17 {{ upvoteCount | shortNum }}
17 {{ upvoteCount | shortNum }}

My website Got Hacked. Hostgator Solved It. Now I need Your Help

by Davioli
13 replies
I am freaking out.

My website started redirecting to a Russian domain randomly. Once every few times (i am not sure how they do this)

I contacted Hostgator and they cleaned it within 20 mins (I love you Hostgator)

Now I need some help.

1) My website was hacked for 2 to 5 hours( I have no direct record. Waiting for hostgator to tell me exactly when it was hacked and started redirecting) Will this affect my Google Rankings or will the fast cleanup prevent that?
(Google webmaster tools shows no malware alerts)

2) They told me the cause of the attack was because of an unsecure FTP login (I'm not loggin in to my website right now.. using my current comp. I will format my computer tomorrow and use the new password hostgator sent me)

3) I need someone who is into this security stuff to recommend a high end security monitoring firm. I need one that can monitor my website in realtime and assist in making my website secure. I need a paid service.
(I have already emailed hostgator asking for their suggestion.. but if you know of a good website please respond and let me know)


This website is my bread and butter. It provides a full time income. Please make your websites secure.

(please don't respond with comments saying "I told you so" trust me I've done everything possible to keep my website + wordpress installations secure. I almost died when this happened)
#hacked #hostgator #solved #website
  • Profile picture of the author Virginia M. Clemmons
    Since Hostgator track the hacking back to an unsecured FTP login. I believe if you ask hostgator for sftp (Secure FTP) then they can set that up for you free of charge. Since, I don't have Hostgator I can't tell you how to go about this request.

    Also, once its setup, you must make sure that your FTP client is set to port 22 or 2222 for most hosts. Hostgator should give you the correct port number once it's setup.

    Port 21 is the default for most FTP clients and it allows anyone to pick up your username and password without your knowledge. Port 22 or secure FTP encrypts this info automatically to protect you from that type of hacking.

    Hope this helps,
    Virginia Clemmons
    Signature

    {{ DiscussionBoard.errors[4496794].message }}
  • Profile picture of the author Kierkegaard
    "1) My website was hacked for 2 to 5 hours( I have no direct record. Waiting for hostgator to tell me exactly when it was hacked and started redirecting) Will this affect my Google Rankings or will the fast cleanup prevent that?
    (Google webmaster tools shows no malware alerts)"

    I had a site that got hacked and had the Google malware alert pretty quick. I cleaned it all up and didn't lose any rankings. It was in a popular niche too. My hosts were next to useless.
    {{ DiscussionBoard.errors[4496854].message }}
    • Profile picture of the author Davioli
      Originally Posted by Kierkegaard View Post

      "1) My website was hacked for 2 to 5 hours( I have no direct record. Waiting for hostgator to tell me exactly when it was hacked and started redirecting) Will this affect my Google Rankings or will the fast cleanup prevent that?
      (Google webmaster tools shows no malware alerts)"

      I had a site that got hacked and had the Google malware alert pretty quick. I cleaned it all up and didn't lose any rankings. It was in a popular niche too. My hosts were next to useless.
      Hi, As yet I have no alert.
      I still haven't received a response from Hostgator regarding the duration of the attack.
      My website is also in a popular niche and I do over 2k visitors a day.
      Thank you for your reply.
      Signature

      {{ DiscussionBoard.errors[4496867].message }}
  • Profile picture of the author LMC
    Send me a PM with an email and phone number.

    I use a guy for my "big money" sites, he charges me $29.95 per site per year. If you give him more the cost is less.

    Just a friendly referral.
    Signature
    {{ DiscussionBoard.errors[4496871].message }}
    • Profile picture of the author LegitIncomes
      Originally Posted by LMC View Post

      Send me a PM with an email and phone number.

      I use a guy for my "big money" sites, he charges me $29.95 per site per year. If you give him more the cost is less.

      Just a friendly referral.
      Can you PM me this info too...thanks!
      Signature
      100% Unique Sales Page Website +100% Unique Internet Marketing Product
      + Support! All of this, just $397! (PM Me For Details!)
      {{ DiscussionBoard.errors[4497003].message }}
    • Profile picture of the author ashysda1
      Originally Posted by LMC View Post

      Send me a PM with an email and phone number.

      I use a guy for my "big money" sites, he charges me $29.95 per site per year. If you give him more the cost is less.

      Just a friendly referral.
      520 sites? thats crazy !! i think i know where my niche is going to begin .. I am getting excited but then my ideas change, i need to learn to hold on to one project
      Signature

      I'll make you an offer you can't refuse

      {{ DiscussionBoard.errors[4986609].message }}
  • Profile picture of the author fivealive
    Hostgator is a WHM/Cpanel based virtual host. SFTP is NOT an option for virtual hosts, you would need an actual dedicated server for that.

    Really what happened to him has nothing to do with the FTP traffic being snooped so its not much of an issue. When they say he had an unsecure FTP login, what they are saying is that someone used his user/pw to login. Having SFTP would not have helped one bit.

    SFTP sets up an encrypted SSH tunnel for the data that is being transferred to/from the FTP site. It protects the data as it is in transfer, it does nothing to protect the login.

