Site hacked

You need to check the folder permissions for your public folder and subfolders. If it's straight HTML pages, set them to read only....

Change your password (and username if possible)!

Also check for unauthorised or non-password protected FTP user profiles.

Well ISP’s do think that god made them better. That is basically the problem with any tech in these times. “I am so good I love myself� types that think the normal people are stupid and not worthy of their time.

What Dave suggested is a good start also I would recommend you have a long look at your contract and their policies on protecting your website. I am sure that they made some commitment... And then you contact them and tell them you are not getting the service you are paying for and you think that the consumer council must be involved. Also it would be a good time to get names and a contact number for a manager.

Make waves!!

One of my client's site was hacked a few weeks ago. Google informed my ISP, who let me know. I got the mail about ten minutes after Google sent it, and telephoned my ISP right away. He had already fixed what was broken, tossed what was not original, and I was able to mail Google to let them know the site was squeaky clean and wholesome again.

I pay a bit more than I would were I to use another vendor, but have been with my ISP for some years. I have never had reason to be even slightly disgruntled, as he is hands-on, and jacked up. The sorta ISP I need cos I am seriously tech challenged.

Thanks - Tony - do not be shy, I am in serious need of of a new isp.....which isp are you talking about - If only I could get that type of service? You can make a list if you are not sure about promoting them and just make sure they are first on the list.

lol! I'm not shy, far from it, I just don't wantto be smacked around, thrown against the wall, and shot at dawn for furthering commercial interests on the forum!

Speak to Collin, on his cell now, or e-mail him, as he is "on leave", at the moment.
You can tell him I referred you, I don't get commission or kick-backs or anything, just a "noddy badge" and a "red smartie".

Tel Number : 041-3630535 (9:00am - 4:30pm)
Fax Number : 086-6762661
Email Address : support@bisnet.co.za
Cell : 083-9963068

Of the various ISP's I have dealt with I can recommend eNetworks. They're a smallish business oriented ISP in Cape Town, not the cheapest but good value for money and a pleasure to deal with. I have no vested interest in their business.

No offence, tec0, but if we (ISP's) have to keep tab on every client's website that was hacked, then when exactly do you think our staff will find time to do their work?

Website gets hacked due to the followintg reasons:
1. weak passwords - on control panels / FTP accounts / email accounts / etc.
2. Outdated scripts on websites, most commonly on Joomla / Wordpress / phpBB / SMF / vBulletin / etc.
3. the client access his control panel / FTP account / email account from a public PC (internet cafe / "friend's house" / airport / library / etc) and either left the account logged in, or there was a keylogger on that PC.

- In all the cases above, it's the client's responsibility to make sure he's passwords are strong.
"MyPass1234" isn't strong! Use something like "PN45%@na8!".
- If the client allows others to access his control panel, for example a 3rd party web designer, then that person can wreak havoc - which often happens when the client & the designer have a fight about the costs of the project.
- If you ABSOLUTELY have to access your control panel from a public PC, then make sure you clean out all cookies, password, temporary internet files, etc from the PC, and change your password immediately afterwards.


I see these things happen a LOT. And while the client believes that it's our fault for not keeping the servers secure and allowing others to access their control panels, it's not. NO FIREWALL will ever keep a website secure, if the client's password is compromised. In fact, if the servers were insecure (for example, in WA's case), then the WHOLE SERVER would have been compromised, not just your website!

If the bank had to hold your hand while you walk down the street to draw cash, then there would be no people left in the bank to operate the bank. How then, do you expect your ISP to pay a staff member to keep an eye on your website 24/7/365 ?

Well it is true that weak passwords are to blame but again, no... If everything is our responsibility, and the ISP are only the host with no commitment to security what-so-ever then specify it in the contract. Also you can specify the length of the password and you can set-up a rule that will force the user to use caps and what not for their passwords. But this is not being done because some ISP’s found the system to difficult others just don’t worry about it.

In the end of the day if you expect your client to be more educated then you then yes, but some clients are new to this world and the ISP needs to make sure that the client is protected on a basic level. But if it is a sink or swim scenario you want then chances are you will have a few people drowning and a negative image towards hosting in general.

Valid comments.......if true:-

except, using your analogy - if the bank cannot hold the money properly in its vault, is it the customers fault when someone breaks in and steals the cash?

Would they - not tell the customer that his cash has gone and wait for him to say 'hey where's my cash?'

Would they after being informed that the cash is missing - ignore the customer and not inform him how to rectify the situation, say for example through insurance.....(ok don't answer that one - they probably wouldn't either - lol)

And - these situations are controlled by the software- there is no staff member anyway looking after your site 24/7/365.

And - Yes - I expect, cause I know jack about these things, for the experts to tell me and inform me that my site is at risk. That is why there is a monthly payment for hosting. Google send the isp a message that the site has been hacked - its a simple procedure to pass that message on so that even if it is the clients fault - they can do something about it.

And - how do I know whether I was the only site hacked - the isp is not going to tell me or the world that they have a problem with many sites being hacked - not good business practice.

Thats the message received a few days before the site was compromised. What must I make out from that - that they have a problem and moved their service?......or did someone find a hole after they moved to their own network?

So, how do you propose the ISP's keep tab on what you do? Think about this, for a moment.
How will a firewall help in this case? Your website is supposed to be "open on the internet", so the firewalls really only protect the servers / switches / routers / etc.
If you (not you personally, the client) installs Joomla, and insists on using "Johny" as an admin password, then that's NOT the ISP's fault or responsibility. And if the client insists on using "Jonhy" as his email password, then again that's not the ISP's fault.

We, for example, have a minimum password strength of 65 - which is rather high, you need a capital letter a lower case letter, a digit, and non-numeric password. To get 65 score on most encryption algorithms, you also need a minimum of 6 characters. But this is only effective on our own servers, where we have control over it, for example with cPanel, FTP, email, etc. This doesn't help you if you have a weak admin password in your Joomla installation.


BUT, my point is still, if you access your control panel from the internet cafe in town, then NO SECURITY in the world will help you.

Re: the comments on the bank: No matter how strong their vaults are, how secure their entire operation is, etc, if you go and withdraw R10,000 cash from an ATM in Hillbrow, then it's your own fault for being robbed.


While we all like to blame someone else for problems that happen, we also need to be mature enough to take responsibility for our own actions. I can't vouch for another ISP, but I get a bit upset if it's always "the stupid ISP that is to blame".

I dont think this should be a blame game cause neither side can really prove their case.

What I do think is that there appears to be this unwillingness for isp's in general to help out given the various scenario's that can go down.

When my site was hacked, the isp closed up ranks in an immediate 'its not our fault - you will have to sort it out' mode. It would have gone a long way, if they had firstly notified me, cause they knew the situation had gone down, and when I inquired, told me and guided me through resolving the situation. If they had gone into help mode, this thread probably would not be out there for discussion.

The tones of their emails was that I was bugging them as an irritating client.

I do think that isp's, instead of telling me they have a Brazilian clients, a gazillion gigs, a hoard of network wiring, a pentaflop of technical geeks and they are the greatest thing since the external harddrive - that they should concentrate on ensuring that I am aware of these very things mentioned , like adequate passwords, surfing at the internet cafe and local hotel, poor and old software and furthering my education so that I do not pose a threat to the whole system. And if I do ask them a question or have a concern, they take their time out to ensure that I understand the answer or have a warm feeling at the end of the call or email.

My son, who fixes PC's and does IT type stuff, gleefully told me the other day that there are really stupid people in his town, they don't even know how to switch on their PC. When I pointed out that firstly a while back until he had been shown, he did not know how to switch the machine on either, and also that if it wasnt for these 'stupid' people that he also calls clients, he would be holed up in our spare room wondering if he was going to eat that day; his gleeful expression changed as has his disposition towards his clients.

Sure, but this isn't really the same thing. Is it the banks fault if you wrote your PIN on your card, and lost you card, thereby giving the thieves the money? IS this the bank's fault?

OR, if your PIN is 12345 / 24680 / 13579 - which although they may look "secure" to you, can be guessed very easily. You need to "think out of the box". The average human being is not a genius, and tends to forget things very quickly, especially with numbers. SO, most people will have a PIN / password they they can remember & pronounce. And, surprisingly, cracker bots are written to look for passwords with easy-to-make-up and easy-to-remember combinations. Even something like Bob@123 is easy enough for a computer bot to find.

You're right, the bank won't. But could probably offer such a service @ a extra premium, and ISP's more than often have backups of data as well, which they may or may not charge for above your monthly hosting costs.

Could your website be restored from a backup?
And could you, or the ISP determine where & how the hackers got in? This is the question which should make you decide to look for a better ISP though. I agree, if they don't support you afterwards then you may need a better ISP.

Yes, and now. How will software know that a change on your website was a defacement, or a legit change? For example, how will a software program know that if there was changes made to this forum, that it's actual form posts, and not hackers? Someone still have to watch it, even if the software application send them an email saying there was changes. Imagine how many emails Dave's ISP's staff will get today, saying "There was a possible hack attempt on http://www.theforumsa.co.za, please investigate."


Really? DO you really expect your ISP to know about EVERY change you make to you hosting account & website? So if you decide to try out a new PHP script, do you want them to automatically detect that you have installed it, and then tell you that it's insecure? OR to "advise" you to use something else, something better? Do you think this is worth the R50pm you pay them every month? How long do you expect they will be in business if they need to employ 200+ staff members @ say R5000pm, to watch your R50pm website for any changes made by you, at all.

Think about it this way, you have a business which you need to protect from various elements - floods, lightning, fire, theft, robbery, bankruptcy, etc. Who's responsibility is it to make sure these things are all looked after? Even though I don't much about most of these things, It's my responsibility to find out about it, and learn what todo. I need to employ a guard, pay for an alarm system & armed response company, employ knowledgeable accountant, make provision for fire & floods ( in our case make sure we have off-site data backups, redundant internet connections, etc). Even if the shop I rent cost R20k/pm, it's still my own responsibility, not the landlords (even though my shop is on his premises, and I think that he should keep the thieves out), or the municipality's (for not making this a safer town), or even (as an example) Los Angeles' fault cause they have earth quakes.

True, but they may choose not to disclose this info, as it could lead to thousands of other hackers trying their hand to take this ISP down. Bear in mind that this, and every other ISP is in competition with all other ISP's, and another ISP could very well have employed the hacker(s) to take down WA. IF they were to disclose this info, then the hackers / competition won, and there would be chaos.

Well, what do they say? Is there any link with this? I don't know what they did, or how they operate.

But, if it was my business, and I would have made this move, then I would either have moved the same servers that your website was running on to a new location, i.e. nothing on the servers would have changed except for the IP addresses and there would be no coincidence with the 2 matters.

If, on the other hand, the servers can't be moved like this, to avoid downtime, then the new server(s) would be setup at the new data centre, with all security measures in place already, and the migration would happen in real time

That is an interesting coincidence.

It had me thinking when I moved TFSA onto a VPS. Here's a few thoughts that flitted through my mind reading that and Softdux - you'll probably know the answers.

If you're on a reseller account and you transfered your accounts onto a shiny new VPS or dedi on another service, what are the chances that all the security and permission settings will remain the same?

What if that shiny new VPS or dedi is not on a managed package with experienced server techs tweaking the "default" security settings?

What if the old files were left on the old server and someone from the old firm was p'd off or bored?

Of course if they were really setting up their own server from scratch and weren't techs, I'd be truly sh*tting myself.

Great idea - yes

For sure - I pay a lot more than what you deridingly assume I do, and if all I am getting is some space on a server and no other service as you are suggesting then its damn expensive.

Lets see - 200 staff X R5000 salary = R1mill
25000 clients (WA's claim) X (your) R50 subscription = R1.25mill
But on this basis - seeing as I make a change every three to six months on the odd page - thats say 8000 clients changing stuff over the year for the 25,000 clients divided by 200 staff = each staff member must monitor and worry about 3,3 changes a month. So 200 staff is way too much. So if each staff member looks after one client change a day - thats about 25 staff needed. They will be in business a long time and have happy clients.

The point though as we can see in your answer is that the client is always in the wrong. Take the pin code for example - I did not give it away. I say the isp let it out of the bag - but you automatically gave them the benefit of that doubt.

A restore was eventually offered by WA for an additional R300 - I had to suck them for the answers - it then turned out they only keep backup for 7days and did not have a clean version as the hack had happened prior to that. So they expected me to buy my site back from them after they lost it.

I could not find how the hackers got in and the isp sure is not going to admit to having holes - so one will never know the answer to this.

If google can assume a malware hack and stop the site loading then I do not believe that the isp is unable to run software against their clients pages to look for the same, so I do not believe this is mission impossible. Similarly they could run software against the dates of files and scripts that may indicate old and vunerable software. This could then be offered as a service to the client to update the site for the client...at a cost of course. If that was offered and then refused and an attack occurred, well now theres a reason to say I told you so.

From what I can feel, there is this thought that because the service is so cheap it does not include anything beyond storage and there is no responsibility out there in isp land.

Like I said - all we want is some service, good advice and accountability, which we assume is in the monthly hosting fee. Denial of that service and hiding behind technical issues, when things go wrong, is no different to the insurance guys who let you believe you are covered and then run and hide when the claim happens.