SSL Encryption

[Blicj11]

My website got hacked and I just finished 36 hours of upgrading the theme, installing a stronger firewall and eliminating malware snippets from the code. I think I am back in business, but I have a question. If I convert my site to SSL encryption, will that impact any WeatherCat uploads, FTP, etc.? If anyone has any any insights or experience, I would appreciate it. I assume at least one WeatherCatter out there is using SSL (HTTPS) on their site. 

Thanks.

[xairbusdriver]

Too sad! And so frustrating! I keep two complete backups of my site on two different machines which might help get things back to normal with a mass upload. But that wouldn't really stop it from happening within minutes.

Do you are using an .htaccess file?

[elagache]

Dear Blick, X-Air, and WeatherCat victims of trying times,

My website got hacked

Wow!  That is extremely disappointing.    Did the hacker appear to target your website for any particular reason?  I suppose these guys can be really bored, but that's really demonstrating a low self-esteem by hacker standards.

If I convert my site to SSL encryption, will that impact any WeatherCat uploads, FTP, etc.?

I haven't switched.  As far as I know, it will cost you extra and while people are taunting it as better security, I don't think it make your website less vulnerable to attack.  All it does is make it impossible for someone to view the contents of your website if they were ease-dropping on somebody who was viewing your website.  HTTPS is more to protect the privacy of your visitors than to protect your website.

If you want to make the switch the only ones effected will be people who have a link to your existing website.  You can solve any broken bookmarks by having a redirect from the HTTP version of the site to HTTPS.  That might be provided automatically when you upgrade the service.

I hope that is some help.

Edouard

[xairbusdriver]

I forgot to mention it yesterday, but I hope you've changed your password at your hosting service, especially the FTP password, if it's different.

[Blicj11]

I'm pretty sure my hack was by bot rather than directly by a human. I certainly did change my password and now have a full blown firewall enabled, which is showing me who is trying to do what and it is amazing. Bots from China, Russia, Brazil and the US and been hammering at the site all day, searching for non-existant files, which I suspect are malware snippets inserted into the PHP. It's been pretty interesting to see the bot traffic hammering away. i would never have guessed my site would be the recipient of all this. I've also had someone trying to login to to the site (although that is probably just Xair trying to prove it can be done).

Edouard, thanks for your comments. I will take that into consideration.

I have installed a firewall that is in learning mode for 1 week to determine what happens with the site and who accesses it. After the week of learning mode, it will kick into a more aggressive protection mode. So far so good.

Is anyone actually using SSL encryption on their site?

[xairbusdriver]

Another tack is to be sure any PHP/us/etc code used on your site has up-to-date security built in. Bots are simply ways to give hackers more free time. The bot does the hard work and sends a text back to its 'creator' when it finds a hackable site. Sounds like you've done your homework well. Makes me take a better look at what I have set up at my hosting company.

[Bull Winkus]

Sorry to hear that you got hacked, Blick. Maybe that firewall will shore things up a bit, and keep the blood suckers out.

I don't operate a site, so I can't help with your question. I did have something strange happen today, though. Thought I'd share it with you, though it has nothing to do with operating a site. I was playing with the screen maximized in Minecraft. There were no other programs running. Suddenly, the Minecraft workspace slid to the side and iTunes launched. It appeared as though someone was using it for a few seconds, as some things would move. Not knowing why it was going on, and having just installed 10.11.6, I immediately thought it might be related. I quit iTunes, and switched back to the Minecraft screen. Less than a minute later, the same thing happened again, and I was staring at my iTunes screen.

"OK? I can fix this." I thought. So, I did a menu restart of the computer immediately after quitting iTunes. After it had restarted, I logged in and went to the System Preferences / Users and Groups, and changed my password. Then I went to the Sharing panel and found that Remote Login was enabled, so I killed that. Haven't had any more issues.

First time having any issue with Internet pests. I hope it's my last.

 

[Blicj11]

Weird interaction Herb. Steve Jobs having a little fun?

[xairbusdriver]

Do you have a WiFi network? If so, do you require passwords to access it? WPA/WPA2? Do you allow "guests"?

Is that a interweb-connected game?

Do you have a dog or cat?

If "No" to all the above, try wrapping your Mac with aluminum foil (including the screen)!

[Bull Winkus]

Lol! You guys!

I guess if it was Steve Jobs, I should feel honored, huh?

