Has your website ever been hacked or attacked?

[MichaelCorfman]

I've heard some horror stories over the years about websites being hacked or attacked. Certainly members here have shared stories.

Have your sites ever been hacked? Or attacked?

If so, what was involved in recovering? Was it easy or hard?

Share your experiences, and what you learned in the process, with your fellow webmasters here.

Michael

[michael1981]

I once had a website hacked about 2 years ago. Someone managed to hack my shared hosting reseller server and redirected my traffic to a malicious attack site. It was really quite shocking, and I had no idea what was going on.

At first I thought my computer had a virus, until I saw the same thing happening on my friends computer. It only happened when I clicked on my website after searching for it in Google for certain keywords, and it only seemed to happen with Firefox as well. It was very hard to detect since I never usually click on my own website after searching for it in Google. It took about a day to fix, just a matter of upgrading to a better hosting service

[dfiocch]

Yes, my site was hacked one year ago by a Chinese hacker. It was very easy to recover it because it was "only" a php script injection (about two hours to recover all).

[baldidiot]

The only damage to one my sites was by my host who managed to screw up my VPS so badly it had to be deleted and restored from backups. Who needs hackers when you have incompetent providers!

[robertmedl]

A couple of years ago, someone hacked my blog such that the keywords that Google identified for my blog were online pharma keywords, e.g. viagra, etc. I never figured how they did it, but I'm not too skilled in that area. It took me several days to reconstruct my blog entries to remove all the offending content and then several weeks before my intended keywords were correctly identified by Google.

[slotplayer]

yes in 2008. I had my FTP pane open and could see the malcode migrate to each file as the last modified date would change, one file after another. It inserted some javscript code at the bottom of each page. It wasn't that hard to remove.

I'm not sure if my local system got infected and I uploaded an infected file or they got in to the FTP program or host provider.

The last modified date is a quick and easy way of checking if something is amiss.

[felku]

My question those who were hacked, you were ranking good in Serps?

[dfiocch]

My question those who were hacked, you were ranking good in Serps?

Yes. First page for a lot of keywords.

[felku]

ok, it can be that maybe it was the competition. There is a way to prevent this things? I'm new in this and I notice that when you reach some position you get a lot of attention especially for the competition.

[dfiocch]

ok, it can be that maybe it was the competition. There is a way to prevent this things? I'm new in this and I notice that when you reach some position you get a lot of attention especially for the competition.

Set a very strong password for all your www accounts (hosting,FTP,root access etc...).
Set up a firewall for your hosting account (contact your hosting company. If you're on a dedicated or VPS, you can setup it yourself). A firewall can help you to prevent hacking attacks and blocking malicious IPs.
Set up a very strong password for all your POP3 accounts (email). All common attacks come from POP3 bugs.
Set up a "dedicated" IP for your site.
Set up correctly your .htaccess or htaccess.txt (if you are on Apache server) to block a lot of common exploits (just search on Google).

Just some "basics" rules.
Hope can help.

[felku]

Great advice, thanks. Now I'm convince that I will change to VPS.

[allfreechips]

I got hacked, and that led to some acess to email for the hostin company, in turn led to them getting access to passwords (I hate places that send you the actual password via email) and they transfered 4 of my domains to another registrar. Now, this went un noticed for some time as all my sites are managed from my cms online, and of course i never noticed any change as they did not change content for 5 months, then they changes some aff accounts. This was a hassle but i fixed it and closed the orig hole i had. Now when i fixed the hole via ftp, the changes were not taling effect on the website. So after goining nuts i found they finally moved the server to a new host, totally intact. except i had no more ownership.

This went on for 6 months of me contacting ICANN and all the registrars and hosts involved. All they said was you transfered the domain there not much we can do!

Imaging all your work being out of your control! not until I was actually able to contact the new "owner" in Vietnam did I arrange to get the domains back after discussing the inrest Interpol had with my case.

I still get sick thinking of these times, so one lesson is to monitor your registrars and I actually made it so they neeed a voice password to change any info anymore.

[felku]

Wow, thanks for sharing your experience.

[rak]

I got hacked because I didnt update my software. The forum software kept timing out when I tried to update it. It got hacked, files were being uploaded and used as a warez link site, bandwidth through the roof, bill went sky rocketing, forum was being pulled apart... took a week to get back under control.

2 months later.. again. Same thing. I dumped the forum software and never recovered.

[padovan]

We got hacked before but they just put some movies on the server so they were easy enough to remove and we fixed the security problem right away.

[Leo]

I have had hackers enter sites a few times, mostly through php scripts that weren't fully secure.

If you're using a VPS or server with cPanel then I recommend using the software from configserver.com - they have a few good products including the firewall (free) and exploit scanner (one-time fee).

Also if you do find that a hacker has managed to change something on your site then I highly recommend getting a professional to check the server thoroughly, because it's possible that a hidden backdoor has been placed and unless you're a security expert then you're not going to find it. Again, configserver.com has a service for this, which I have used and recommend. In fact whenever I get a new VPS the first thing I do is hire them to install all their security software and change the server settings to be more secure, it costs $100 which is a one-time fee, and their software keeps updating itself constantly.

Yes I sound like an ad for configserver.com but it's because all my servers rely on them, I haven't had any security problems since using their software, and I recommend them to everybody. But since this does all sound tooooo positive, I'll add a negative - their support people can be a bit arrogant at times - but I give them a free pass because they're good at their jobs

[32x]

About a year or two ago, I had a blog that was not protected by my Unix framework. It was a Wordpress site that came free with my hosting package. Well, someone hacked it and I was so frustrated that I just did put anything on it again until just recently. It is now a Google blog and I am happier with it, so far..

I also seem to remember having a few pages hacked, and some ads were embedded into my homepage, before I switched to Unix.

[LiveCasinoPartners]

Yes, It's still not funny. Someone hacked into my server (affiliate site) and changed the .htaccess file to redirect all of the inner pages to an animal porn site. So clicked on a keyword term in google they are expecting something related to live games, they are given a huge donkey phallus. Nice and classy. I was fortunate that I wasn't banned from google on that site. I quickly learned a lot about proper server configuration. Since then there have been attempts, but so far no one has breached the security.

[lots0]

We had an employee(remote tech) of our hosting company inserting redirects, not to pics of donkey dicks, but to his own aff accounts. Cost us a bundle.

The redirects were well hidden and I hate to say it, well written htaccess files. He was smart enough to take only a percentage of all our click throughs and to cover his tracks well.

Once we figured out we were hacked (I stumbled across one of his redirects by accident).
the thief of course knew we found him out, he worked as a 'security' consultant.

Once he knew we were closing in on him, he started making injection attacks in an attempt to cover his tracks. When that didn't work... the SOB made a hell of an effort to screw us by deleting all our db's.... multiple redundant backups.. don't go anywhere with out them.

[davemerry]

We had an employee(remote tech) of our hosting company inserting redirects, not to pics of donkey dicks, but to his own aff accounts. Cost us a bundle.

The redirects were well hidden and I hate to say it, well written htaccess files. He was smart enough to take only a percentage of all our click throughs and to cover his tracks well.

Once we figured out we were hacked (I stumbled across one of his redirects by accident).
the thief of course knew we found him out, he worked as a 'security' consultant.

Once he knew we were closing in on him, he started making injection attacks in an attempt to cover his tracks. When that didn't work... the SOB made a hell of an effort to screw us by deleting all our db's.... multiple redundant backups.. don't go anywhere with out them.

Bloody hell, that is crazy. Do you know what happened to the employee?