask Parasites online service was not affected (it is hosted in a different location, and is very secure). It worked all that time. And during the investigation, my blog redirected visitors to http://www.UnmaskParasites.com
I’d like to thank Googlers (John Mueller, Oliver Fisher and Oxana Comanescu) who provided me with details about the issue. The malicious code had been noticed only in a small percentage of server responses (hackers don’t want to be unmasked). I could never reproduce it myself.
My blog is hosted on a simple shared plan since it doesn’t require anything fancy. I combed though my whole account and couldn’t locate any sign of the compromise or any alien code.
I contacted my hosting provider and provided them with all the information I had. They were very responsive and had been investigating the issue for the rest of the day. They took some preventive measures and added traffic filtering so I hope my blog is currently pretty much safe.
Anyway, you shouldn’t trust even sites like mine. Make sure you are browsing the web with a secure browser. If you are on Windows, consider using Google Chrome (it warns if a site references something from blacklisted third-party sites) or FireFox with the NoScript extension. With NoScript, you can enable scripts on legitimate domains that you visit, but any third-party scripts (and most website exploits require loading scripts from third-party domains) will be blocked.
When I have all the details from my hosting provider, I’ll review the issue.
Moving to VPS
Meanwhile I consider moving my blog from shared hosting to a VPS (virtual private server), so that I have full control over the things behind the scenes.
I’m not much of a sysadmin, so I’ll need some getting started tutorials about how to keep the server secure.
Can anyone suggest a supportive and reliable hosting provider with affordable VPS plans? I don’t need anything fancy: Apache, MySql, PHP, Wordpress. I guess 256Mb RAM would be enough.
It would also be great if someone could support Unmask Parasites and this blog and help me purchase a VPS.
Feel free to leave your comments here or contact me directly.
Reader's Comments (2)
Leave a Comment
About this blog
Occasional posts from the developer of
Unmask Parasites about things that hackers already know and site owners should know (if they don't want to be victims).
Exploit reviews, security tips, and all that jazz.
I usually recommend the forums at WebHostingTalk.com as a good place to find hosts (and offers). Personally I’m happy with VAServ (http://www.vaserv.com/) who operate as a number of brands, from no frills unmanaged services upwards.
As I already said you need to reconsider Chrome or Google, they marked things safe when things were unsafe by unmaskparasites or by a simple look at the “view source”
There is no magical way that the big G can detect things when they are not there by any standards. So before saying “you shouldn’t trust even sites like mine” it is worth thinking / taking action to see whether Google or its tactics are safe. For many things they are already unsafe and discarded but I do not want to sound like google hate war here.
What we want is : thing that works practically, usefully and allows us to do browsing comfortably. Google and chrome are not the solution at the moment.