11 {{ upvoteCount | shortNum }}
11 {{ upvoteCount | shortNum }}

My Client's Site Was Hacked - Any Advice?

by MsMotivation1
9 replies
One of my clients called today to tell me that his site was hacked.

I've been working with him for 6 months... we started with just a re-design of his header because his site... well, it just sucks I'm sorry to say. LOL

From the "look and feel" to the seo.. he just needs a new site.

I'm trying to sell him on a re-design but, he invested in this site a few months before we met so he's not ready to re-invest....i cant force him, but i will keep working on it. maybe this hacking incident is reason for him to re-consider.

Back to the issue...

Now, I don't know a lot about the technicalities of a website and why/how hacking occures, so maybe someone can enlighten me?

Since re-doing the header, the only thing I've been doing is basic onsite and offsite seo and trying to rank his GP listing.

But I get the feeling he thinks that all of this happened because of something I did.

He's frantic so, I'm waiting for his Godaddy hosting details so I can contact them on his behalf to try to get it restored.

My questions are:

Is it possible that I did something to provoke this based on what I've shared with you?

What would cause a website to be hacked?

What is the best measure to prevent a website from being hacked?

Is there anything I can say to him to reassure them that these things happen and that it wasn't anything I did?

Thanks!
#advice #client #hacked #site
  • Profile picture of the author redcell1
    I would ask what platform is his site on ? Wordpress,joomla, or just plain HTML?
    Signature

    Just here to see the shenanigans.

    {{ DiscussionBoard.errors[3730806].message }}
  • Profile picture of the author igl0w
    clean up mysql db for starters, run antivir scan and change passwords
    Signature
    #1 SEO REVIEWS and FREE METHODS BLOG - delivering quality posts since 2009
    {{ DiscussionBoard.errors[3730818].message }}
  • Profile picture of the author OnlineMarketingSys
    Make sure his plugins are updated and his CMS. Wordpress and similar sites have vulnerabilities. If he doesn't trust you- that is a pretty bad sign off the bat.
    Signature
    *WSO* Last Chance over 150++ Copies Sold -The Secret To $8,318.96 In One Month Without Paying Google ONE CENT!
    {{ DiscussionBoard.errors[3730853].message }}
  • Profile picture of the author Headfirst
    Originally Posted by MsMotivation1 View Post

    My questions are:

    Is it possible that I did something to provoke this based on what I've shared with you?

    What would cause a website to be hacked?

    What is the best measure to prevent a website from being hacked?

    Is there anything I can say to him to reassure them that these things happen and that it wasn't anything I did?
    First things first. Why does he think he was hacked? What happened? To the non-techy among us, many things can easily be blamed on hackers.

    Did his software stop working? Hackers. Is he unable to log into his account? Hackers. Is he getting a lot of spam lately? Hackers.

    Find out what it is. Odds are if it is something malicious, its malware, not an active hacker attack.

    Either way, yes it could be something you've done. Is it likely? No, but he's going to blame it on you anyways. That's why you carry professional liability insurance right?

    I'd start by contacting the guys at Sucuri.net first. They're awesome and have a free scanner on their site that will check and see if it is malware on your clients site. If it is, you can hire them to remove it and clean it up for less than $100(I think)

    So I know your're wondering now, how could it be your fault?

    There are a lot of ways you might have caused this:
    • you could have had malware on your computer that snagged his FTP info (ftp is insecure, use SSH and sFTP instead)
    • You could have uploaded or modified a file and left it with the wrong permissions. (Do you understand the difference between 777, 755, 655, 222? Do you have any idea what I'm talking about)
    • Did you leave the password lying around somewhere?
    • Did you use a public computer?
    • Did you use FTP on public wifi in a coffee shop or coworking space?
    • Did you use a script you "found" on the internet that had encrypted/encoded code in it?

    There's countless ways this could be your fault, but in the end, it doesn't matter. The client now see this as your problem, so now you need to do something about it if you want to keep the client.

    This is why I always stress to anyone asking for advice on this forum to get professional liability insurance. If for nothing else than giving your client someone to sue other than you when the **** hits the fan.

