Page 1 of 4 123 ... LastLast
Results 1 to 10 of 35

Thread: Site hacked

  1. #1
    Platinum Member Marq's Avatar
    Join Date
    May 2006
    Posts
    1,296
    Thanks
    73
    Thanked 283 Times in 216 Posts

    Site hacked

    Went into my my website to find a dreaded google warning message that my site hosts malware and 'visiting this site may harm your computer'.

    I discovered that a few files had been hacked and a bunch of javascript code had been added at the end of the files.

    Seeing as its just a static site with no sql or other means to break in, I assume they came in through the front door.

    So I queried this with webafrica, who are avoiding the issue and telling me I must change my website write permissions and then it will be safe.

    Can anyone tell me whether this is my fault or should I not expect this isp to safeguard our sites from basic scenarios like this?

    Besides being elusive about the situation, this isp continues to be obtuse and unhelpful whenever I have a problem. Is it normal to be treated as if one has a degree in this stuff and they talk down to you like a turkey or do you get helpful people out there in isp land who would guide you through a situation like this.

    Obviously I had a problem but their initial response is ..send us an email and we will respond sometime. Then next came the ....it will cost me R300 for a restore from their side message, then nothing.......I reloaded the site and then had to figure out the google resubmit and webmasters tools etc to get back in action. No help from Webafrica........Its obviously time for a change.........mmmmm........yes I feel a new years resolution coming on.
    The cost of living hasn't affected its popularity.
    Sponsored By: http://www.honeycombhouse.com

  2. #2
    Site Caretaker Dave A's Avatar
    Join Date
    May 2006
    Location
    Durban, South Africa
    Posts
    20,977
    Thanks
    3,055
    Thanked 2,462 Times in 2,067 Posts
    Blog Entries
    12
    You need to check the folder permissions for your public folder and subfolders. If it's straight HTML pages, set them to read only....

    Change your password (and username if possible)!

    Also check for unauthorised or non-password protected FTP user profiles.
    The trouble with opportunity is it normally comes dressed up as work.

  3. Thanks given for this post:

    Marq (25-Dec-09)

  4. #3
    Diamond Member tec0's Avatar
    Join Date
    Jun 2009
    Location
    South Africa
    Posts
    4,270
    Thanks
    1,656
    Thanked 439 Times in 386 Posts
    Blog Entries
    3
    Well ISP’s do think that god made them better. That is basically the problem with any tech in these times. “I am so good I love myself” types that think the normal people are stupid and not worthy of their time.

    What Dave suggested is a good start also I would recommend you have a long look at your contract and their policies on protecting your website. I am sure that they made some commitment... And then you contact them and tell them you are not getting the service you are paying for and you think that the consumer council must be involved. Also it would be a good time to get names and a contact number for a manager.

    Make waves!!
    peace is a state of mind
    Disclaimer: everything written by me can be considered as fictional.

  5. Thanks given for this post:

    Marq (25-Dec-09)

  6. #4
    Email problem tonyflanigan's Avatar
    Join Date
    Dec 2009
    Location
    East London
    Posts
    122
    Thanks
    85
    Thanked 29 Times in 27 Posts
    One of my client's site was hacked a few weeks ago. Google informed my ISP, who let me know. I got the mail about ten minutes after Google sent it, and telephoned my ISP right away. He had already fixed what was broken, tossed what was not original, and I was able to mail Google to let them know the site was squeaky clean and wholesome again.

    I pay a bit more than I would were I to use another vendor, but have been with my ISP for some years. I have never had reason to be even slightly disgruntled, as he is hands-on, and jacked up. The sorta ISP I need cos I am seriously tech challenged.
    Last edited by tonyflanigan; 24-Dec-09 at 09:27 PM.
    I'm one of the T's from TnT Unleashed Web design, photography and writing services
    http://www.1pic4twenty.co.za

  7. Thanks given for this post:

    Marq (25-Dec-09)

  8. #5
    Platinum Member Marq's Avatar
    Join Date
    May 2006
    Posts
    1,296
    Thanks
    73
    Thanked 283 Times in 216 Posts
    Thanks - Tony - do not be shy, I am in serious need of of a new isp.....which isp are you talking about - If only I could get that type of service? You can make a list if you are not sure about promoting them and just make sure they are first on the list.
    The cost of living hasn't affected its popularity.
    Sponsored By: http://www.honeycombhouse.com

  9. #6
    Email problem tonyflanigan's Avatar
    Join Date
    Dec 2009
    Location
    East London
    Posts
    122
    Thanks
    85
    Thanked 29 Times in 27 Posts
    lol! I'm not shy, far from it, I just don't wantto be smacked around, thrown against the wall, and shot at dawn for furthering commercial interests on the forum!

    Speak to Collin, on his cell now, or e-mail him, as he is "on leave", at the moment.
    You can tell him I referred you, I don't get commission or kick-backs or anything, just a "noddy badge" and a "red smartie".

    Tel Number : 041-3630535 (9:00am - 4:30pm)
    Fax Number : 086-6762661
    Email Address : support@bisnet.co.za
    Cell : 083-9963068
    I'm one of the T's from TnT Unleashed Web design, photography and writing services
    http://www.1pic4twenty.co.za

  10. Thanks given for this post:

    Marq (26-Dec-09)

  11. #7
    Diamond Member AndyD's Avatar
    Join Date
    Jan 2010
    Location
    Cape Town
    Posts
    4,400
    Thanks
    513
    Thanked 854 Times in 687 Posts
    Of the various ISP's I have dealt with I can recommend eNetworks. They're a smallish business oriented ISP in Cape Town, not the cheapest but good value for money and a pleasure to deal with. I have no vested interest in their business.

