Can you help beat the bad guys?

by John Hillage

Posted: 16 years ago 28 replies

INTERNET MARKETING

Hi everyone - I am hoping that someone can help me to put a stop to the nasty and malicious spammers/hackers that are making my online marketing a real headache.

Over the past 12 months I have probably had at least 12 instances of hackers breaking into my sites (both regular mini-sites and also Wordpress blogs) and adding their own Adsense code - thus making my sites look ugly and also stealing revenue from me.

I have had my computer maintenance guy check my pc thoroughly on several occasions and I have anti-virus and ant-spyware software.

Each time I have changed ftp passwords via my hosting company and we do it on the telephone to avoid my emails somehow being compromised.

The hosting company do offer excellent support and claim that no-one else is having these problems and are 100% certain it is not an issue on their end.

I like the hosting company on the whole and like I say they do respond quickly to help in these emergencies but neither they or I can ever seem to stop this happening from time to time.

Does anyone how any ideas/suggestions/experiences of dealing with this kind of an issue.

I will happily even pay someone if there is anyone out there expert enough to give me some answers, as I just don't have the technical knowledge to even know where to start (hey I'm a marketer not an internet security guy!)

Thanks in advance

John

#bad #beat #guys

GarrieWilson

16 years ago

Using the same host for all the sites?

Has the host tracked how they are gaining access? Are they using a password?

Did you check to see if any backdoors where added? They might have added one when they got access the first time.

Does your password contain upper, lower, special chrs and numbers?

Did you do a full system scan on your pc using multiple AVSs?

Thanks
2 replies

Signature

Screw You, NameCheap!
$1 Off NameSilo Domain Coupons:
SAVEABUCKDOMAINS & DOLLARDOMAINSAVINGS

{{ DiscussionBoard.errors[60786].message }}

sparrow

16 years ago

Put a test site up somewhere else, heck you can even do it for free on one of the freebie php sites.

I suspect its your hosting company not protecting you.

Test it out, if problems go away with the test site, then move your business gradually the host is the problem.

Ed

Thanks
2 replies

{{ DiscussionBoard.errors[60790].message }}

hiphil 16 years ago

I opened my article site, and instead of a list of articles, I was confronted with a message that the site had been hacked by Turkish Hackers.

I changed my FTP password, deleted all the files from the site, and reinstalled them again. The site worked fine for about 3 weeks.

Then I received a message from my Webhost that a phishing file had been installed on the site. I got the Webhost (Hostgator) to remove the offending file.

I checked the files on my site, and found that two script files had been installed. The hackers only had to open these scripts to recreate the phishing file.

The script files start with ".wysiwygPro" and have a ".php" file extension.

I have replaced the contents of these two script files with code that will send me the hacker's IP numbers.

You need to check your list of files on your site very carefully, and see if you can find any file names you do not recognize, especially files with a ".php" extension. (The two I found had names starting with "." (dot), so they were right at the top of the file listings).

Either delete them, or edit them and remove all the code between the "<?php" and "?>" tags.
- Thanks
- 2 replies
Signature

Create your first website by 3:45 this afternoon - using Free software. (Free Download).
www.hiphil.net
{{ DiscussionBoard.errors[60997].message }}
- John Hillage 16 years ago
  
  Thanks guys - I guess I will need to get my web guy to check for "dodgy" scripts installed.
  
  Sorry but next question is - who would you guys recommend as a host for the future?
  
  Hiphill you mention hostgator - is their security good?
  
  Thanks
  
  {{ DiscussionBoard.errors[61012].message }}
- Marian Berghes 16 years ago
  
  a backdoor is just a little piece of software if you wanna call it, that the hacker leaves on your pc or host after he hacked...so if that isn't detected, the next time he enters your host just putting a username and a password into the backdoor. However if the backdoor is windows-based your host should not have any problems in detecting it, these are pretty lame...but if the hacker uses Linux or a Linux command prompt emulator (Putty) then its a bit harder to detect it. I know all this stuff because a friend of mine hacked into a government website from Spain, and he kinda thought me how to protect myself from different stuff.
  
  Thanks
  
  {{ DiscussionBoard.errors[61013].message }}

Solidsnake

Banned 16 years ago

Originally Posted by sparrow

Put a test site up somewhere else, heck you can even do it for free on one of the freebie php sites.

I suspect its your hosting company not protecting you.

Test it out, if problems go away with the test site, then move your business gradually the host is the problem.

Ed

It's not good to accuse someone but I think you are correct... I have a very bad experience with mt previous host,,, they are the ones who hacks my site.. LOL

Thanks
1 reply

{{ DiscussionBoard.errors[61019].message }}

Tiger 16 years ago

Make sure your host is using the latest PHP version. Its up there
at the 5.0 level now.

If they wont or "cant" upgrade, my advice
would be to go with another webhost.

/Steve
- Thanks
- 1 reply
{{ DiscussionBoard.errors[61202].message }}
- hiphil 16 years ago
  
  Hi John,
  
  Hostgator have given me fairly good service, especially as their hosting costs under $10 per month.
  
