My website was hacked last Thursday
-
My business website was hacked (for the 2nd time in 12 months) last Thursday and all data lost. I've been rebuilding the site and database since then but I'm still getting Hacking Warnings each day.
The latest warning says:
Dear Colin/Administrator,
Someone has attempted to inject SQL into your domain:
HACK DETECTED!
PHP TYPE
IP: 94.100.17.134
Scriptname: /index.cfm
PathInfo: /index.cfm
QueryString: src=http%3A%2F%2Fpicasa.com.oprst.in%2Fshow.php%3Fid%3D16907217My Technical advisro tells me the IP address is that of Inferno Solutions of The Netherlands.
I wonder if anyone has suffered hacking like this what steps they too and what I could do about the potential hackers?
Colin
-
Thanks very much Sarah and thanks for the link and recommendations. I'll look into it today.
Plus the Extended Validation.
That's really kind of you.
Kind regards,
Colin
-
Hi Colin,
Just an additional note, Verisign (now Symantec) - as well as performing daily malware scans - has a fantastic range of SSL certificates that encrypts your customers' info when using forms and for online payments. I noticed in your contact page that the connection is not secure.
http://www.trustico.co.uk/products/symantec/secure_site/symantec-secure-site-ssl-certificates.php
I've sent a link for a basic domain validated certificate, but if you want a green bar at the top of your website so your customers know that you are whom you say then have a look at the EV (extended validation) certificates.
Nice website, by the way, I'd love a Nile cruise!
Sarah.
-
Thanks for those tips and the advice Ryan.
I will take your advice and look at adding Verisign too.
I'm getting the site back into shape but have noticed a dip in ranking from 5th (after the last hack when we were 1st) to 7th today.
Hopefully the need to rebuild a lot of the data including titles and descriptions might help me in the long run to create a better site.
Thanks again for your time and help.
Colin
-
What I could do about the potential hackers?
A few tips:
-
If you are using any software on your site, ensure you keep up with the latest version. Normally you do not have to run out and update the moment a new release comes out, but you should have a plan in place to always update within 90 days of any release.
-
Ensure you share any passwords with the fewest number of people possible. You, your web developer and possibly your SEO consultant are the only ones which may need access to your web server. If anyone with a password changes (i.e. employee leaves, developer changes, etc) then change your password.
-
Do not use an easy to guess password such as "admin1" or "password1". Actually, both your username and password should be difficult to guess.
-
Do not use shared server hosting. If you are paying $10 or less per month for hosting, you are on a shared server. Upgrade to VPS or better. VPS hosting starts at around $35 but there are numerous advantages over shared hosting.
-
Use a service such as Verisign (now Symantec) to perform daily malware scans. If you purchase a Verisign SSL certificate, the service comes with the package.
-
Each type of hosting (Apache, nginx, Microsoft, etc) and website will have its own security recommendations. Make sure they are followed. On my dedicated server, there are some security scripts which have been written by my web host to enhance security. Additionally, there is code I add to the htaccess file on all sites which block common attacks.
With all of the above in mind, nothing can beat a thorough security check from an expert. There are companies that focus web security as their business. Such inspections are very expensive but they offer a lot of value. Also know that even the biggest companies in the world suffer security breaches. By following all of the above steps, you will clearly be a more difficult target then many other sites whereas right now it sounds like you are an easy target.
Good Luck.
-
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
I'm facing website direct traffic-related issue on my website, how to solve it?
I'm having a huge number of direct traffic on my website. But, I'm not able to know that from where traffic is approaching, like which source or website.
Moz Pro | | RoseAlvina
I want to know the source of traffic generating on my website? _Can anyone help on how to track this traffic? _ Can you recommend any Tool or some other way to know the source of traffic? Due to direct traffic, the stats of my website are here: https://www.screencast.com/t/p3wxkLdJAL0 -
Historical Ranking of my Website vs. Competition
I recently received the dreaded "So, how do we rank?" question. Is there a way to use Moz Tools to measure how my site ranks for a specific period of time vs. other competitors for a specific keyword? My boss' boss is asking about how we have ranked for a specific topic over time vs. others. Which tools are best for me to use to try and answer that question? Thanks!
