My website was hacked last Thursday
-
My business website was hacked (for the 2nd time in 12 months) last Thursday and all data lost. I've been rebuilding the site and database since then but I'm still getting Hacking Warnings each day.
The latest warning says:
Dear Colin/Administrator,
Someone has attempted to inject SQL into your domain:
HACK DETECTED!
PHP TYPE
IP: 94.100.17.134
Scriptname: /index.cfm
PathInfo: /index.cfm
QueryString: src=http%3A%2F%2Fpicasa.com.oprst.in%2Fshow.php%3Fid%3D16907217My Technical advisro tells me the IP address is that of Inferno Solutions of The Netherlands.
I wonder if anyone has suffered hacking like this what steps they too and what I could do about the potential hackers?
Colin
-
Thanks very much Sarah and thanks for the link and recommendations. I'll look into it today.
Plus the Extended Validation.
That's really kind of you.
Kind regards,
Colin
-
Hi Colin,
Just an additional note, Verisign (now Symantec) - as well as performing daily malware scans - has a fantastic range of SSL certificates that encrypts your customers' info when using forms and for online payments. I noticed in your contact page that the connection is not secure.
http://www.trustico.co.uk/products/symantec/secure_site/symantec-secure-site-ssl-certificates.php
I've sent a link for a basic domain validated certificate, but if you want a green bar at the top of your website so your customers know that you are whom you say then have a look at the EV (extended validation) certificates.
Nice website, by the way, I'd love a Nile cruise!
Sarah.
-
Thanks for those tips and the advice Ryan.
I will take your advice and look at adding Verisign too.
I'm getting the site back into shape but have noticed a dip in ranking from 5th (after the last hack when we were 1st) to 7th today.
Hopefully the need to rebuild a lot of the data including titles and descriptions might help me in the long run to create a better site.
Thanks again for your time and help.
Colin
-
What I could do about the potential hackers?
A few tips:
-
If you are using any software on your site, ensure you keep up with the latest version. Normally you do not have to run out and update the moment a new release comes out, but you should have a plan in place to always update within 90 days of any release.
-
Ensure you share any passwords with the fewest number of people possible. You, your web developer and possibly your SEO consultant are the only ones which may need access to your web server. If anyone with a password changes (i.e. employee leaves, developer changes, etc) then change your password.
-
Do not use an easy to guess password such as "admin1" or "password1". Actually, both your username and password should be difficult to guess.
-
Do not use shared server hosting. If you are paying $10 or less per month for hosting, you are on a shared server. Upgrade to VPS or better. VPS hosting starts at around $35 but there are numerous advantages over shared hosting.
-
Use a service such as Verisign (now Symantec) to perform daily malware scans. If you purchase a Verisign SSL certificate, the service comes with the package.
-
Each type of hosting (Apache, nginx, Microsoft, etc) and website will have its own security recommendations. Make sure they are followed. On my dedicated server, there are some security scripts which have been written by my web host to enhance security. Additionally, there is code I add to the htaccess file on all sites which block common attacks.
With all of the above in mind, nothing can beat a thorough security check from an expert. There are companies that focus web security as their business. Such inspections are very expensive but they offer a lot of value. Also know that even the biggest companies in the world suffer security breaches. By following all of the above steps, you will clearly be a more difficult target then many other sites whereas right now it sounds like you are an easy target.
Good Luck.
-
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Please help me? DA of my website decreased last 1 month what could be the reason?
Please help me? DA of my website decreased last 1 month what could be the reason?
Moz Pro | | Shoaibbbarif1 -
Question About creating seperate websites or using a subdomain or just subfolders...Thanks!
I am working with a company who has created a reservation software...We have been advertising this software aggressively and have been doing well with companies coming on board...Let's call the company ABC and the url was ABC.com...Now they are launching a customer facing side of things that will have all the clients listed for consumers to book at their location...So an online marketplace...Like VRBO or AirBnB...They are taking the name of the software company and making it the url for the marketplace site...So now the marketplace is ABC.com and we need to figure out if we go with a new site for the software side or if we use subdomains or a subfolder.... Do we go with ABCSoftware.com - New root domain ABC.software.com - Subdomain ABC.com/software - Subfolder There are a few other intricacies with this...Not all the companies that use the software will be on the marketplace side...And people who book through the company but using the software have a url embedded on their site that books there directly...This booking costs the company less than a booking that comes through the marketplace so this needs to be kept separate... Thanks for the help everyone!
