As most of us already aware, a local newspaper has reported that a foreign group, which calls itself Anonymous, launch a cyber attack at 3.30am Thursday 16 June 2011 (Malaysian time) and has named it “Operation Malaysia.” [http://thestar.com.my/news/story.asp?file=/2011/6/15/nation/8902375&sec=nation]. Their target will be website www.malaysia.gov.my. In wake of this event, TM Data Centre team would like to inform you that we will be monitoring closely all security equipment that we have on our data centres and stay on high alert for any sign of security breach attempt to our data centre network. Our team is putting more effort to ensure our security equipment are working at optimum level to protect data centre network and our valued customers.
We would also like to advise you to take a few precautions on protecting your websites and applications. We need to stress again that our security equipment are generally work at network level and traffic signature based only. This means they are not designed to protect website contents/coding and web applications. Unfortunately most successful attacks nowadays are web application attacks and probably including the one which will take place tomorrow morning. This kind of attacks are at the application level such as the notorious SQL Injection and XSS vulnerability attack. In order to protect your web application, listed below are some actions that you need to take which are (modified) tips provided on this link [http://www.eukhost.com/forums/f15/how-prevent-website-being-hacked-6024/]:
2. 3rd Party Scripts and Code Plug-in, widgets or any other code you usually install are written by other people under unknown circumstances. Make sure you research any code you wish to use but you haven’t written yourself.
3. Using exploited PC One of the biggest reasons of Identity theft and an easy way for someone to fetch confidential details to your site(s). Your personal computer could well turn out to be a weak link in this. It could be anything, from an infected PowerPoint file or someone phishing your account details, the vulnerabilities are too many to consider. No matter how secure your actual website is, if the machine you use to access, log in and edit your web pages is infected you stand a grave risk of being compromised and its outcome may be more than just the effect on your site. Use antivirus scans, clear logs, secure your passwords and be aware of general security issues. Public wifi spots are also a security risk.
4. Secure Passwords for your website and database A secure password goes a long way in making it difficult for a potential infiltrator to intrude into. Your passwords should always be a combination of letters, numbers and special characters. The longer the password, the better. You can also generate a random password which is even more secure.
5. Checking Your Website Logs Regularly If you spot any unusual traffic spike in your website stats (ranking for gambling, pharmaceuticals and sex terms is a common one) try working out where it is coming from and going to. From there if you can make sure whether it is a hack.
6. Backups:- Taking the backups regularly alone won’t protect your website from being hacked. In case of hack you will need to take care of the following:-
* Records of IP’s accessing your website
* Pre hack backup of your website including the latest updates. We hope that your websites and web applications will not be affected in any way by the alleged attack. As mentioned earlier, our security equipment can only work effectively on network layer but in any event that you unsure or believe that your website or web application is showing any symptom of being attacked, please feel free to contact us so that we can advise or suggest to you some mitigation measures for your website or web application.