The New Zealand parliament TV on demand website inthehouse.co.nz was hacked over the weekend. At 8am this morning this is what the website looked like:
When I saw this, it reminded me of the time where a clients website I managed running oscommerce got hacked. A similar although different author claimed the credit. I actually kept a copy of it.
Kind of scary when the database is full of credit card numbers! There is only so much you can do though when you are using a PHP based content management system. Here is a handful of things that you can do if you are using an open source community based application.
- Sign up to the mailing list to hear about issues fast
- Run updates and apply patches as soon as possible
- Ensure that you have set up permissions on your scripts and directories correctly
- Password protect the admin directory (and rename it if possible)
- Use file monitoring scripts to detect hacker activity (see http://www.oscommerce.com/community/contributions,4441)