Can you help beat the bad guys?

by John Hillage 28 replies
Hi everyone - I am hoping that someone can help me to put a stop to the nasty and malicious spammers/hackers that are making my online marketing a real headache.

Over the past 12 months I have probably had at least 12 instances of hackers breaking into my sites (both regular mini-sites and also Wordpress blogs) and adding their own Adsense code - thus making my sites look ugly and also stealing revenue from me.

I have had my computer maintenance guy check my pc thoroughly on several occasions and I have anti-virus and ant-spyware software.

Each time I have changed ftp passwords via my hosting company and we do it on the telephone to avoid my emails somehow being compromised.

The hosting company do offer excellent support and claim that no-one else is having these problems and are 100% certain it is not an issue on their end.

I like the hosting company on the whole and like I say they do respond quickly to help in these emergencies but neither they or I can ever seem to stop this happening from time to time.

Does anyone how any ideas/suggestions/experiences of dealing with this kind of an issue.

I will happily even pay someone if there is anyone out there expert enough to give me some answers, as I just don't have the technical knowledge to even know where to start (hey I'm a marketer not an internet security guy!)

Thanks in advance

John
#main internet marketing discussion forum #bad #beat #guys
Avatar of Unregistered
  • Profile picture of the author GarrieWilson
    Using the same host for all the sites?

    Has the host tracked how they are gaining access? Are they using a password?

    Did you check to see if any backdoors where added? They might have added one when they got access the first time.

    Does your password contain upper, lower, special chrs and numbers?

    Did you do a full system scan on your pc using multiple AVSs?
    Signature
    Screw You, NameCheap!
    $1 Off NameSilo Domain Coupons:

    SAVEABUCKDOMAINS & DOLLARDOMAINSAVINGS
    {{ DiscussionBoard.errors[60786].message }}
    • Profile picture of the author sparrow
      Put a test site up somewhere else, heck you can even do it for free on one of the freebie php sites.

      I suspect its your hosting company not protecting you.

      Test it out, if problems go away with the test site, then move your business gradually the host is the problem.

      Ed
      {{ DiscussionBoard.errors[60790].message }}
      • Profile picture of the author hiphil
        I opened my article site, and instead of a list of articles, I was confronted with a message that the site had been hacked by Turkish Hackers.

        I changed my FTP password, deleted all the files from the site, and reinstalled them again. The site worked fine for about 3 weeks.

        Then I received a message from my Webhost that a phishing file had been installed on the site. I got the Webhost (Hostgator) to remove the offending file.

        I checked the files on my site, and found that two script files had been installed. The hackers only had to open these scripts to recreate the phishing file.

        The script files start with ".wysiwygPro" and have a ".php" file extension.

        I have replaced the contents of these two script files with code that will send me the hacker's IP numbers.

        You need to check your list of files on your site very carefully, and see if you can find any file names you do not recognize, especially files with a ".php" extension. (The two I found had names starting with "." (dot), so they were right at the top of the file listings).

        Either delete them, or edit them and remove all the code between the "<?php" and "?>" tags.
        Signature

        Create your first website by 3:45 this afternoon - using Free software. (Free Download).
        www.hiphil.net

        {{ DiscussionBoard.errors[60997].message }}
        • Profile picture of the author John Hillage
          Thanks guys - I guess I will need to get my web guy to check for "dodgy" scripts installed.

          Sorry but next question is - who would you guys recommend as a host for the future?

          Hiphill you mention hostgator - is their security good?
          {{ DiscussionBoard.errors[61012].message }}
        • Profile picture of the author Marian Berghes
          a backdoor is just a little piece of software if you wanna call it, that the hacker leaves on your pc or host after he hacked...so if that isn't detected, the next time he enters your host just putting a username and a password into the backdoor. However if the backdoor is windows-based your host should not have any problems in detecting it, these are pretty lame...but if the hacker uses Linux or a Linux command prompt emulator (Putty) then its a bit harder to detect it. I know all this stuff because a friend of mine hacked into a government website from Spain, and he kinda thought me how to protect myself from different stuff.
          {{ DiscussionBoard.errors[61013].message }}
      • Profile picture of the author Solidsnake
        Banned
        Originally Posted by sparrow View Post

        Put a test site up somewhere else, heck you can even do it for free on one of the freebie php sites.

        I suspect its your hosting company not protecting you.

        Test it out, if problems go away with the test site, then move your business gradually the host is the problem.