Moz Pro | | TheMarketingInitiative1 -
Are there any tools to give a value STRICTLY for Quantity of Content on your website?
I am trying to put a value to all the work I do and want to put a very specific value to the number of pages of unique content I have. I know everyone says its about quality, and sure it is but quantity is still a factor and looked at. (Can't argue with if you prefer 100 semi-optimized pages versus 1 optimized page- and is unfair for a tool to rate the website the 1 optimized page higher) I use a ton of tools but yet to find something that puts a value on quantity of CONTENT ONLY (Please don't respond with PA or DA because that encompasses all the inherit value)
Moz Pro | | SEOEnthusiast0 -
I have a new website and would like to use the keywords my competitors are using and was wondering the best way to take a look using Moz Pro?
The website is www.fapwrap.com - it's a new adult wall decals website. [editor's note: may not be safe for some workplaces] The wall decals we have are obviously a bit more niche than the bigger competitors, but I want to get into the first page to see how it helps us. I'm slowly taking over some kws like "xbox wraps" and "ps4 wraps" but those have low search volume and I feel like "wall decals" will help - though it's highly competitive. Suggestions? I just kinda want to plug in my competition and pick from their list of existing kws..... Ha.
Moz Pro | | JohnnyRoq0 -
A question about Mozbot and a recent crawl on our website.
Hi All, Rogerbot has been reporting errors on our website's for over a year now, and we correct the issues as soon as they are reported. However I have 2 questions regarding the recent crawl report we got on the 8th. 1.) Pages with a "no-index" tag are being crawled by roger and are being reported as duplicate page content errors. I can ignore these as google doesnt see these pages, but surely roger should ignore pages with "no-index" instructions as well? Also, these errors wont go away in our campaign until Roger ignores the URL's. 2.) What bugs me most is that resource pages that have been around for about 6 months have only just been reported as being duplicate content. Our weekly crawls have never picked up these resources pages as being a problem, why now all of a sudden? (Makes me wonder how extensive each crawl is?) Anyone else had a similar problem? Regards GREG
Moz Pro | | AndreVanKets0 -
Lots of site errors after last crawl....
Something interesting happened on the last update for my site on SEOmoz pro tools. For the last month or so the errors on my site were very low, then on the last update I had a huge spike in errors, warnings, and notices. I'm not sure if somehow I made a change to my site (without knowing it) and I caused all of these errors, or if it just took a few months to find all the errors on my site? My duplicate page content went from 0 to 45, my duplicate page titles went from 0 to 105, my 4xx (client error) went from 0 to 4, and my title missing or empty went from 0 to 3. On the warnings sections my missing meta description tag went form a hand full to 444. (most of these looking to be archive pages.) Down in the notices I have over 2000 that are blocked by meta robots, meta-robots nofollow, and Rel canonical. I didn't have any where near this many prior to the last update of my site. I just wanted to see what I need to do to clean this up, and figure out if I did something to cause all the errors. I'm assuming the red errors are the first things I need to clean up. Any help you guys can provide would be greatly appreciated. Also if you'd like me to post any additional information, please let me know and I'd be glad to.
Moz Pro | | NoahsDad0 -
How can I create multiple private labeled website SEO analysis reports?
How can I create multiple white-labeled website SEO analysis reports using the SEOMoz software? I'm speaking at a workshop and want to provide this as a giveaway to attendees to start the discussion on improving their SEO. I'm looking mostly for an overview summary of a site's key SEO data points including inbound links, on-page SEO details including page titles, and basic recommendations for improving. Websitegrader.com offers this but not white-labeled. I'm not sure about how SEOMoz handles this. Thanks
Moz Pro | | bshanahan0 -
Can't find email address or contact form on website I want link from
Hi, How do you use whois or other resources to find an email address for a site that doesn't list their email address or have a contact form? Our competitors look like they have contacted the site but I don't know how to contact the site myself. They have a facebook fan page and a twitter account. Thanks.
Moz Pro | | BobGW0