  However, hackers have been able to hack into my Hostgators site (twice to my knowledge), and leave backdoor scripts, so their security is not 100%.
  
  Thanks
  
  Signature
  
  Create your first website by 3:45 this afternoon - using Free software. (Free Download).
  www.hiphil.net
  
  {{ DiscussionBoard.errors[61433].message }}

John Hillage 16 years ago

Thanks for the replies - sounds like testing a new host would be good - any recommendations?

Gerrie - What is a "back door" and how would I check it?

Also how do I do a full system scan on your pc using multiple AVSs? - sorry I don't know what multiple AVs's are!

Thanks

John
- Thanks
- 2 replies
{{ DiscussionBoard.errors[60973].message }}
- John Hillage 16 years ago
  
  Sorry ... Does anyone know if it could be my ftp software that could be compromised? I use Total commander and wonder if somehow there may be something in this that is syphoning off my passwords!
  
  Thanks
  
  {{ DiscussionBoard.errors[60987].message }}
- joshbond 16 years ago
  
  an AV is an Anti Virus program.
  He means to use multiple different programs in case the one you're using just happens to not be picking up on something.
  
  I would definitly recommend getting a new host too.
  
  Also, you may want to check out filezilla as an FTP program.
  Its what most people use and is very good and easy to use.
  http://filezilla-project.org/
  
  Thanks
  
  {{ DiscussionBoard.errors[60988].message }}

TheRichJerksNet 16 years ago

Hi John,
BlogPress is bad for having backdoor access, reason why I coded my own blog.

It is true, the host is the one that is not protecting you but also it depends greatly on the scripts you are running on your server. I am one that is personally extremely high on security especially since I am a website developer.

hostgator.com will be your best bet as far as protecting your server but as far as protecting your site itself that is really something that is up to you and not your host. If you want to shoot me a PM we can discusss some of this in private as there are certain things I would not want to post out in the general forum.

James
- Thanks
{{ DiscussionBoard.errors[61449].message }}
Scott Ames 16 years ago

Sometimes the best defense is a good offense.

Backups... make sure you back up your site on a regular basis including the databases. I use Navicat for that and make a scheduled backup of the MySql tables nightly.

When you get hacked, you can put it all back together quickly.

Get a vulnerability scanner and scan your sight for weaknesses. There are some out there that let you scan on a free trial, with more features if you pay.

I like the idea of getting a good "consultant" read hacker, to find your weakpoints for you. I have no idea what that might cost. Perhaps someone where could do it. <<< WSO IDEA FOR SOMEONE ! HINT HINT <<<
- Thanks
- 1 reply
Signature

Success consists of going from failure to failure without loss of enthusiasm. -Winston Churchill
{{ DiscussionBoard.errors[61459].message }}
- TheRichJerksNet 16 years ago
  
  Hmm Scott.. Never thought of that ..lol
  
  Maybe setup a security WSO thread.
  
  James
  
  Thanks
  
  1 reply
  
  {{ DiscussionBoard.errors[61477].message }}
  
  John Hillage 16 years ago
  
  Thanks guys that gives me something to go on. But any other suggestions are warmly received - the more info I have the better. I've sent you a pm James.
  
  Thanks
  
  1 reply
  
  {{ DiscussionBoard.errors[61679].message }}
  
  John Hillage 16 years ago
  
  Sorry to keep asking questions but several people mention it's the type of scripts on my site that make me vulnerable. I make no apologies for being seriously untechy but not really sure what this means. Basically my websites are either word press blogs or minisites with salespage, articles and using clickbank/paypal. Are any of these scripts?!
  
  Thanks
  
  1 reply
  
  {{ DiscussionBoard.errors[61741].message }}
  
  TheRichJerksNet 16 years ago
  
  John,
  Yeah you sent me a profile message..
  
  Send me a Private Message - http://www.warriorforum.com/private....=newpm&u=93599
  
  Let me know your websites url's and exactly what these people are doing
  
  James
  
  Thanks
  
  {{ DiscussionBoard.errors[61798].message }}
woah316 16 years ago

that sucks :*(.. i hate evil ppl...

are they new sites? any chance in hell you could change your url?
- Thanks
- 1 reply
{{ DiscussionBoard.errors[61870].message }}
- John Hillage 16 years ago
  
  So I spoke to my web company and they say that they have checked and not been compromised and the 3 sites that have been hacked into are on 3 different servers. That all sounds plausible so maybe it's not the hosting company. They feel that either mine or my normal web designer's pc must be compromised. Any thoughts?
  
  Thanks
  
  1 reply
  
  {{ DiscussionBoard.errors[62294].message }}
  
  Tiger 16 years ago
  
  If you are absolutely sure it is not the webhost try
  whatthetech.
  
  LINK
  
  They are one of the best places to get your computer
  cleaned by an expert, in my opinion. They were known
  as "Tom Coyote" in the past.
  
  I am sure they will be extremely busy at this time, with
  the war rhetoric ramping up between USA and Russia. Russians
  are good at cyber warfare.
  