Moz Pro | | Eric-Kinaitis0 -
How bad are poor link profiles for a website?
A client has recently switched to us for their SEO and is hugely concerned about their previous company's link building efforts.They say that they have recently removed over 300 links but OSE still lists 160 links.So three questions: How long will it take for OSE to recognise if the links have been removed? How great could the effects of this be on the site's rankings? If we continue to struggle with getting the links removed would Google's disavow tool make much of a difference or are there negatives that sould be considered first?
Moz Pro | | SoundinTheory0 -
Website blocked by Robots.txt in OSE
When viewing my client's website in OSE under the Top Pages tab, it shows that ALL pages are blocked by Robots.txt. This is extremely concerning because Google Webmaster Tools is showing me that all pages are indexed and OK. No crawl errors, no messages, no nothing. I did a "site:website.com" in Google and all of the pages of the website returned. Any thoughts? Where is OSE picking up this signal? I cannot find a blocked robots tag in the code or anything.
Moz Pro | | ConnellyPartners0 -
Error on SEOMoz When Trying to Track Website. Please Advise
Hi, I'm trying to start a new campaign for a root domain, but I'm getting the "Roger found an error" and am not sure what to make of it. Error #1: "You've decided to set up a root domain campaign, but entered the subdomain path: www.siteurl.com. Don't worry, we'll switch that for you and crawl everything on the subdomain: www.siteurl.com. If you meant to set this up to only crawl pages in the root domain, click 'Go back and Change" and enter a root domain URL in step 1." Error #2: "Oops! The root domain siteurl.com redirects to a domain that is not within the specified root domain (www.siteurl.com). This will cause us to stop crawling as the first discovered page falls outside of the root domain you've defined. Please make sure you enter a root domain that resolves to a page that is under the root domain." What does this mean? Is there something I am doing wrong? The first error is what returned when I input www.siteurl.com. The second was returned when I put just siteurl.com. I didn't put up the exact URL for privacy reasons, but if you really do want to help me out, PM me and I can give you the real URL. Thanks in advance!
Moz Pro | | locallyrank0 -
Does linking to relevant high authority websites effect your MozTrust or Rank?
Basically what the title says. I am having a hard time understanding why a compeitor with less linking domains and none of any real quality, they're all membership sites or partnerships, nothing to relevant to the industry. While we have links and articles on us from multiple magazines in our industry. As well as to relevant directories with high domain ranks. The only thing I noticed is they're linking to their clients website, which are all high authority websites. So do external links count towards your MozTrust or Rank?
Moz Pro | | SeanConroy1 -
How to download an entire Website (HTML only), ready to rehost
Hi all, I work for a large retail brand and we have lots of counterfeit sites ranking for our products. Our legal team seizes the websites from the owners who then setup more counterfeit sites and so forth. As soon as we seize control of a website, the site content is deleted and subsequently it falls out of the SERPs to be immediately replaced by the next lot of counterfeit sites. I need to be able to download a copy of the site before it is seized, so that once I have control of it I can put the content back and hopefully quickly regain the SERPs (with an additional 'counterfeit site' notice superimposed on that page in JS). Does anyone know or can recommend good software to be able to download an entire website, so that it can be easily rehosted? Thanks FashionLux (Edited title to reflect only wanting to download html, CSS and images of site. I don't want the sites to actually be functional - only appear the same to Google)
Moz Pro | | FashionLux0 -
Website migration
hi, I have to "refurbish" a website from scratch. This domain is quite old (2004) and has got a good audience. 1/ Is there a tip or a tool to guess with witch kind of framework (cms) is it made from ? I mean drupal, joomla, ezpublish, wordpress ..as i can't see it from code source. 2/ Have you got any method to migrate the old database (seems to be iis with asp language) into a new one (i work with php mysql) ? 3/ In order not to loose rankings in Serp, is there a tool to list the main urls with best link juice ? I will then redirect them with a 301 redirection in an .htaccess file. Many thanks..
Moz Pro | | mozllo0