I've got a cat. He's an outside cat. He's really not mine. Somebody didn't like him, so he was transplanted to my neighborhood. I'm pretty sure that he doesn't use a PDA of any kind. My router allows guest networks, which are not connected to by the computer. The main network has a very secure password. The game has a multiplayer component, but I was playing solo with no Internet connection or path through the router.

I suspect the Remote Login, though I've no idea how someone could find me and connect. I'm not even sure how that works.

 

[xairbusdriver]

My router allows guest networks, which are not connected to by the computer.

But the network is connected to your Mac, right?

I was playing solo with no Internet connection or path through the router.

You had disconnected from the router and thus, the Internet?

Enquiring minds...

Is your Mac connected directly to the (Cable/Satellite/DSL) modem
OR
to the WiFi router (which is connected to the incoming Internet connection [modem]).

[elagache]

Dear Herb, Blick, X-Air, and WeatherCat "communicators with those from beyond" . . . . .

I guess if it was Steve Jobs, I should feel honored, huh?

  . . . As long as it was Steve Jobs, why didn't you ask him something useful, like whether or not Tim Cook should be sacked! . . . 

Seriously, sorry to see that happen to your Mac Herb. 

I suspect the Remote Login, though I've no idea how someone could find me and connect. I'm not even sure how that works.

Check the Console application and look for logged messages from the time this happened to you.  You should see something in the system.log file if there was somebody remotely logging in.

Cheers, Edouard 

[Bull Winkus]

Geeze guys! I didn't want to hijack Blick's thread. I just thought this was a quick and amusing incident loosely related. Blick's the one with an issue. My incident was over in less than 5 minutes with no loss.

X-Air, the router is connected to the DSL modem. Connected to the router are 2 computers and a VOIP device from Vonage. Oh, and WiFi, with 2 computers, 1 iPhone and 1 iPod and 2 Apple TV devices. A guest network is a completely separate network from the network shared by the computers, devices, and WiFi. It ports directly to the WAN. The game program has WAN abilities, but separate. During log-in, it registers with the developer's server, and sends updates on what kind of play is done, but the multiplayer online playing is served remotely and interacted with in a different part of the software package from what I was using. I wasn't connected to that (logically), however I was still connected to the LAN (physically), and the LAN was connected through a firewall to the WAN. But the game that I was using was local to the computer only. It wasn't even using the LAN, except for its spy reporter that I allowed in the preferences. In short, the ports used by the game during multiplay were not open.

Edouard, Steve and I haven't been on speaking terms since he quit and left me hanging with a lot of concern for my stock. Lol! Though if he wanted to break the silence, I'd be open to listening to his excuses.

On your suggestion, I combed the System Log for something that would help me identify the time that it happened. I found where I had started Minecraft, where iTunes popped out, the shutdown, restart and where I started Minecraft again. I don't really understand the rest of the stuff, but there was some remote action, I think. I'll attach the log, if anyone wants to translate. I tried my best to only get the pertinent part of the log, so it's not too long. My first time trying to get anything out of one of these long log files.

 

[elagache]

Dear Herb, and WeatherCat cyber sleuths . . . .

On your suggestion, I combed the System Log for something that would help me identify the time that it happened. I found where I had started Minecraft, where iTunes popped out, the shutdown, restart and where I started Minecraft again. I don't really understand the rest of the stuff, but there was some remote action, I think. I'll attach the log, if anyone wants to translate. I tried my best to only get the pertinent part of the log, so it's not too long. My first time trying to get anything out of one of these long log files.

I looked through the log files and nothing jumped out at me indicating that someone had connected to your machine.  It is sad to see the amount of errors that are being dumped into the system.log file.  Given the amount of errors being spewed out during "normal operation," it is amazing our computers run as well as they do!

The only think that bothered me was a few statements like this one:

Code: [Select]

7/29/16 4:59:11.844 PM com.apple.xpc.launchd[1] (com.apple.preferences.users.remoteservice[452]) Service exited due to signal: Killed: 9
Do you recall if you caused remoteservices to terminate?  The other log also has some messages from launchd indicating processes were terminated.  I just checked my Console and I don't have messages like that at all.  So it doesn't seem that common.

Sorry, that's all I come up with.

Edouard

[Bull Winkus]

I had the same thoughts about the many errors reporting.

Re: Service exited due to signal: Killed: 9 -- I was thinking that might have been due to my disabling Remote Login. Remember, I was in Minecraft, and without warning or action on my part, the screen switched to iTunes (presumably on launch). The first time, I quit iTunes and resumed playing. The second time. I quit iTunes, quit Minecraft, and rebooted, then went straight to System Preferences/Sharing/ and disabled Remote Login.