Website Hack

SUBMITTED BY: Guest

DATE: Nov. 1, 2019, 9:17 a.m.

FORMAT: Text only

SIZE: 4.6 kB

Raw Download

HITS: 432

Report
  1. Website Hack
  2. How to handle a hack
  3. Ok been a while since I posted - Not sure this is the right place for the question.
  4. I recently had a website hacked by a Pharma hacker.
  6. ++++++++++++++
  7. list of top cheapest host http://Listfreetop.pw
  9. Top 200 best traffic exchange sites http://Listfreetop.pw/surf
  11. free link exchange sites list http://Listfreetop.pw/links
  12. list of top ptc sites
  13. list of top ptp sites
  14. Listfreetop.pw
  15. Listfreetop.pw
  16. +++++++++++++++
  17. Site hosted through Go-Gaddy is not a wordpress site.
  18. It is an old site that has been a leading site for a number of years on Google in its niche.
  19. All these years with no problems until I switched over to secure socket (HTTPS) on a dedicated server.
  20. Of course, Go-daddy wants more money to fix.
  21. Have been told came in the backdoor?
  23. Is this now a common problem with secure sites hosted through Go-Daddy.
  24. What is the best solution or company to handle this hacking issue?
  25. Depends how you have been hacked, whether you have control of the hosting etc.
  26. All these years with no problems until I switched over to secure socket (HTTPS) on a dedicated server.
  28. Is that your first dedicated server? Managed? How do you access/update your site? (S)FTP? Do you have SSH access? Control panel ? Are you using a CMS? Or your own CMS? Is everything up to date ? including PHP (or whatever scripting language you use).
  29. My Pharma hack on WP dates back to 2012, 7 years ago. The hack happened a couple of times. The source was a couple of weak plugin. Infected files were added, as well as errant database entries. The hack is somewhat invasive. There is a lot of docs on this hack, so lots of advice on the internet.
  31. If you are using WP you cannot leave your site untouched, as hackers will find security holes and trash your site. WP needs constant maintenance and updating, as it is not written with security as the most important. Keep up with your maintenance or you will get hacked, 100% guaranteed. Using WP is high maintenance.
  32. go daddy, as a high profile host, will always be under attack. Even static html only have been affected ... Not saying more on that, but what I have recommended for clients was to change their hosting ... and that solved a lot of problems.
  34. Hackers will always seek the LARGEST TARGETS as their business is based on small bits at large scale.
  35. Dimitri ask
  36. Is that your first dedicated server? YES
  38. Managed? Yes I manage it. Is that what you mean?
  40. How do you access/update your site? (S)FTP? FTP
  42. www.pureautotraffic.com
  43. make money kindle publishing
  44. solidtrustpay.com
  45. btcvic.com
  46. hosting forum free
  47. make money 2pac lyrics
  48. ict-secure.org
  49. www.meerkattraffic.com
  50. s domain analysis
  52. Do you have SSH access? No
  54. Control panel ? YES
  56. Are you using a CMS? Or your own CMS? My own
  58. Is everything up to date ?
  59. including PHP (or whatever scripting language you use). As far as I know
  60. If you have no SSH access then many things will be more difficult to do. For me SSH is critical.
  62. A roll-your-own CMS maybe more secure.
  64. There are open source hacking tools available you can use to test your site and server. I have used a couple. They will provide a list of detected vulnerabilities, which you can use to plug the holes. These vulnerabilities are in a convenient database for hackers to use. The main tool comes with a scan feature, vulnerability database, and a hacking tool, all rolled into one convenient package.
  65. Managed? Yes I manage it. Is that what you mean?
  67. In fact, "Managed" means that the host is managing it for you (or a third party company). When you manage it "yourself", we referit as "unmanaged". It's the offer which is "unmanaged".
  69. FTP
  71. You might want to consider SFTP , ("secured") so the data you are transmitting between your local machine and your server are encrypted.
  73. Are you using a CMS? Or your own CMS? My own
  75. This is good to run your own CMS, because you are not exposed to "known" vulnerabilities of existing CMS, but it doesn't meant that your own code is bulletproof , just hackers might not bother seeking for exploits for "one" guy, whereas they can exploit vulnerabilities of millions of sites using the same CMS.
  77. So, be sure to test / sanitize all data which are posted at your site (if you are forms, or things like that), to avoid sql or other kind of malicious code injection, also be care of XSS : [en.wikipedia.org...]
  79. That being said, it's hard to tell how your site was hacked. Was your home page replaced? or it is redirecting to somewhere else? In your FTP folder , is there files which are not yours? Do you have logs of FTP accesses?
comments powered by Disqus