    Chances are you were using a simple non-complex pw and someone used a brute force/rainbow table attack to figure out the credentials. Otherwise you could have had a Cpanel session hijacked if you logged in from a public internet access point that had a hacker snooping the traffic. Or you could have had a hacker silently connected to your personal wireless and snooping that traffic. Odds are though, it was the first scenario. Another scenario could be some form of maleware/virus that is on a computer you used while you logged into the FTP. What do you use for an FTP client?

    Make sure you always use unique passwords and make them very complex. This is security 101 but it is honestly the most effective thing you can do to protect yourself.

    You don't need to spend crazy bucks to stay on top of this type of thing. You could use a cheap basic site monitoring plan such as the basic plan here.

    A second hosting account is also always a good idea to use as a backup. Setup nightly backups of the website to the 2nd host. Also I always keep the NS's at the domain registrar and never change them over to a webhost. This way if something happens you can just switch the A record at the registrar and your site will be back online with the backup host in minutes.
    {{ DiscussionBoard.errors[4496955].message }}
    • Profile picture of the author Davioli
      Originally Posted by fivealive View Post

      Hostgator is a WHM/Cpanel based virtual host. SFTP is NOT an option for virtual hosts, you would need an actual dedicated server for that.

      Really what happened to him has nothing to do with the FTP traffic being snooped so its not much of an issue. When they say he had an unsecure FTP login, what they are saying is that someone used his user/pw to login. Having SFTP would not have helped one bit.

      SFTP sets up an encrypted SSH tunnel for the data that is being transferred to/from the FTP site. It protects the data as it is in transfer, it does nothing to protect the login.

      Chances are you were using a simple non-complex pw and someone used a brute force/rainbow table attack to figure out the credentials. Otherwise you could have had a Cpanel session hijacked if you logged in from a public internet access point that had a hacker snooping the traffic. Or you could have had a hacker silently connected to your personal wireless and snooping that traffic. Odds are though, it was the first scenario. Another scenario could be some form of maleware/virus that is on a computer you used while you logged into the FTP. What do you use for an FTP client?

      Make sure you always use unique passwords and make them very complex. This is security 101 but it is honestly the most effective thing you can do to protect yourself.

      You don't need to spend crazy bucks to stay on top of this type of thing. You could use a cheap basic site monitoring plan such as the basic plan here.

      A second hosting account is also always a good idea to use as a backup. Setup nightly backups of the website to the 2nd host. Also I always keep the NS's at the domain registrar and never change them over to a webhost. This way if something happens you can just switch the A record at the registrar and your site will be back online with the backup host in minutes.
      Thank you so much!
      I'm looking into the monitoring service.

      With regard to the FTP thing
      1) I use CoreFTP ( i have uninstalled it right now)
      2) It is likely that I may have malware on my computer because my password is very very secure. (slashes, hyphens and everything)
      Signature

      {{ DiscussionBoard.errors[4496972].message }}
  • Profile picture of the author fivealive
    The PW is complex but is it also unique? This is very important.

    You can have the most secure PW in the world but if you use it to create accounts all over the web with the same user name that can get you in trouble. Even big name companies are having DB's hacked these days. If your user/pw is on some random hacked user list floating around and its the same as what you use on your site, and they linked you to that site based on profile information off the hacked site... see where I am going with this.

    PW's should be unique for every site, esp those you care about.
    {{ DiscussionBoard.errors[4497002].message }}
    • Profile picture of the author Davioli
      Originally Posted by fivealive View Post

      The PW is complex but is it also unique? This is very important.

      You can have the most secure PW in the world but if you use it to create accounts all over the web with the same user name that can get you in trouble. Even big name companies are having DB's hacked these days. If your user/pw is on some random hacked user list floating around and its the same as what you use on your site, and they linked you to that site based on profile information off the hacked site... see where I am going with this.

      PW's should be unique for every site, esp those you care about.
      The password was unique. I used the password creation tool within Cpanel and then added my own characters to make it even more complex.
      I'm sacred of loggin in to my account right now. I will format and log in tomorrow.
      Signature

      {{ DiscussionBoard.errors[4497035].message }}
  • Profile picture of the author Davioli
    Hostgator replied to me.
    It was definitely malware on my computer since the website got affected when i used CoreFTP earlier today. Based on the logs the website was compromised for just under an hour before Hostgator fixed it.

    Thank god I noticed it fast or the effects would have been worse.

    I'm considering using Sitelock.com to monitor the website. I will also have to format my machine and take extra precautions when using any FTP software.

    I must say however that Hostgator have been fantastic throughout. I do take backup so worst case scenario I would have set up a new hosting account and changed domain nameservers.

    I will however heed FiveAlives advice and set up a parallel hosting account to be more protected.
    Signature

    {{ DiscussionBoard.errors[4497243].message }}
    • Profile picture of the author oran
      My experience with HostGator has been quite different.

      I've been hacked there at the server level for nearly 2 weeks. Daily tickets to Support have met with total indifference. At this point, they are basically calling me a liar for even hinting that hacking could be involved!

      I have now asked for escalation and plan to change hosts tomorrow.
      {{ DiscussionBoard.errors[4986502].message }}
  • Profile picture of the author TheKing
    Make sure you entered right file permissions for each file in your website...

    Below is the image which I made for you in order to understand more about file permissions

    Note :-Its just an example , Don't make this settings to any file without any knowledge of what you doing

    I hope this will help you
    {{ DiscussionBoard.errors[4986569].message }}

Trending Topics