Submit Your Article Forum Rules

Page 1 of 3 123 LastLast
Results 1 to 10 of 29

Thread: Help! We're being attacked!

  1. #1
    Junior Member
    Join Date
    Jul 2010
    Posts
    6

    Help! We're being attacked!

    Hello, all,

    I am not a webmaster, but I've followed your forum for awhile now to gain insight into all things IT. Now I find I need to appeal to you all for some help.

    My problem is a recurring one. Our website is suddenly being routinely overtaken by malicious hackers. It happened again today for the third time in three days. My webmaster is able to restore everything rather quickly, but feels that somehow the hackers have gained a direct portal to our site, something he hasn't been able to ferret out. He openly admitted the problem is beyond his expertise, so I'm hoping someone on this forum will have some suggestions as to how we can scrub our site clean once and for all.

    Our web hosting service hasn't been very helpful and seem to take a defensive attitude when I speak to them. They insist it's not from any fault on their part.

    Any suggestions you could provide will be greatly appreciated.

    Thanks to all.

    llee

  2. #2
    WebProWorld MVP kgun's Avatar
    Join Date
    May 2005
    Location
    Norway
    Posts
    7,751
    My first and perhaps most secure and best thought is that you should change hoster. If you are on an Apache server, a compromise may be to idenify the hackers and block them from your site.

    In the long run that is perhaps not a solution.
    Hidden Content :: Hidden Content
    Hidden Content
    Conversations creates communities and conversions create profit.

  3. The following user agrees with kgun:
  4. #3
    Moderator HTMLBasicTutor's Avatar
    Join Date
    Apr 2010
    Location
    Canada
    Posts
    1,223
    I once had a customer's site hacked. Hosting company pleaded innocent.

    I didn't give up. Looked through the logs of the site and found when the site was hacked. Turned out the web hosting's data center was hacked.

    You might try that approach.

    What is the site running? That might help others to help ferret out how they are hacking your site.
    Hidden Content - Search engine friendly websites, ecommerce websites & blogs
    Hidden Content - Web page mistakes with solutions
    Hidden Content - HTML help to learn HTML basics

  5. #4
    Junior Member
    Join Date
    Apr 2008
    Location
    San Diego
    Posts
    18
    what is the website?

  6. #5
    Junior Member
    Join Date
    Dec 2005
    Posts
    23
    Quote Originally Posted by kgun View Post
    My first and perhaps most secure and best thought is that you should change hoster. If you are on an Apache server, a compromise may be to idenify the hackers and block them from your site.

    In the long run that is perhaps not a solution.
    I Agree 100 percent. I have one very productive site that was getting hacked - almost daily - my host seemed helpless. I did everything they suggested -i..e changing passwords, etc. - about a dozen times - I finally switched to another host, on a recomendation of trusted buddy from another forum. Before I purchased this hosting, I did ask pre-sale questons to make sure they undersood the problem.

    They helped me clean up all my files, and re-installed wp for me , plus preserved all past articles - I have not been bothered since in several months.

    You'd almost think it was an inside job, but the old host was probably either clueless or just lazy.

    The new host is a bit more expensive, but worth it.

  7. #6
    WebProWorld MVP Doc's Avatar
    Join Date
    Jun 2009
    Location
    Baja California, Mexico
    Posts
    859

    Same here!

    Quote Originally Posted by HTMLBasicTutor View Post
    I once had a customer's site hacked. Hosting company pleaded innocent. I didn't give up. Looked through the logs of the site and found when the site was hacked. Turned out the web hosting's data center was hacked. You might try that approach. What is the site running? That might help others to help ferret out how they are hacking your site.
    I had precisely the same thing happen to my site last year, with the same result. My first clue was how defensive they became when I told them I'd been hacked, even though I said nothing that pointed a finger at them. I found out later that nearly half the sites on my shared server had been hacked that same night.
    Last edited by Doc; 02-22-2012 at 05:29 PM.

  8. #7
    Junior Member
    Join Date
    Sep 2008
    Posts
    4
    It depends on the type of hosting you have. If you are on share hosting, this is likely to be a problem from your hosting company. Also, you did not mention on what platform you built your site. Some platforms are very vulnerable attack. eg joomla . Check your .htaccess file, you may see some foreign stuff in that file, you may need to clean/remove stuff that yu dont know about. Your index.html or php file is another one you need to check

    Overall, It may be a very good idea that you change your hosting after you have done this.

  9. #8
    Junior Member rizzoid's Avatar
    Join Date
    Jul 2005
    Posts
    21
    We use a csf/lfd firewall that blocks most attacks through a module called mod_security. Its a Linux server also if that helps. Since going to this system, we haven't been hacked. Almost 20 months now.
    Sitecats Web Development, Doylestown, PA Hidden Content
    Easy to edit Joomla websites - New Sites - Conversions - 215-345-9050

  10. #9
    This stuff happens all the time.

    1 - Check that your website is running the latest version of it's software. If you're restoring to an old version with a gaping hole in, no wonder the hackers return

    2 - Check that your webhost is running the latest software. Linux, Apache, php and MySQL all need updating from time to time as holes appear. If your host won't update, ditch them immediately unless they have a clear backporting process in place that you can live with (although if it does turn out to be a server side hole, it's probably best to ditch them anyway). You can test if it's a server side issue by uploading something different, ie if you were running phpBB, upload just a couple of static HTML pages and see. If those don't get hacked, changes are 1) was to blame. If not it's either this point 2) or 4).

    3 - Sign up for a service like Sucuri that monitors your site and alerts you to intrusion. Normally they'll tell you what type of exploit they're seeing and they can help you fix it to

    4 - Totally virus scan the PC of everyone who works on the site. Once that's done change all your log in credentials

    Hope that helps
    If you've worked in the Adult SEO industry, please tell me... how do you get it up?
    Hidden Content

  11. #10
    Junior Member
    Join Date
    Apr 2008
    Posts
    2
    I am with KGun...change hosters asap !! I have been with my hoster for many years and they are SUPER helpful with things like that and bend over backwards to help. Just too many hosting companies out there for bad service and attitudes. I bet you change hosters, your attacks disappear. I am just an end user, so I dont know all the technical stuff about a server, but I do know not all hosters are alike with defense systems and knowledge... plus the willingness to help you (their customer).
    Paul

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •