mickyginger — 2011-08-17T18:15:20-04:00 — #1
So a friend of mine wanted me to transfer a domain name and hosting to another provider. So I set about changing ISP TAGs and nameservers and the like.
I checked out the site today and it wasn't loading. I got onto the provider and some of the cpanel functions weren't working/had been disabled because the account had been closed?
I checked the site again later on and it had been hacked.
here's the url:
hacked by Number 7 ~ Tunisian Hacker
So, some questions:
1. What could I have done to allow this to happen?
2. Obviously I am not going to contact the hacker, so what do I do now to rectify the situation?
Apologies for the naivety of my post, any help with this matter is greatly appreciated.
eldad — 2011-08-18T04:07:54-04:00 — #2
There are many things you can go wrong (malware on your PC, weak FTP password, un-patched web application, ...) that I would focus on what to do right the next time.
1) Use strong passwords
2) Have an anti-virus installed on your PC and run regular malware scans
3) Always run the latest version of your web application / CMS (unless you have to and know the security best practices don't use custom made web applications)
4) Add a security layer to your web site to protect you from attacks
Is you domain still under your control (only the hosting part was hacked)?
If so I suggest that:
1) Run an anti-virus and anti-malware scan on your PC
2) Open a new hosting account and start with a fresh copy of your web site (do you have it backed up locally?)
ralphm — 2011-08-17T18:37:20-04:00 — #3
It's nice of the hacker to leave an address! I can see from Google that this has happened to other sites. This is a criminal who should be reported to police, though I doubt they will do much.
All I know to do is to keep your passwords secret and very long. But this is a really sad situation on the web.
mickyginger — 2011-08-19T06:32:04-04:00 — #4
Thanks for your replies.
I am no longer in control of the server, ie I cannot ftp or access the cpanel.
The password is fairly weak, but as I am doing this as a favour to a friend, its not something that I set. I will advise him to create stronger passwords in future.
I use a mac, and do not have anti-virus software installed. Should I invest in some. I'm pretty sure I'm virus free, but can my mac carry viruses that can infect PCs?
@eldad, in your reply you mention step 4 - add a security layer to your web site to protect you form hacks. Can you be more specific. What do you mean exactly by a security layer?
I have the site backed up locally. Do you advice i use a different hosting company altogether?
eldad — 2011-08-21T02:32:17-04:00 — #5
Disclaimer: I work for Incapsula, a web site security and performance cloud service.
@mickyginger, I am not sure if I can post direct links to commercial services. However, there is a new market of web security and performance cloud services. Most have some kind of free offering for small sites.
Instead of sending you links to the services (and probably getting nasty messages from the forum moderators) I am sending a link that reviews the two leading solutions in this space. You can choose for yourself.
Website Security: Incapsula versus CloudFlare Review • Supply Chain Risk | Business Continuity | Transport Vulnerability
Hope this helps.
mickyginger — 2011-08-21T05:05:55-04:00 — #6
Thanks eldad, I will take a look.
mattmac — 2011-09-14T00:33:05-04:00 — #7
Have a good backup plan in place where you keep a known good version, a weekly and daily version and test restoring your site from backup. If you've got a decent recovery plan in place than the effects of any hack will be greatly reduced.
mickyginger — 2011-09-14T10:15:23-04:00 — #8
Thanks Matt, good advice.