        Ed
        It's not good to accuse someone but I think you are correct... I have a very bad experience with mt previous host,,, they are the ones who hacks my site.. LOL
        {{ DiscussionBoard.errors[61019].message }}
        • Profile picture of the author Tiger
          Make sure your host is using the latest PHP version. Its up there
          at the 5.0 level now.


          If they wont or "cant" upgrade, my advice
          would be to go with another webhost.



          /Steve
          Signature
          We Get What We Settle For
          {{ DiscussionBoard.errors[61202].message }}
          • Profile picture of the author hiphil
            Hi John,

            Hostgator have given me fairly good service, especially as their hosting costs under $10 per month.

            However, hackers have been able to hack into my Hostgators site (twice to my knowledge), and leave backdoor scripts, so their security is not 100%.
            Signature

            Create your first website by 3:45 this afternoon - using Free software. (Free Download).
            www.hiphil.net

            {{ DiscussionBoard.errors[61433].message }}
    • Profile picture of the author John Hillage
      Thanks for the replies - sounds like testing a new host would be good - any recommendations?

      Gerrie - What is a "back door" and how would I check it?

      Also how do I do a full system scan on your pc using multiple AVSs? - sorry I don't know what multiple AVs's are!

      Thanks

      John
      {{ DiscussionBoard.errors[60973].message }}
      • Profile picture of the author John Hillage
        Sorry ... Does anyone know if it could be my ftp software that could be compromised? I use Total commander and wonder if somehow there may be something in this that is syphoning off my passwords!
        {{ DiscussionBoard.errors[60987].message }}
      • Profile picture of the author joshbond
        an AV is an Anti Virus program.
        He means to use multiple different programs in case the one you're using just happens to not be picking up on something.

        I would definitly recommend getting a new host too.

        Also, you may want to check out filezilla as an FTP program.
        Its what most people use and is very good and easy to use.
        http://filezilla-project.org/
        {{ DiscussionBoard.errors[60988].message }}
  • Profile picture of the author TheRichJerksNet
    Hi John,
    BlogPress is bad for having backdoor access, reason why I coded my own blog.

    It is true, the host is the one that is not protecting you but also it depends greatly on the scripts you are running on your server. I am one that is personally extremely high on security especially since I am a website developer.

    hostgator.com will be your best bet as far as protecting your server but as far as protecting your site itself that is really something that is up to you and not your host. If you want to shoot me a PM we can discusss some of this in private as there are certain things I would not want to post out in the general forum.

    James
    {{ DiscussionBoard.errors[61449].message }}
  • Profile picture of the author Scott Ames
    Sometimes the best defense is a good offense.

    Backups... make sure you back up your site on a regular basis including the databases. I use Navicat for that and make a scheduled backup of the MySql tables nightly.

    When you get hacked, you can put it all back together quickly.

    Get a vulnerability scanner and scan your sight for weaknesses. There are some out there that let you scan on a free trial, with more features if you pay.

    I like the idea of getting a good "consultant" read hacker, to find your weakpoints for you. I have no idea what that might cost. Perhaps someone where could do it. <<< WSO IDEA FOR SOMEONE ! HINT HINT <<<
    Signature

    Success consists of going from failure to failure without loss of enthusiasm. -Winston Churchill

    {{ DiscussionBoard.errors[61459].message }}
    • Profile picture of the author TheRichJerksNet
      Hmm Scott.. Never thought of that ..lol

      Maybe setup a security WSO thread.

      James
      {{ DiscussionBoard.errors[61477].message }}
      • Profile picture of the author John Hillage
        Thanks guys that gives me something to go on. But any other suggestions are warmly received - the more info I have the better. I've sent you a pm James.
        {{ DiscussionBoard.errors[61679].message }}
        • Profile picture of the author John Hillage
          Sorry to keep asking questions but several people mention it's the type of scripts on my site that make me vulnerable. I make no apologies for being seriously untechy but not really sure what this means. Basically my websites are either word press blogs or minisites with salespage, articles and using clickbank/paypal. Are any of these scripts?!
          {{ DiscussionBoard.errors[61741].message }}
  • Profile picture of the author woah316
    that sucks :*(.. i hate evil ppl...

    are they new sites? any chance in hell you could change your url?
    {{ DiscussionBoard.errors[61870].message }}
    • Profile picture of the author John Hillage
      So I spoke to my web company and they say that they have checked and not been compromised and the 3 sites that have been hacked into are on 3 different servers. That all sounds plausible so maybe it's not the hosting company. They feel that either mine or my normal web designer's pc must be compromised. Any thoughts?
      {{ DiscussionBoard.errors[62294].message }}
      • Profile picture of the author Tiger
        If you are absolutely sure it is not the webhost try
        whatthetech.

