My website was hacked last Thursday
-
My business website was hacked (for the 2nd time in 12 months) last Thursday and all data lost. I've been rebuilding the site and database since then but I'm still getting Hacking Warnings each day.
The latest warning says:
Dear Colin/Administrator,
Someone has attempted to inject SQL into your domain:
HACK DETECTED!
PHP TYPE
IP: 94.100.17.134
Scriptname: /index.cfm
PathInfo: /index.cfm
QueryString: src=http%3A%2F%2Fpicasa.com.oprst.in%2Fshow.php%3Fid%3D16907217My Technical advisro tells me the IP address is that of Inferno Solutions of The Netherlands.
I wonder if anyone has suffered hacking like this what steps they too and what I could do about the potential hackers?
Colin
-
Thanks very much Sarah and thanks for the link and recommendations. I'll look into it today.
Plus the Extended Validation.
That's really kind of you.
Kind regards,
Colin
-
Hi Colin,
Just an additional note, Verisign (now Symantec) - as well as performing daily malware scans - has a fantastic range of SSL certificates that encrypts your customers' info when using forms and for online payments. I noticed in your contact page that the connection is not secure.
http://www.trustico.co.uk/products/symantec/secure_site/symantec-secure-site-ssl-certificates.php
I've sent a link for a basic domain validated certificate, but if you want a green bar at the top of your website so your customers know that you are whom you say then have a look at the EV (extended validation) certificates.
Nice website, by the way, I'd love a Nile cruise!
Sarah.
-
Thanks for those tips and the advice Ryan.
I will take your advice and look at adding Verisign too.
I'm getting the site back into shape but have noticed a dip in ranking from 5th (after the last hack when we were 1st) to 7th today.
Hopefully the need to rebuild a lot of the data including titles and descriptions might help me in the long run to create a better site.
Thanks again for your time and help.
Colin
-
What I could do about the potential hackers?
A few tips:
-
If you are using any software on your site, ensure you keep up with the latest version. Normally you do not have to run out and update the moment a new release comes out, but you should have a plan in place to always update within 90 days of any release.
-
Ensure you share any passwords with the fewest number of people possible. You, your web developer and possibly your SEO consultant are the only ones which may need access to your web server. If anyone with a password changes (i.e. employee leaves, developer changes, etc) then change your password.
-
Do not use an easy to guess password such as "admin1" or "password1". Actually, both your username and password should be difficult to guess.
-
Do not use shared server hosting. If you are paying $10 or less per month for hosting, you are on a shared server. Upgrade to VPS or better. VPS hosting starts at around $35 but there are numerous advantages over shared hosting.
-
Use a service such as Verisign (now Symantec) to perform daily malware scans. If you purchase a Verisign SSL certificate, the service comes with the package.
-
Each type of hosting (Apache, nginx, Microsoft, etc) and website will have its own security recommendations. Make sure they are followed. On my dedicated server, there are some security scripts which have been written by my web host to enhance security. Additionally, there is code I add to the htaccess file on all sites which block common attacks.
With all of the above in mind, nothing can beat a thorough security check from an expert. There are companies that focus web security as their business. Such inspections are very expensive but they offer a lot of value. Also know that even the biggest companies in the world suffer security breaches. By following all of the above steps, you will clearly be a more difficult target then many other sites whereas right now it sounds like you are an easy target.
Good Luck.
-
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
What is the best way to increase the DA and PA of website?
