25 replies
a website of mine on 2 domain was hacked first was hacked a month ago and another 2 days ago.. what should I do to increase their security?
#hacked #website
  • Profile picture of the author Eddie Titan
    What kind of website are you running?

    What type of platform do you use for your website? Is it a static website? Wordpress website?

    What type of web hosting platform are you using? Which web hosting provider are you with?

    Because I don't have a lot of information about your website(s), for now, I can only recommend that you change all of your passwords to something far more complicated than what you have now. Change your control panel password, MYSQL database password(s), ftp passwords, and email account passwords.

    Maybe this thread should be moved to one of the support forums?
    Signature
    New Members Challenge! Join me in 2012. Set an income goal for the New Year and achieve it!
    {{ DiscussionBoard.errors[5183545].message }}
  • Profile picture of the author luxinterior
    First thing I'd suggest is to contact your hosting company and see if they can help or offer advice. They've no doubt had experience with hackers before.

    Good luck

    Lux
    {{ DiscussionBoard.errors[5183547].message }}
    • Profile picture of the author artistic
      It is a wordpress site, and a site of online tv shows.
      {{ DiscussionBoard.errors[5183579].message }}
    • Profile picture of the author artistic
      Originally Posted by drunkenmonkey View Post

      I just made a similar post here:

      http://www.warriorforum.com/main-int...-hackings.html

      Are you with hostgator?

      It's happening to me almost daily.

      Getting really p*****d off now.
      No, using other hosting site, M2host. Facing many problems at the same time
      {{ DiscussionBoard.errors[5183597].message }}
      • Profile picture of the author christiehemme
        Originally Posted by artistic View Post

        No, using other hosting site, M2host. Facing many problems at the same time

        I will Suggest you to shift your site to a good quality and secured hosting site.
        Signature

        {{ DiscussionBoard.errors[5183625].message }}
        • Profile picture of the author artistic
          Originally Posted by christiehemme View Post

          I will Suggest you to shift your site to a good quality and secured hosting site.
          I think its a good hosting provider, as other sites are going fine but only 1 site was hacked twice
          {{ DiscussionBoard.errors[5183645].message }}
        • Profile picture of the author Dan Thompson
          Originally Posted by christiehemme View Post

          I will Suggest you to shift your site to a good quality and secured hosting site.
          In our experience this would just move the problem somewhere else, rather than resolving it. You can have the most secure server in the world but if you then upload badly coded file, you give the hackers a way in to the account.

          To the OP, ensure all scripts on your account are up to date with all security patches, and remove any scripts you no longer use.

          Run a full virus scan on your local machine to ensure no keyloggers have been installed, and don't save your FTP connection details in your FTP client. If your host supports it, connect using SFTP rather than FTP.

          If you want to keep up to date with the lovely world of Malware, I can recommend this blog:

          Sucuri - Protect Your Interwebs

          And they also provide a free malware scanner that you can run on your site:

          Sucuri SiteCheck - Free Website Malware Scans
          Signature

          I'm a director of D9 Hosting
          The only host in the world to offer a 1 Click DLGuard installation feature from within the cPanel.
          Join today, and receive a 10% discount by using the following coupon code: Warriors

          {{ DiscussionBoard.errors[5184845].message }}
          • Profile picture of the author lindamicheal
            i - Create Strong Passwords,

            ii - Install Security Plugins for Wordpress,

            iii - Don't Share password with anyone,

            iv - Don't even store them in your computer, store them in your brain and clear your work history often,

            v - If all the above doesn't secure your blogs in future , change your hosting.
            Signature

            My blog about Love Quotes

            {{ DiscussionBoard.errors[5184907].message }}
  • Profile picture of the author renukoot
    Friend First of all Change to another Good Host. I had read teh reviews of M2host & they are never been a stable hosting provider. Please transfer your site to other reliable host. You can serach this forum to get the knowledge/ review about other Hosting plans. Choose what suits you best. But offcourse not M2host please.
    Signature
    www.caressl.com - Upto 75% Discount on SSL Certificates & Website Scanner. If you don't find what you looking for, raise a support query and we will get you that SSL Certificate.
    {{ DiscussionBoard.errors[5183631].message }}
  • Profile picture of the author Buum
    What theme are you using?
    Do you use timthumb? If so, update to the newest version

    I had similar problems and had to change theme. I don't remember but I was using one which was not secure.
    {{ DiscussionBoard.errors[5185326].message }}
  • Profile picture of the author ChadOath
    Change all of your passwords. If you can't change hosts, at least ask them to change you to another server. That server may be compromised.
    {{ DiscussionBoard.errors[5185772].message }}
  • Profile picture of the author Ezyboy
    Originally Posted by artistic View Post

    a website of mine on 2 domain was hacked first was hacked a month ago and another 2 days ago.. what should I do to increase their security?
    i read the replied to this post from the experience marketers and am please
    {{ DiscussionBoard.errors[5186080].message }}
  • Profile picture of the author issac
    Quick tips (I've run a hosting business for 10 years now, and host my own stuff - never had any major problems to date):

    Don't expect any big host that uses FTP (and doesn't allow you to support SSH2/SFTP) to stay secure.