        LINK


        They are one of the best places to get your computer
        cleaned by an expert, in my opinion. They were known
        as "Tom Coyote" in the past.

        I am sure they will be extremely busy at this time, with
        the war rhetoric ramping up between USA and Russia. Russians
        are good at cyber warfare.


        Good luck.

        /Steve
        Signature
        We Get What We Settle For
        {{ DiscussionBoard.errors[62531].message }}
        • Profile picture of the author macchiavelli
          I dont understand how people can hack into other people their website.
          What do they do, do they just guess the password?

          Or do they have certain scripts that can hack into a website...I dont get it.
          I hope this never happens to me, that would ruin my business
          {{ DiscussionBoard.errors[62553].message }}
          • Profile picture of the author TheRichJerksNet
            90% of the time it is due to inproper coded scripts such as wordpress. There are many many many scripts online that are not protected and the sad truth about it is when someone goes to purchase a script or have one coded they dont bother asking about security.

            There are many things that can be done like sql injection for one which would allow someone actual access to your database. For another if a upload system exist that does not check the actual file being uploaded then a hacker can upload a php script (name like fakeimage.gif) and then use that php script to access other parts of your site, including your database.

            I personally build security into all my scripts I build for myself and for clients.

            John I highly doubt it is your computer, unless you are using your computer as a server which in this case you are not. It is very easy to check your computer for any trojans and such also.

            I sent you a PM .. let me know and I will call you..

            James
            {{ DiscussionBoard.errors[62693].message }}
            • Profile picture of the author John Hillage
              Macchiavelli - It really, really sucks but I seem to be very unlucky (or more likely badly prepared!) in this regard and so don't worry so much, but look seriously at what is being advised here.

              Tiger - I went to whatthetech and it just seemed to be a forum, can you catually hire people there for the company?

              James - Thanks for the further info. I have snet you another pm so hopefully we can talk this w/e.

              Thanks again it's at times like this when the really huge value of the forum is displayed to me.

              John
              {{ DiscussionBoard.errors[63336].message }}
              • Profile picture of the author Tiger
                Originally Posted by John Hillage View Post

                Tiger - I went to whatthetech and it just seemed to be a forum, can you catually hire people there for the company?

                Yes it is a forum where they take you through the steps to
                remove bad stuff from your computer, if that is what you need.

                Here is the forum link : LINK


                Get a free account, read the newcomer's instructions,
                and you will be set. They take donations. They deserve
                every penny they get, in the war against
                the "bad guys" as you call them.


                /Steve
                Signature
                We Get What We Settle For
                {{ DiscussionBoard.errors[63902].message }}
                • Profile picture of the author John Hillage
                  Just wanted to say a big thanks to everyone. James has helped me out a ton and I seem to back on track now. That's why the Warrior Forum is so really cool - genuine people helping each other out.
                  {{ DiscussionBoard.errors[78451].message }}
                  • Profile picture of the author TheRichJerksNet
                    Hi John,
                    Your welcome.. I am glad that everything is working out.. Need anything else you got my IM and can contact me anytime.

                    It was a pleasure working with you..

                    James
                    {{ DiscussionBoard.errors[78773].message }}
                    • Profile picture of the author peteinoz
                      Hi John

                      I cant believe nobody has mentioned this..

                      Most likely the solution is a very simple one..

                      check every one of your sites

                      and make sure you have "NO" permissions set to 777

                      set to any files or directories.

                      If you do.. your website is insecure.

                      simple as that..

                      go check them now..

                      Cheers

                      Pete
                      Signature
                      HangoutMillionaire.com World Premeire Automated Video Marketing Software, Streams YouTube Live and Google Hangouts. Special Offer Link!
                      Follow me on Twitter http://twitter.com/peterdrew
                      {{ DiscussionBoard.errors[78850].message }}
                      • Profile picture of the author TheRichJerksNet
                        Hi Pete,
                        John's problem has already been resolved and I highly suggested switching to hostgator.

                        The permissions set to 777 is required on alot of host unless SuExec is installed and recompiled with Apache. SuExec does not require and does not use permissions set to 777 but again as I said alot of host dont care and dont upgrade their servers and thus why alot of sites are open to hackers. There are a good many scripts developed that require permissions of 777 unless ofcourse you have SuExec ..

                        Also even with SuExec installed WordPress is not fully secure, matter fact it is one of the worst blog systems you can use when it comes to security of your site. People may love the blog but personally I put my sites security over some pretty featured blog.

                        James
                        {{ DiscussionBoard.errors[78879].message }}
Avatar of Unregistered

Trending Topics