  Good luck.
  
  /Steve
  
  Thanks
  
  1 reply
  
  {{ DiscussionBoard.errors[62531].message }}
  
  macchiavelli 16 years ago
  
  I dont understand how people can hack into other people their website.
  What do they do, do they just guess the password?
  
  Or do they have certain scripts that can hack into a website...I dont get it.
  I hope this never happens to me, that would ruin my business
  
  Thanks
  
  1 reply
  
  {{ DiscussionBoard.errors[62553].message }}
  
  TheRichJerksNet 16 years ago
  
  90% of the time it is due to inproper coded scripts such as wordpress. There are many many many scripts online that are not protected and the sad truth about it is when someone goes to purchase a script or have one coded they dont bother asking about security.
  
  There are many things that can be done like sql injection for one which would allow someone actual access to your database. For another if a upload system exist that does not check the actual file being uploaded then a hacker can upload a php script (name like fakeimage.gif) and then use that php script to access other parts of your site, including your database.
  
  I personally build security into all my scripts I build for myself and for clients.
  
  John I highly doubt it is your computer, unless you are using your computer as a server which in this case you are not. It is very easy to check your computer for any trojans and such also.
  
  I sent you a PM .. let me know and I will call you..
  
  James
  
  Thanks
  
  1 reply
  
  {{ DiscussionBoard.errors[62693].message }}
  
  John Hillage 16 years ago
  
  Macchiavelli - It really, really sucks but I seem to be very unlucky (or more likely badly prepared!) in this regard and so don't worry so much, but look seriously at what is being advised here.
  
  Tiger - I went to whatthetech and it just seemed to be a forum, can you catually hire people there for the company?
  
  James - Thanks for the further info. I have snet you another pm so hopefully we can talk this w/e.
  
  Thanks again it's at times like this when the really huge value of the forum is displayed to me.
  
  John
  
  Thanks
  
  1 reply
  
  {{ DiscussionBoard.errors[63336].message }}
  
  Tiger 16 years ago
  
  Originally Posted by John Hillage
  
  Tiger - I went to whatthetech and it just seemed to be a forum, can you catually hire people there for the company?
  
  Yes it is a forum where they take you through the steps to
  remove bad stuff from your computer, if that is what you need.
  
  Here is the forum link : LINK
  
  Get a free account, read the newcomer's instructions,
  and you will be set. They take donations. They deserve
  every penny they get, in the war against
  the "bad guys" as you call them.
  
  /Steve
  
  Thanks
  
  1 reply
  
  {{ DiscussionBoard.errors[63902].message }}
  
  John Hillage 16 years ago
  
  Just wanted to say a big thanks to everyone. James has helped me out a ton and I seem to back on track now. That's why the Warrior Forum is so really cool - genuine people helping each other out.
  
  Thanks
  
  1 reply
  
  {{ DiscussionBoard.errors[78451].message }}
  
  TheRichJerksNet 16 years ago
  
  Hi John,
  Your welcome.. I am glad that everything is working out.. Need anything else you got my IM and can contact me anytime.
  
  It was a pleasure working with you..
  
  James
  
  Thanks
  
  1 reply
  
  {{ DiscussionBoard.errors[78773].message }}
  
  peteinoz 16 years ago
  
  Hi John
  
  I cant believe nobody has mentioned this..
  
  Most likely the solution is a very simple one..
  
  check every one of your sites
  
  and make sure you have "NO" permissions set to 777
  
  set to any files or directories.
  
  If you do.. your website is insecure.
  
  simple as that..
  
  go check them now..
  
  Cheers
  
  Pete
  
  Thanks
  
  1 reply
  
  Signature
  HangoutMillionaire.com World Premeire Automated Video Marketing Software, Streams YouTube Live and Google Hangouts. Special Offer Link!
  Follow me on Twitter http://twitter.com/peterdrew
  
  {{ DiscussionBoard.errors[78850].message }}
  
  TheRichJerksNet 16 years ago
  
  Hi Pete,
  John's problem has already been resolved and I highly suggested switching to hostgator.
  
  The permissions set to 777 is required on alot of host unless SuExec is installed and recompiled with Apache. SuExec does not require and does not use permissions set to 777 but again as I said alot of host dont care and dont upgrade their servers and thus why alot of sites are open to hackers. There are a good many scripts developed that require permissions of 777 unless ofcourse you have SuExec ..
  
  Also even with SuExec installed WordPress is not fully secure, matter fact it is one of the worst blog systems you can use when it comes to security of your site. People may love the blog but personally I put my sites security over some pretty featured blog.
  
  James
  
  Thanks
  
  {{ DiscussionBoard.errors[78879].message }}

Can you help beat the bad guys?

Trending Topics

How did you turn it all around?

A healthy fascination for Hollywood...

Any thoughts on golf's latest phenom...Scottie Scheffler??

What's the Best IM-Related Skill to Learn Today That Can Help in the Future?

best high quality crypto traffic.