    Oh, and you did have him sign an account access authorization form before you logged into his server right? You do have paper trails for this so he can't say that you were the hacker?
    Signature
    Golf Outing Sponsor Signs, Banners and Flags||Plymouth, MI Marketing || Plymouth Dentist
    {{ DiscussionBoard.errors[3730975].message }}
    • Profile picture of the author MsMotivation1
      Originally Posted by redcell1 View Post

      I would ask what platform is his site on ? Wordpress,joomla, or just plain HTML?
      it's wordpress

      Originally Posted by igl0w View Post

      clean up mysql db for starters, run antivir scan and change passwords
      will do... thanks

      Originally Posted by OnlineMarketingSys View Post

      Make sure his plugins are updated and his CMS. Wordpress and similar sites have vulnerabilities. If he doesn't trust you- that is a pretty bad sign off the bat.
      i know it's bad if he doesn't trust me, which is why i'm asking for help here. i'm pretty sure this didn't happen because of anything i did.... his site was weak when i met him and he doesn't want to upgrade yet.

      Originally Posted by Headfirst View Post

      First things first. Why does he think he was hacked? What happened? To the non-techy among us, many things can easily be blamed on hackers.

      Did his software stop working? Hackers. Is he unable to log into his account? Hackers. Is he getting a lot of spam lately? Hackers.

      Find out what it is. Odds are if it is something malicious, its malware, not an active hacker attack.

      Either way, yes it could be something you've done. Is it likely? No, but he's going to blame it on you anyways. That's why you carry professional liability insurance right?

      I'd start by contacting the guys at Sucuri.net first. They're awesome and have a free scanner on their site that will check and see if it is malware on your clients site. If it is, you can hire them to remove it and clean it up for less than $100(I think)

      So I know your're wondering now, how could it be your fault?




      There are a lot of ways you might have caused this:
      • you could have had malware on your computer that snagged his FTP info (ftp is insecure, use SSH and sFTP instead)
      • You could have uploaded or modified a file and left it with the wrong permissions. (Do you understand the difference between 777, 755, 655, 222? Do you have any idea what I'm talking about)
      • Did you leave the password lying around somewhere?
      • Did you use a public computer?
      • Did you use FTP on public wifi in a coffee shop or coworking space?
      • Did you use a script you "found" on the internet that had encrypted/encoded code in it?
      There's countless ways this could be your fault, but in the end, it doesn't matter. The client now see this as your problem, so now you need to do something about it if you want to keep the client.

      This is why I always stress to anyone asking for advice on this forum to get professional liability insurance. If for nothing else than giving your client someone to sue other than you when the **** hits the fan.

      Oh, and you did have him sign an account access authorization form before you logged into his server right? You do have paper trails for this so he can't say that you were the hacker?

      when you go to the site, it is all messed up and even says "hack" throughout... the traditional "hackers" look.

      no, we can not log into his wordpress account.

      thanks for your input guys.... was just looking to see if anyone had run into this problem before or knows a little about how i can explain this hacking incident to him. i'll try to work this out with godaddy.
      Signature
      > Offline PLR: TIME-SAVING, TOP-QUALITY Offline PLR Content
      {{ DiscussionBoard.errors[3735039].message }}
  • Profile picture of the author redcell1
    reset the password on the wordpress account.
    If that doesnt work your going to have to do it manually within MYSQL database.
    Signature

    Just here to see the shenanigans.

    {{ DiscussionBoard.errors[3735200].message }}
    • Profile picture of the author Danielm
      Shot in the dark but is it possible it is the last designer upset that you are taking over? Is he still using the same passwords that were set up when the last guy did the site a few months ago?
      {{ DiscussionBoard.errors[3740483].message }}
  • Profile picture of the author TWalker
    Don't you have backups? If so call the host and have them restore the site.

    Or restore it through the control panel back up option.

    You need to close any vulnerabilities which are likely to be file permissions.

    If you have phpmyadmin you can reset the password. PM and I will tell you how that is done.
    {{ DiscussionBoard.errors[3741764].message }}
    • Profile picture of the author rosetrees
      In my experience, the most common thing to be hacked in a wordpress installation is the index.php file. Note, that there is often more than one of these in a Wordpress site. There can be one in the root directory on in the wp-content directory - look around to see where they area.

      When that happens to one of my client's sites this is what I do:

      a) do a fresh install of Wordpress on a new sub-directory of my own site.
      b) ftp the index.php file to my computer using filezilla
      c) connect to the hacked site and replace the index.php file with the new one I just downloaded
      d) if all the index.php files need replacing, repeat the process for each one. I usually rename them as I so I know which is which.
      {{ DiscussionBoard.errors[3742292].message }}

Trending Topics