how to save my site from hacking ?

23 replies
hi there m really disappointed when i saw my site showing a message. hacker change my index page and he use his own page in my site . dont know how he do that i use strong password . how he change my site page ? i think he use RTE OR DNN system for hack my site . now i need strong security to prevent hacker from my site . but i dont know how to make secure my site.
if u have any tutorial or something to prevent from hacking please share with me .

thank you in advance
#hacking #save #site
  • Profile picture of the author letsgo823
    First of all, I would recommend to use linux as os. Never store your passwords in ftp client. Never use old windows without antivirus programs and updates.

    Also sometimes your host can be completely hacked and all index pages of all sites changed.
    {{ DiscussionBoard.errors[5670707].message }}
  • Profile picture of the author letsgo823
    First of all, I would recommend to use linux as os. Never store your passwords in ftp client. Never use old windows without antivirus programs and updates.

    Also sometimes your host can be completely hacked and all index pages of all sites changed.
    {{ DiscussionBoard.errors[5670715].message }}
  • Profile picture of the author adarsh2k5
    Hmm , this answer is enough? I am also looking for some useful & best suitable answer! Anyone please share your experience, it will be highly appreciated!
    I have not failed. I've just found 10,000 ways that won't work. - Thomas Edison
    {{ DiscussionBoard.errors[5672709].message }}
  • Profile picture of the author fellowgeek
    Well, first you need to know how the hacker got access to your site.

    It could be trough your infected computer, a hacker could have tricked you into installing a trojan that captures keystrokes and collects all the info about your passwords and sites you visit.

    It could also have happened trough a security hole on your site. you need to make sure you always install the latest updates of content management systems, and patch the security holes by reading about them.

    If you are writing your own code, there are many security practices to prevent SQL injection and XSS attacks.

    but my guess is that you had a infected system. I'd also advice not to use windows when dealing with sensitive information, like online banking and uploading files to your servers.

    give us a link to your site so I can take a closer look.
    {{ DiscussionBoard.errors[5674394].message }}
  • Profile picture of the author rainso0
    Well the big thing is to keep any scripts you're running up to date. If you're running say wordpress it's a bad idea to be running 2.0 when say 2.3 is out. You can say yeah my site is small but the thing is bots go around looking for specific versions so really no one is safe. I can say this from experience with customers with sites that get 1 hit a week and then they get exploited to their surprise.
    {{ DiscussionBoard.errors[5674626].message }}
  • Profile picture of the author froz
    {{ DiscussionBoard.errors[5760452].message }}
    • Profile picture of the author TG12
      Originally Posted by froz View Post

      Why don't you tell us more about your website? hosting? which language are you using? php/mysql is notoriously for its security holes, but if the right measures are implemented, it can be safe to use..
      Exactly! Hire someone *cough* I will do it for a fee ;-) to do a security audit of your site. Where is it hosted? How is it hosted? Who made it? Who has access? What OS is it running on? etc etc
      Vaoser Link Ninja Software
      DHV Delivery Systems FAILING at online dating???
      {{ DiscussionBoard.errors[5772088].message }}
  • Profile picture of the author AleinaKoch
    Update your server and other apps. Patch it whenever new updates are released. Make sure that your scripts and database are hardened. No flaws on the scripts or else you'll get hit with XSS or SQL Injection.

    The three chief virtues of a programmer are: Laziness, Impatience and Hubris.
    Buy My House | Recycle Mobile Phone | Prezzo Vouchers

    {{ DiscussionBoard.errors[5760813].message }}
  • Profile picture of the author adamstuart07
    One thing which is most impotent for saving your site from the remove the black hole of the software or your website.when you are writing code for your site use core oops concept because when you use very advanced features of programing then chances of creating hole is increases.
    {{ DiscussionBoard.errors[5760835].message }}
  • Profile picture of the author shantanu

    Use Antivirus Software
    Use Firewall
    Use Anti Spyware Software
    Use Online Website Scanner
    Email Security
    Software & plugins updates
    Internet Security
    Educate Yourself
    {{ DiscussionBoard.errors[5761024].message }}
    • Profile picture of the author asadshah
      if the site is hosted by other hosting sites can it be hacked
      if so how we can protect it
      {{ DiscussionBoard.errors[5766766].message }}
  • Profile picture of the author goosefrabah
    Another good thing if it is a custom CMS is to keep any config files outside of the public.


