Security of DNI

As I have mentioned, we’re being routinely hacked. So far, the only evidence I can find is a large number of spurious links hidden in the footer (the dark brown area at the bottom of the page).  However, once hackers gain access, articles posted on the Inernet suggest that there is little limit to what they can do.

Many thanks to those of you who have sent suggestions.  It seems that some of our problems could stem from our residing on a “shared server,” in this case, Network Solutions, and I have reported the situation to them.

Most of the rest of the suggestions are far beyond my technical capabilities:

All files should be owned by your user account, and should be writable by you. Any file that needs write access from WordPress should be group-owned by the user account used by the webserver.

/ — the root WordPress directory: all files should be writable only by your user account.
EXCEPT .htaccess if you want WordPress to automatically generate rewrite rules for you
/wp-admin/ — the WordPress administration area: all files should be writable only by your user account.

etc.

And I actually know what some of these words mean.  A few, anyway.

POINT:  Until I can find someone who can assist in securing DNI, you must assume that the site may contain malicious code.  This is true of DNI and from what I can tell of many other blogs because the systems that make it simple to operate the blog also offer a network of ways into it.

VISIT THIS (AND ANY) BLOG AT YOUR OWN RISK. We cannot assume liability.

IF you would like to take the position of CIO here at DNI and have the requisite technical skills — operating WordPress in a shared environment, e.g. — I’d be delighted to hear from you (info at d-n-i dotnet).  We handle all the content, but we need some assistance with an occasional technical issue, and, of course, securing the blog. All we can offer in return is a little publicity, if you’d like, and the satisfaction of keeping DNI online.

In the meantime, please keep your own browser, operating system, and other software updated and follow the security procedures appropriate to your computer.

Be Sociable, Share!

Filed in Uncategorized | One response so far