Hacked Sites -- What Does YOUR Hosting Company Do?

Judy,

ServInt is really great about this stuff. I've used at least 9 different hosting companies within the past 4 years, and they are by far the best. Their support is on top of it.

I know I had 1 site that was hacked, and all I did was tell them the domain. They had it cleared up within an hour, plus watched the account logs for a while. The support staff claims it is a part of their service.

Not bad aye?

My experience has been that you're on your own, it's not the hosting co's responsibility IMO. Can you imagine if they were responsible? People upload all kinds of scripts and crap that is most of the time full of holes, how can they have control over that?

That's why shared hosting environment suck for the most part. Usually it's because you can't really warrant the expense of a dedicated server and server administrator so that's why you're opting for shared hosting. So you're stuck on a server with a ton of other people that can upload things that will put everyone else on that server at risk too.

Even with a dedicated server and a good server administrator, you're still not 100% secure. Basically if a hacker REALLY wants to get in your site, they will, no matter what your efforts are. So for this reason, it's better to plan ahead and be pro-active rather than re-active. By that I mean; ask yourself what happens if tomorrow a hacker gets in my site and deletes everything? How quickly can you recover everything, discover how they got in and then patch the hole?

Every serious business owner doing business online should ask themselves this question. When it actually happens it's too late if you've not planned ahead for the possible scenario. You should have a good backup system in place both local and remote (the more backups the better! I know this from experience unfortunately!) and you should have someone available (a server admin ) to be able to help you get back up, study logs, find the hole and patch it. Ask yourself which is more expensive, losing everything or the expense of having a good system in place to recover.

Most hacks on smaller sites nowadays are just automated bots that scour the web for known holes and auto-exploit them, there's usually not actually a hacker sitting and manually hacking your site in particular, usually it's hundreds or thousands at a time.

That's the reason that popular scripts like Wordpress have to constantly keep up with patch holes. It doesn't mean they're any less secure than other less-known scripts, it's just because it's much more efficient for a hacker to find a hole in a script that he knows there are hundreds of thousands of sites running it, that way he can just build a crawler than will look for installed Wordpress sites and look for known paths like /wp-admin/.... and then he can build his auto-hack both to exploit all those sites at once.

not bad at all, Mary.
I was surprised that it was done at all -- and, in fact, had just been something that hadn't occurred to me.

As someone who has too many hosting accounts as it is, it's just interesting to me the different philosophies -- and, in doing webmaster stuff for folks, I like to be able to refer them to hosting companies that DO do this (and steer them away from the ones that don't). And, in fact, I'm involved with a hosting company, as well.

@francof -- totally agree on downside risk planning. As I say, I was surprised that any hosting company did this. But I *am* interested in knowing what companies DO provide this (even if it might change in the future.)

Live JoyFully!

Judy

I should say though that even if it's not their responsibility, many good hosts will still help you when it happens. My experience for dedicated servers (and I've been through MANY datacenters over the years) is hands-down LiquidWeb. No one can beat their customer service IMO. They're not kidding when they say they have heroic support. I'm always amazed at how quick they reply to help request, how pro-active they are with fixing issues (without even asking them, they have kick-ass monitoring and auto-escalating procedures). They're a little more expensive than some but as they say... you get what you pay for and when it's to host your business, I suggest you get the best.

When about 40 of my website were defaced, I asked my previous hosting agent, (notice I say that in a past tense), if they noticed any abnormal activity to help me trace out how I was hacked.

Here was the response "Oh, ya we see for about 6 weeks a couple of IP addresses were running a ton of ftp traffic against your account".

My response, "in other words, you were seeing excessive ftp traffic trying to authenticate with multiple passwords, is that right?"

Their response, "seems like it"

My response, "and you didn't contact me because....?"

Their response "Don't know?"

My response "and you didn't just turn off that IP because....?"

Their response "Not our responsibility"

My response "Please, close my account. You are not a trustworthy service provider"

Their response "Oh, ok."

I've often wondered if I was talking to a plumber or a janitor there. Guess I'll just never know!

Frank

First time when my website was hacked, I went to complain about the situation to my hosting company but surprised to see that was also hacked Anyway they retrieved there website in few hours but I had to wait few days to get my site back from their backup server.

In my experience hacks have been due to insecure scripts or poorly chosen passwords, such as their dogs name or their football team. Whilst they can clean it up, it is probably only a matter of time before the scripts or poor passwords are hacked again.

Server exploits or exploits to do with such things as forums make up a smaller percentage of hacking attempts. Once again this has been my experience, having done hosting for 13 years.

I back up my server and databases daily. No attacks yet but if they happen, I am ready to roll as I have my very own webserver (that I made myself)

I just had two of my wordpress sites "defaced" last week. I'm a total newbie when it comes to dealing with databases and such, but hostgator got back to my panicked emails within a couple of hours with instructions on how to recover my password and reset my email, and then one of their tech's went in and cleaned up malicious code left on the sites as well. Within 5 hours the sites were restored. Fortunately no data was lost, and it was a valuable lesson!

When my cpanel was hack my isp emailed me and said they will be closing the account.
They closed the account backed up my cpanel and gave me a new account,
assisted in restoring my databases and website folders and it was relatively seemless.
Then they gave me the logs to analyze why and where i was hacked.

I have a dedicated server. If it's not a hardware problem, my host doesn't touch it. Which is exactly the way I want things.