ExpressionEngine and hacking
EE is seen as a very secure product but it's not immune to hacking. This isn't going to be a ExpressionEngine versus WordPress journal entry but to shorten that particular argument WordPress is victim of its own success. ExpressionEngine however has had on recollection 2 security updates in the last year or so, so there are potential security holes in it. We have had an EE site hacked ourselves. So how did that happen and what did we look at?
With ExpressionEngine being a very little used product compared to other free blogging and content management system tools out there it's not such a targeted platform. If it was more widespread then i'm quite sure it would be become apparent there are more areas in which it would need to be tightened in patched with regards to security.
How did our site get hacked then? It was on a DreamHost shared hosting service. This wasn't our choice and the site was hosted there previous to our involvement. With it being shared the site would have been partnered with possible hundreds of other sites. Upon a single one of those sites being breached allows the others to be manipulated in a devious manner. On this occasion it wasn't ExpressionEngine exclusively that was breached, it was the hosting environment. This was confirmed to us by DreamHost. It's very easy to point the finger in situations like this but were glad to hear of the hosting rather than the software. So what did we do? Well in the best interests of the client we decided to move to another provider, as there's very little we could have done ourselves to prevent future similar problems from arising.
So here are a few pointers in preventing and diagnosing hacking breaches.
- Use a service like Pingdom to monitor the server or hosting environment 24/7. If you are in control of dozens of sites then it's not a good use of your time to visit your and client sites constantly to check over.
- Use the logs within ExpressionEngine to see if the control has been logged into.
- Log in through ftp and check if any files have changed, normally hacking attempts will try and change index.php or index.html and insert spammy links in there to manipulate search engine rankings of illegitimate sites. In the case of ExpressionEngine this will take the site offline immediately rather than the site running but with the different of the links being hidden within the html.
- Your web host should have experience of dealing with server security so ask them as many questions as you feel required to. In times like these you will find out how good your hosting or server provider really is. If you are waiting for a few hours for them to initially acknowledge there's a problem then its a good idea to move to and invest in another web provider.
- Make sure you take regular and scheduled backups of ExpressionEngine files and databases and make sure your hosting has a further backup facility. Paying for this service generally doesnt cost that much more but in times of breaches and file loss this additional expenditure is well worth it.