Well, not really…
Unfortunately, over the past few months, we have seen a rise in the number of sites infected with malware. The most common question we get after such an event is, “How did my site get hacked?” At face value, this seems like a perfectly reasonable conclusion. The reality of the matter is that the servers aren’t being “hacked.” I’m not proclaiming to the world that we are hack-proof. We do, however, spend a lot of time, energy, and resources (read: money!) on this front. In fact, in all of the security related issues our customers have had, never once has it been a case of a hacker “hacking our systems.”
In reality, 90% of the incidents are related to compromised developer machines. Essentially, evil software somehow makes its way on to a developer’s machine and captures the FTP login details. A few hours later, the FTP logs will show dozens of connections originating from all over the world accessing the site. The end result leads to a lot of work, potential embarrassment in front of a client, and angry site visitors.
People who work in the industry generally have pretty good habits. They don’t open attachments from strangers, surf the web on their development machines, or install non-essential software. They change their passwords regularly and don’t hand out credentials and access like after dinner mints. But it becomes easy to let our guard down. The reality is, we are also held to a higher standard. Explaining to a client that all you did was charge your phone or charge some batteries could still result in the loss of a client.
This a friendly reminder for us all to stay diligent, follow good practices, and make sure we do everything we can to keep our developer stations clean.
As for the other 10% of site compromises, they are usually related to a vulnerable application. SQL injections, commercial/free applications that have not been patched or updated, and other application related oddities.