Hello, I hope everybody is fine. I am looking for a right way to increase the DA and PA of the website and its webpage. I have a lesco duplicate bill info related webpage which I want to increase the PA. Kindly guys guide me the legit way of increasing the Page Authority. Thanks
Moz Pro | | rankvizguru1 -
/essions/essions keeps appending to 1 url on our website
Moz keeps giving us an error showing URL too long, when I investigate the offending url, I get this in the crawl. We can't work out what /essions is or why it's appending to the end of the url. Is this a Moz or website issue? <colgroup><col width="841"></colgroup>
Moz Pro | | NickWillWright
| https://www.mywebsite/singita-lebombo-lodge/essions/essions/essions/ |
| https://www.mywebsite/singita-lebombo-lodge/essions/essions/essions/essions/ |
| https://www.mywebsite/singita-lebombo-lodge/essions/essions/essions/essions/essions/ |
| https://www.mywebsite/singita-lebombo-lodge/essions/essions/essions/essions/essions/essions/ |
| https://www.mywebsite/singita-lebombo-lodge/essions/essions/essions/essions/essions/essions/essions/ |
| https://www.mywebsite/singita-lebombo-lodge/essions/essions/essions/essions/essions/essions/essions/essions/ |
| https://www.mywebsite/singita-lebombo-lodge/essions/essions/essions/essions/essions/essions/essions/essions/essions/ |
| https://www.mywebsite/singita-lebombo-lodge/essions/essions/essions/essions/essions/essions/essions/essions/essions/essions/ |
| https://www.mywebsite/singita-lebombo-lodge/essions/essions/essions/essions/essions/essions/essions/essions/essions/essions/essions/ |
| https://www.mywebsite/singita-lebombo-lodge/essions/essions/essions/essions/essions/essions/essions/essions/essions/essions/essions/essions/ |0 -
Best blog practices for website
For my Insurance website blog, I use MOZ to help me find high DA authoritative sites, then either generate ideas from them, or rewrite the copy. If I rewrite the copy, I tend to pull from 2 - 3 top authoritative sites. Just so I don't get in trouble, but still offer the most concision information. _My question is, Is this ok to do? _ Secondly, I just read that on some .Gov sites the information is public, and that you can use it as long as you give credit. _My questions is, how do I tell which information is public? _ Thank you in advance 🙂
Moz Pro | | MissThumann0 -
Moz & Xenu Link Sleuth unable to crawl a website (403 error)
It could be that I am missing something really obvious however we are getting the following error when we try to use the Moz tool on a client website. (I have read through a few posts on 403 errors but none that appear to be the same problem as this) Moz Result Title 403 : Error Meta Description 403 Forbidden Meta Robots_Not present/empty_ Meta Refresh_Not present/empty_ Xenu Link Sleuth Result Broken links, ordered by link: error code: 403 (forbidden request), linked from page(s): Thanks in advance!
Moz Pro | | ZaddleMarketing0 -
Error on SEOMoz When Trying to Track Website. Please Advise
Hi, I'm trying to start a new campaign for a root domain, but I'm getting the "Roger found an error" and am not sure what to make of it. Error #1: "You've decided to set up a root domain campaign, but entered the subdomain path: www.siteurl.com. Don't worry, we'll switch that for you and crawl everything on the subdomain: www.siteurl.com. If you meant to set this up to only crawl pages in the root domain, click 'Go back and Change" and enter a root domain URL in step 1." Error #2: "Oops! The root domain siteurl.com redirects to a domain that is not within the specified root domain (www.siteurl.com). This will cause us to stop crawling as the first discovered page falls outside of the root domain you've defined. Please make sure you enter a root domain that resolves to a page that is under the root domain." What does this mean? Is there something I am doing wrong? The first error is what returned when I input www.siteurl.com. The second was returned when I put just siteurl.com. I didn't put up the exact URL for privacy reasons, but if you really do want to help me out, PM me and I can give you the real URL. Thanks in advance!
Moz Pro | | locallyrank0 -
Best Way to Include Social Media in Website?
Hi, how are you doing? I am new to MOZ, totally love it. I recently developed the social media for my page (www.aceromart.com) in Facebook, Google + and Twitter. (I am from Mexico, so the website is in Spanish) I am no expert in SEO whatsoever, but i like to engage my customers with great content both in my page and social media. My question is: **What the best way to include your social media links or icons on my page. Is there a program or a way to include the links. I want the people that visit ** **Should you include them in every page?, in a footer?, with icons or links. ** Thanks in advance for your advices, they are greatly appreciated. Best Regards, Jesus D
Moz Pro | | JesusD0 -
A question about Mozbot and a recent crawl on our website.
Hi All, Rogerbot has been reporting errors on our website's for over a year now, and we correct the issues as soon as they are reported. However I have 2 questions regarding the recent crawl report we got on the 8th. 1.) Pages with a "no-index" tag are being crawled by roger and are being reported as duplicate page content errors. I can ignore these as google doesnt see these pages, but surely roger should ignore pages with "no-index" instructions as well? Also, these errors wont go away in our campaign until Roger ignores the URL's. 2.) What bugs me most is that resource pages that have been around for about 6 months have only just been reported as being duplicate content. Our weekly crawls have never picked up these resources pages as being a problem, why now all of a sudden? (Makes me wonder how extensive each crawl is?) Anyone else had a similar problem? Regards GREG
Moz Pro | | AndreVanKets0