  12. Thanks given for this post:

    Marq (19-Jan-10)

  13. #8
    Platinum Member SilverNodashi's Avatar
    Join Date
    May 2007
    Location
    Johannesburg, South Africa
    Posts
    1,172
    Thanks
    11
    Thanked 188 Times in 136 Posts
    No offence, tec0, but if we (ISP's) have to keep tab on every client's website that was hacked, then when exactly do you think our staff will find time to do their work?

    Website gets hacked due to the followintg reasons:
    1. weak passwords - on control panels / FTP accounts / email accounts / etc.
    2. Outdated scripts on websites, most commonly on Joomla / Wordpress / phpBB / SMF / vBulletin / etc.
    3. the client access his control panel / FTP account / email account from a public PC (internet cafe / "friend's house" / airport / library / etc) and either left the account logged in, or there was a keylogger on that PC.

    - In all the cases above, it's the client's responsibility to make sure he's passwords are strong.
    "MyPass1234" isn't strong! Use something like "PN45%@na8!".
    - If the client allows others to access his control panel, for example a 3rd party web designer, then that person can wreak havoc - which often happens when the client & the designer have a fight about the costs of the project.
    - If you ABSOLUTELY have to access your control panel from a public PC, then make sure you clean out all cookies, password, temporary internet files, etc from the PC, and change your password immediately afterwards.


    I see these things happen a LOT. And while the client believes that it's our fault for not keeping the servers secure and allowing others to access their control panels, it's not. NO FIREWALL will ever keep a website secure, if the client's password is compromised. In fact, if the servers were insecure (for example, in WA's case), then the WHOLE SERVER would have been compromised, not just your website!

    If the bank had to hold your hand while you walk down the street to draw cash, then there would be no people left in the bank to operate the bank. How then, do you expect your ISP to pay a staff member to keep an eye on your website 24/7/365 ?
    Get superfast South African Hosting at WebHostingZone

  14. #9
    Diamond Member tec0's Avatar
    Join Date
    Jun 2009
    Location
    South Africa
    Posts
    4,270
    Thanks
    1,656
    Thanked 439 Times in 386 Posts
    Blog Entries
    3
    Well it is true that weak passwords are to blame but again, no... If everything is our responsibility, and the ISP are only the host with no commitment to security what-so-ever then specify it in the contract. Also you can specify the length of the password and you can set-up a rule that will force the user to use caps and what not for their passwords. But this is not being done because some ISP’s found the system to difficult others just don’t worry about it.

    In the end of the day if you expect your client to be more educated then you then yes, but some clients are new to this world and the ISP needs to make sure that the client is protected on a basic level. But if it is a sink or swim scenario you want then chances are you will have a few people drowning and a negative image towards hosting in general.
    peace is a state of mind
    Disclaimer: everything written by me can be considered as fictional.

  15. #10
    Platinum Member Marq's Avatar
    Join Date
    May 2006
    Posts
    1,296
    Thanks
    73
    Thanked 283 Times in 216 Posts
    Valid comments.......if true:-

    except, using your analogy - if the bank cannot hold the money properly in its vault, is it the customers fault when someone breaks in and steals the cash?

    Would they - not tell the customer that his cash has gone and wait for him to say 'hey where's my cash?'

    Would they after being informed that the cash is missing - ignore the customer and not inform him how to rectify the situation, say for example through insurance.....(ok don't answer that one - they probably wouldn't either - lol)

    And - these situations are controlled by the software- there is no staff member anyway looking after your site 24/7/365.

    And - Yes - I expect, cause I know jack about these things, for the experts to tell me and inform me that my site is at risk. That is why there is a monthly payment for hosting. Google send the isp a message that the site has been hacked - its a simple procedure to pass that message on so that even if it is the clients fault - they can do something about it.

    And - how do I know whether I was the only site hacked - the isp is not going to tell me or the world that they have a problem with many sites being hacked - not good business practice.

    Our hosting service has successfully been migrated to our new network, immediately offering massive resource increases to our locally hosted offerings....As we will now be operating our own network and IP’s, we will have full control over the performance and quality of the ADSL network.
    Thats the message received a few days before the site was compromised. What must I make out from that - that they have a problem and moved their service?......or did someone find a hole after they moved to their own network?
    The cost of living hasn't affected its popularity.
    Sponsored By: http://www.honeycombhouse.com

Page 1 of 4 123 ... LastLast

Similar Threads

  1. Build your own web site, it is easy
    By pietpetoors in forum Marketing Forum
    Replies: 55
    Last Post: 09-Mar-10, 09:12 PM
  2. Get links to your site
    By Ryan S in forum Marketing Forum
    Replies: 9
    Last Post: 12-Aug-08, 12:05 PM
  3. Yahoo site explorer
    By duncan drennan in forum Technology Forum
    Replies: 6
    Last Post: 05-Aug-08, 10:23 PM
  4. [Article] Online Media Optimization (Post 100)
    By Chatmaster in forum Marketing Forum
    Replies: 1
    Last Post: 21-Sep-07, 02:35 PM

Tags for this Thread

Did you like this article? Share it with your favourite social network.

Did you like this article? Share it with your favourite social network.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •