Skip navigation.
Home
Free Online Computer Help Community

Was your website hacked? Was your Web Hosting account compromised and abused?

Computer Help's picture

Are you a victim of hackers taking over your hosting account or website defacement?

Why?
Whether you are on a shared host or you operate and run a VPS/VDS or a Dedicated Server. If the security of your account or website has been compromised by hackers, most likely this is nothing but your own fault. I see this kind of thing on a daily basis where I work answering support tickets for a web hosting company. The clients first relation is that they freak out and usually try to blame the host. This is because they lack the information of how to keep their websites secure and that in most case's, it has nothing to do with the actual security of the server. Most web hosts regularly monitor for Kernel updates that are released any other exploits that could cause any kind of harm to their servers. These kinds of actions normally keep the global or overall security of the server locked down and hardened. However, The issue comes into play when (you) the client begins to use scripts which may use PHP, Perl, or other things on the server. While these may be up to date, scripts can easily be manipulated and abused to the point where the security of your entire account can be compromised.

Popular scripts that web hosting clients may use like Wordpress, Drupal, VBulletin, phpBB, TikiWiki, Mambo, Joomla, or anything else that is really popular on the internet are #1 targets for black hat hackers in their attempts to find exploits in the scripts security. Why? This is because if you were a hacker, why would you waste your time finding exploits in a script no one uses? When you do find a security hole in a script, you want to be able to abuse or compromise as many accounts as possible. Make sense? If your going to use these kinds of scripts on your account then you have to be responsible enough to keep them updated as new versions are released. The main reason why they do this is because they become aware of most of these exploits found by hackers and rewrite the code in their scripts to close the exploitations in their scripts as they become known.

I know for sure that newer versions of Word Press now have a feature that allow you to auto update the Word Press script with a single click in the Word Press control panel. I also know from personal experience that Drupal can check with a main server to check for any kind of security patches for the Drupal Core or it's Add On Modules or Plug In's. If the script that your not using does not have a feature like this, then I would recommend checking the script developers website about every 3 weeks for new updates then.

If you run a VDS or Dedicated server then the global security as well as script security will probably become your responsibility depending if your host is managing your server or not. Most hosts will not manage your server without paying an additional fee due to all the time and resources needed in order to protect your server. I see it all too often where people try to be cheap and do things themselves without doing the research. There is *NO* Magical Internet God running around the net protecting your servers and keeping your security up to date.

Restoration

Hopefully you keep regular full account back up's in your cPanel, or whatever you might be using to administrate your accounts. If not, ask your host if they have a back up system in place and see if they can restore to a date where you were not hacked. Now just because you may have been able to restore your account, doesn't mean that you won't get hacked hours after restoration. You need to quickly remove all poorly coded or inactive scripts from your account and make sure all passwords are long a secure. What I mean by a secure password is something at least 12 characters long, with a mixture of letters and numbers not using any words from the English Dictionary. The next step is to then visit all of the developers websites of all the scripts you are actively using and then apply the updates to your scripts.

If your not able to restore from a previously working back up, you will have to try to remove and kind of redirect coding or injections from your website pages to make them viewable again. There are many scripts out there that you or your host can run to massively remove the code from all your files. If you need one of these scripts, please post a thread in the forums and explain your situation and your website address where the hack or redirect can be seen for help.

Comments, Questions, Suggestions always welcome. Take (2) minutes and register a free account to post a comment or to post on the forums. Thanks for reading.