Is it always useful to be on the lookout for the signs of your blog being attacked, even if you do not think it has been attacked. These signs might just reveal an attack has taken place.

First, posts could be changed to display strange messages. This is in a way counter productive as it is quite often the first indicator that you have been attacked and why you notice the attack. If the messages weren’t there, you would never know about it. But it seems this is what the attackers want – you think you have cleaned up the attack but there is still something somewhere.

After this, executable files might be left on your server, which can install viruses onto readers’ machines or allow access for the hackers. If you know the date of the attack, look in your downloads directories for any files added since that date.

Another obvious sign is that your permalinks change and suddenly add a bit of code and strange characters. ‘eval’ appearing in your permalinks is a sure sign of an attack and is the attacker leaving a way of running hidden code through the links.

Lastly, you should also keep your eye on new user ids created. WordPress does email you if any new users are created, but it is easy enough for the attacker to change the admin email, add the new id (and receive the email confirmaton) and then revert the admin email. So check in case suddenly new admin ids are appearing.

And if you find any of the above it is not just a case of clearing them out as you will probably leave more parts of the attack elsewhere. If you find you have been attacked, it is down to those backups and reinstall the blog from fresh. Cleaning the damage might not remove it all.

Want to know how to do these or other security considerations? Come back again, or follow the blog security tag.

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)