How to protect website from hacking, malware, etc?

Hi guys,

Recently, my site was hacked and now it is listed as a “phishing” website according to google. :frowning:

My computer has multiple antivirus programs installed (Norton, SpyHunter, etc) but my hosting account with hostgator has nothing that I can use to monitor viruses, malware, and spyware.

Is there any software or anything that I can install on my server to keep track of hacking attempts, malware, etc?

Thanks for your help with this,

Ryan

One of the users on this forum developed some code that notifies you of any change to the website code. But I can not find the link, if you use Google you might find some similar code.

@Rubble - are you thinking of http://simplesiteaudit.terryheffernan.net/ ?

Yes that looks like it @TechnoBear; or something very similar.

Okay, I will take a look at that.

But there has to be more options than just one program out there, right? What does everyone here use to protect their websites? Is there not like a Norton Security type of program that I can install on my server or computer to scan my hosting account? There has to be something out there like that…

I’ve used Crawl Protect, which seems to be pretty good at blocking certain hacking attempts. And I like this [URL=“http://perishablepress.com/blackhole-bad-bots/”]“blackhole” trap for bad bots. :slight_smile: (Although if you use a link checker from your own PC to check for broken links, it will follow the “forbidden” link and ban you from your own site. The voice of experience. :o)

And I would strongly advise setting all permissions to read-only, unless you have a very good reason for doing otherwise. Certainly do this for things like .htaccess.

Although if you use a link checker from your own PC to check for broken links, it will follow the “forbidden” link and ban you from your own site. The voice of experience.

That made my day :rofl:

I suppose that not many servers get viruses as you are not uploading lots of different software and visiting websites like you are on a PC. You need to protect yourself from hacking and that is mostly in your hands; I was hacked once and that was from a weak password. All my sites were hacked on the VPS through this one weakness and I have no idea how they managed it; hopefully that will not happen again.

If you write good secure code the next weak point is a shared server; there are things you can do on your own server or VPS. WHM has a virus checker but I do not know how good it is and you get warnings if some programs that are automatically monitored are changed.

Of course the more security you implement the harder it is to do things yourself which means you tend to turn them off to do something and then not turn them back on.

[ot]

Always happy to help. :lol:

I couldn’t quite believe it myself when I realised what I’d done. Fortunately, I was still able to log in and unban myself - and I haven’t made the same mistake again. :)[/ot]

You’ll find some of the better web hosts regularly scan their servers for viruses/malware/weaknesses/exploits in web sites/scripts and alert the site owner(s) if anything is found. They will also automatically disable scripts/folders/sites in more serious cases to protect other sites on the same server or network.

Well worth asking your web host if they are pro-active like this…