    /public/ - would have your css,images etc

    /private/ - not open to the web has all of your config files and such, but no direct access to it from the web
    {{ DiscussionBoard.errors[5773107].message }}
  • Profile picture of the author gladiolus
    Choose a web hosting service instead of a free host. Many times people are trying to save money and make the decision to get a free hosting service for their website. However, this can make them more vulnerable to hackers because these services are not as secure. A paid service will likely guarantee your security against hackers because they know this is a major threat to website owners. They will also probably offer some type of customers support that can answer your questions or concerns about preventing your site from being hacked.
    {{ DiscussionBoard.errors[5790721].message }}
  • Profile picture of the author nodws
    if you see this file in your theme folder, thats how they did it
    timthumb.php (or thumb.php)

    just delete it, or if you really need automatic thumbs update it
    Professional Logo Design and Web Dev - Folio:
    {{ DiscussionBoard.errors[5790812].message }}
  • Profile picture of the author xword5601
    There are many tools to protect website from hijackers.
    Affiliate Diamond - The Easy Way To Protect Your Affiliate Commissions
    HTML Encryptor -Protect Your Web Site From Internet Pirates
    HTML Security Report - Protect Visitors Stealing From You
    Download Page Protector - Stop Thieves Stealing Your Ebooks And Software Products are some tools.
    {{ DiscussionBoard.errors[5790928].message }}
  • Profile picture of the author stephngreek
    Protect your site ....

    Use safe hosting.
    And main thing is use secure and best CMS for website.
    {{ DiscussionBoard.errors[5791323].message }}
  • Profile picture of the author Earnie Boyd
    @arthegame and @adarsh2k5,

    The users @fellowgeek and @goosefrabah gave the two best answers thus far as far as the server goes. The other is how strong your hosting company is toward incoming hackers. Security of your site is an everyday event. You need software that will tell you you need an upgrade when one is available and keep it up-to-date, including themes and contributed modules. New hacks are discovered daily and those who want access to your site pay good money for applications that bombard you. Check your access and error logs of the server to find repeated values of the same IP address within the same second and block them but make sure you are not blocking a spider. Those in the error logs with 404 errors are usually the culprits trying to hack you.
    {{ DiscussionBoard.errors[5794569].message }}
  • Profile picture of the author BenQ
    If it's wordpress. move your config one level up, add index to your uploads folder, delete install and install helper and change prefix on tables. And of course have a strong password and something other than "admin" as your user name.
    {{ DiscussionBoard.errors[5804301].message }}
  • Profile picture of the author deejayundoo
    Something like that happened to me before..i got my index page replaced by some page saying i have been hacked. And i found out they hacked me through a file uploader form that existed on my site. It was supposed to be there for uploading images, but it didn't have any security, it was allowing all kind of files to be uploaded. So they uploaded some PHP files through which they replaced my index page :-) So, if you have forms with upload fields, make sure they are secured.
    {{ DiscussionBoard.errors[5816981].message }}
  • Profile picture of the author antoniolandon
    {{ DiscussionBoard.errors[5862200].message }}
    • Profile picture of the author Earnie Boyd
      Originally Posted by antoniolandon View Post

      your site design is wonderful, it makes me personally want to hang around longer, you obviously understand what you are doing, cheers!!
      Who were you talking too?
      {{ DiscussionBoard.errors[5863190].message }}
  • Profile picture of the author CMSBunny
    I wrote an article on another site on how to save your Wordpress website -
    {{ DiscussionBoard.errors[5866870].message }}
  • {{ DiscussionBoard.errors[5867394].message }}
  • Profile picture of the author Eric Seiler
    Many, if not most site defacements (that is what they call it when your website is change by a hacker) occur because of a vulnerability in your website's code, not a problem with passwords or network/server level holes.

    Generally speaking, Wordpress and other content management systems are relatively secure (there is no such thing as a 100% secure website) , BUT only if you keep them updated and don't develop you own plugins/themes (at that point you are taking security into your own hands). Also, 3rd party plugins and other add-ons can introduce their own security problems.

    Unfortunately, there is no one-shot way of making your website impervious to attacks. The key is keeping frequent backups, making sure everything is up-to-date, reading and implementing the security recommendations for whatever CMS/framework you are using, and not ticking off a real hacker. Script kiddies are easily foiled, a real hacker isn't.

    If it is in the budget, you can invest in a website security monitoring tool/service, but those can get quite expensive.
    {{ DiscussionBoard.errors[5868801].message }}
  • Profile picture of the author sharonhurley
    The easiest way is to restore your site from a version that was saved prior to the site being hacked. If you do have the automated backup service, then you will need to restore your own backup of your website through the cPanel.
    {{ DiscussionBoard.errors[6028369].message }}

Trending Topics