    Don't expect any wordpress blog that you don't use HTTPS for the admin area to stay secure. You can generate your own HTTPS certificates for free (they'll give you a security warning from your browser, since their free, but are just as "safe" as what you pay GoDaddy/Comodo/Verisign for)

    These aren't unreasonable things to do (though they may take some extra setup time)
    {{ DiscussionBoard.errors[5186144].message }}
    • Profile picture of the author AnniePot
      Maybe this post I made on my blog some weeks ago will help you.
      {{ DiscussionBoard.errors[5186165].message }}
      • Profile picture of the author Bryan Mc
        As mentioned previously, timthumb has been a recent source of hacks.

        Check for a plugin called timthumb vulnerability scanner. It will find any that need updating that might be in the theme files or anywhere else.
        Signature

        "You're either making excuses or you're making money - but you can't make both..."

        {{ DiscussionBoard.errors[5186818].message }}
  • Profile picture of the author DriftZ
    Yeah there's some IM site that I saw that were hacked. Only thing left on the site was a page saying 'THE SITE IS HACKED BY "__"
    {{ DiscussionBoard.errors[5187640].message }}
  • Profile picture of the author thecompletist
    One of my clients sites is hacked and down, is there anyone on this thread who offers consulting services and can help us out? We are ready right now to pay for quality help.
    {{ DiscussionBoard.errors[5205568].message }}
  • Profile picture of the author Chris Thompson
    Most hacks happen on Wordpress ... either on the WP files itself (vulerabilities), or plugins that were not kept up to date and exploits were found.

    I also find most of the hacks are then executed via FTP. Meaning someone finds your password through an exploit, and FTPs into your account. So it shows up in FTP logs.

    Here's a post + video to describe how to find these kinds of problems.

    http://blog.outsourcefactor.com/here...mission-thief/
    {{ DiscussionBoard.errors[5206098].message }}
  • Profile picture of the author RFD56
    I would recommend purchasing a security hardening package and fixing package from hackfixing.com, Their main promise is that We can harden your website security and fix all the loopholes, so future hacks are less likely to happen does this sound good to you??

    Thanks
    {{ DiscussionBoard.errors[5688577].message }}
  • Profile picture of the author Rough Outline
    I've had wordpress sites hacked. Hostgator support got rid of the viruses/malware for me. Once you've cleaned your site.

    1. Update any plugins or anything that needs updating.
    2. Change your admin password.
    3. Back up your site.
    {{ DiscussionBoard.errors[5688627].message }}
  • Profile picture of the author dennis09
    If they are compromising wordpress then changing hosts will not solve a thing. Correct me if im wrong.
    Signature
    There is no elevator to success, you have to take the stairs
    {{ DiscussionBoard.errors[5688649].message }}
  • Profile picture of the author halo3
    i hear that rackspace are closing such holes with custom software them selfs, regardless of the wordpress version, the only thing that remains is the plugins and the user's responsibility
    {{ DiscussionBoard.errors[5689841].message }}
  • Profile picture of the author BOBBYDEMAN
    Yea definitely make sure to backup everything and update all your plugins and wordpress. Look into to Websitedefender dot com,. I have it on my sites and it will scan your site and email you any vulnarabilities that you need to address. I have it on my sites and never had a problem.
    {{ DiscussionBoard.errors[5689877].message }}
  • Profile picture of the author OzzieRoo
    Hi Artistic Warrior,

    The is an excellent new product available specifically on how to secure wordpress sites.

    It is called Bullet Proof Security by Sanjay Pande - a professional in IT Security. His product is about $40 all up in 2 parts.

    He sells it here in the Warrior forum. His instructions are clear and detailed.

    I would give you a link but haven't got one myself yet.

    PM if you want more info.

    Cheers
    Kylie

    Am sure a search on here will find it.
    {{ DiscussionBoard.errors[5693772].message }}

Trending Topics