Greetings people of asdaqua, I’m here to threaten your security or just save it from me if I ever get mad at you guys. Just look below for ways I can hack your site. As well as preventing it from happening.
Upgrade to the newest version of WordPress
1) I would look up known vulnerabilities in old versions of WordPress. Then I would scan the web looking for sites that are running an old version of WordPress that I know has a hole in it. I would automate the whole process. Once my automated script finds your blog running an old WordPress version, I would simply drop right in through the hole that security databases have known about for months or even years.
You can stop me from doing this by upgrading to the latest version of WordPress which is version 3.2.1 at the time of this writing.
2. Upgrade all your themes and plugins to their newest versions
In case you’re running the newest WordPress, I would look at your themes and plugins. I would try to find an old version of a theme with a known hole in it. Then I would drop right in and have my evil way with your server.
You can stop me by keeping all your themes and plugins up to date and upgrading immediately when a new version is released.
3. Get rid of the ‘admin’ user
If your WordPress core files, themes and plugins are up to date, I would try to guess your ‘admin’ password. I know the ‘admin’ user exists on most WordPress sites, so I would write a script that keeps trying to log-in using all the words in my dictionary.
You can stop me by creating a new user with “administrator” privileges. Then delete the old admin user and make sure you assign all admin’s posts and pages to your new admin user.
4. Make sure all your passwords are strong
OK so your site is a little more secure than I thought. But I’m not out of tricks yet. When you publish a blog entry, I will look at the name of the user who published the post. Then I will use my good old automated password guessing script to throw a whole dictionary at your login page using the username that I saw authored your newest blog entry.
You can stop me by making sure your password doesn’t exist in a dictionary and uses numbers and a mix of upper and lower-case letters.
5. Know what other web applications you have installed
Hmmm. You’re a tough customer. But I’m not done yet. WordPress isn’t the only application I could use to get in. Many websites also have forum software, helpdesk software and other applications installed. Security holes are regularly discovered in these applications, so I will scan your site and find out what other apps you have and see if any of them are old versions with known security problems.
You can stop me by making sure all your other applications are up to date and don’t have any known security holes in them that the vendor may have released fixes for.
6. Make sure all other public services running on your web server are secure
Your site looks secure so I’m going to fight dirty. I will use a tool called ‘nmap’ to scan for open ports on the machine that runs your WordPress installation. Ah I see you have an email server running IMAP along with an FTP server. I’ll try to log in to your email server and FTP server by guessing your passwords. I’ll also check to see if the server software or the operating system is an old version that has known security holes I can exploit.
You can stop me by making sure your blog host keeps your WordPress server secure and up to date. They should be running a new version of Linux or whichever operating system you are using. The operating system should have the latest patches and all services running on the machine should be known about, should be necessary and should have hard to guess passwords. Don’t be afraid to quiz your blog host about this.
7. Make sure you don’t get social’d
Well, your site seems too secure for me to hack in using my tech skills. So I’m going to use my charming personality. I’ll call you up, pretend I work for your hosting company and try to get any information from you that might be useful. Passwords would be first prize, but I’ll take anything I can get: Staff names, your favorite pet, internal phone numbers, products and services your company uses, your birthday, anything that might help me guess passwords or find juicy targets that give me a way in.
You can stop me by making sure you never give out passwords over the phone and don’t give out information unless you’ve verified who you’re talking to. A good tactic if someone has called you is to simply ask them for a call-back number. Then verify who the company is, that the number belongs to them and call them back.
Look, i mean no harm, but I care for your safety. Plus I would never ever never ever never ever never ever try to hurt you. But maybe by making a rival website hahaha, but still in developments. So I am not in any legal trouble or parental because I’m not doing anything but saving, I repeat saving your website from hackers, which I am not and never had hacked due to fear of.”youness, you have been convicted of “acking the cia and will be sentenced to jail for eternity”
Ok lets see how you harmed us:
1) Trying to make a website that is basically a “rip-off” of ours.
2) Attempting to HACK OUR WEBSITE, really that’s a threat
3) Integrating our website with another? Phh really?
P.S.: Under the name it says email@example.com DERP DERP
P.S.S.: Your name just made it look obvious that you are youness DERP DERP DERP
Allen I’m not threatening you but insisting ways of preventing to be hacked. And plus my idea for a website started long ago before asdaqua so in no way possible that my website is a rippoff of yours. This is not youness out
To make the long story short, your not only threatening us, but hacking us as well. That really convinces us to agree to you, which we never will.
Hey guys! It’s really cool you made this website! And thanks goodness for auto correct, you have no idea how many words I just misspelled
Fill in your details below or click an icon to log in:
You are commenting using your WordPress.com account. ( Log Out / Change )
You are commenting using your Twitter account. ( Log Out / Change )
You are commenting using your Facebook account. ( Log Out / Change )
You are commenting using your Google+ account. ( Log Out / Change )
Connecting to %s
Notify me of new comments via email.
Notify me of new posts via email.