The first step is identifying what you have installed. Are you running custom-built code, or a customized version of anything? For example, are you running a standard install of Wordpress (just an example) and keeping it up to date, or one that has plugins, and if so which ones, etc...
The guy says "I am not a webmaster," so how he would know it's a linux server or apache or mod_secruity stuff?
If it's a Wordpress site, there was a bug in one of the files (timthumb.php) that allows hackers to break into the site. This file can exist in both themes, plugins and widget folders, so you have to search all your sources to find it. There is a replacement file up on Google that fixes the bug. Search Google for "Wordpress TimThumb" and you should find more information about it. Once the file has been replaced, you'll still have to cleanup infected files such as your htaccess file, but once that's done you should be good to go.
With Kgun all the way on this. Had a problem with my provider a few years back, my mail servers were working over time boosting spam levels world wide. I even got a stern warning from the provider about "my" spam! It was (they said) pure coincidence they had recently moved their support to India. Employees leave taking databases with them.
I changed providers immediatly and never experienced the problem again. But the after effects are still there 5 years on. Some of my email addresses are still banned by some ISP's. Spamhaus still has me black listed and it is like talking to a brick wall to get it changed. So I just use other email addresses with certain providers. Annoying but a fact of internet life. You learn to live with it.
/astro
"It is not what you say or who you are, it is what you do that defines you!"
What's getting hacked?
Is someone uploading files?
Are there script links posted in your database?
While hosting problems may be the issue, there are other more common problems such as:
Local key logger getting your passwords
week site account or ftp passwords
poor programming to back end database.
A little more info about your site and the software running would help.
OMG, I just got hacked for the first time TOOO.
But I guess despite my complaints about my hosting company about a lot of things, they did good when it came to the hack.
They cleaned up the files for 2 days running (hack was going on for 3 days). Today no problems <phew> & then I changed the p/ws.
The only thing was I wanted to know how they got in, did it start thru my blog or my site which is a different CMS.
My website coder also said she couldn't do anything it was beyond her.
If you want their info, let me know. I guess one of my next questions when moving hosters will be "What kind of an abuse team do you have?"
Michelle
In all likelyhood this has nothing to do with the host, and people who have success by changing hosts are likely just changing IP address which reduces the ability of malicious users finding the site again. If the issue was Host wide, then there would be more people affected, and the whole system would be compromised, leading to more problems than just your website being down.
It is impossible to diagnose the actual issue without access to the website, server, logs etc. However, just for the sake of this thread, here are some quick things you can do to fix the problems;
Lockdown all files and the database after you have recovered, so that the only way to change the website is directly into the database or via FTP. This will give you an idea of where the problem lies.
Look at the logs for repeated requests from a particular IP address. In the least you can block a range of IP addresses (easier if your website targets users of one location). There are lists around of "bad" IP blocks where you can remove a lot of spam.
If you are using a system like Wordpress, then these systems are VERY insecure. Have a look around for plugins that will harden the security. There are known ssecurity issues with most CMS/eCommerce systems and it is up to you to do what you can to harden them. If you use one of these systems, it is probably the most likely cause of your repeated hacking, as if you just reupload a compromised system, all you are doing is fixing the graffiti, not padlocking the gate.
Lastly, I would look for support from a web developer that actually knows what they are doing. Any developer worth their salt should be able to see how and why your problems are being caused.
Google Adwords Management - Improved CPC and Quality Score
Web Design Sydney - Marketing, Web Design, SEO, Direct Mail, PR
When one of my sites was defaced, it turned out to be an insecure form in a php script. A common attack is sql injection, that is easily done if a form field on a website is not coded securely.
It could be many things, but I just thought I would mention that, as it is quite a common vulnerability in a site. If your site has any area where a visitor can enter data, such as a contact form, or comments section, get someone to check any code that is used for that area, make sure it is an uptodate,secure, trusted script being used.
This is a hosting problem and it can grow -hackers are big on DOS - Denial of service and will send "waves" of bots for their folly and your consternation. find a host withe "layered" protection. Is this a shopping cart or blog or HTML site?
We host our own sites on our dedicated servers. Our sites carry all manner of software, and occasionally we get by hackers taking advantage or security holes. In my experience the problem can be:
1) The host - if you are on shared hosting the host can be the issue, if one of the other shared hosting accounts gets compromised chances are your account (and everyone elses) can be hit as well. It helps if you directory and file permissions are as tight as possible. I.e. no chmod 0777
2) Website software - As someone mentioned already, wordpress is prone to this, as it oscommerce and just about any open source software you can download and install on your site. The more popular the more likely it is to be targetted. So it's really important to keep things up to date with the latest version. Once they exploit a security hole in the software you can get all kinds of issues.
3) Virus on your PC - Some viruses specifically look for FTP details, SSH logins, etc. You get a virus on your desktop, it finds you FTP or SSH login and emails that to a hacker. They then attach your server. Check your FTP logs, or if you don't have them, ask your host for them.
So the trick is to be on a reputable host that fixes things quickly, keep all your software up to date and make sure your home PC is well protected.
Good luck
Lyle Hopkins
Internet Marketing Tutorials, guides and advice
Affiliate software Advanced Affiliate Solutions
Posting Permissions
Submit Your Article
Forum Rules
Reply With Quote