My website was hacked last Thursday
-
My business website was hacked (for the 2nd time in 12 months) last Thursday and all data lost. I've been rebuilding the site and database since then but I'm still getting Hacking Warnings each day.
The latest warning says:
Dear Colin/Administrator,
Someone has attempted to inject SQL into your domain:
HACK DETECTED!
PHP TYPE
IP: 94.100.17.134
Scriptname: /index.cfm
PathInfo: /index.cfm
QueryString: src=http%3A%2F%2Fpicasa.com.oprst.in%2Fshow.php%3Fid%3D16907217My Technical advisro tells me the IP address is that of Inferno Solutions of The Netherlands.
I wonder if anyone has suffered hacking like this what steps they too and what I could do about the potential hackers?
Colin
-
Thanks very much Sarah and thanks for the link and recommendations. I'll look into it today.
Plus the Extended Validation.
That's really kind of you.
Kind regards,
Colin
-
Hi Colin,
Just an additional note, Verisign (now Symantec) - as well as performing daily malware scans - has a fantastic range of SSL certificates that encrypts your customers' info when using forms and for online payments. I noticed in your contact page that the connection is not secure.
http://www.trustico.co.uk/products/symantec/secure_site/symantec-secure-site-ssl-certificates.php
I've sent a link for a basic domain validated certificate, but if you want a green bar at the top of your website so your customers know that you are whom you say then have a look at the EV (extended validation) certificates.
Nice website, by the way, I'd love a Nile cruise!
Sarah.
-
Thanks for those tips and the advice Ryan.
I will take your advice and look at adding Verisign too.
I'm getting the site back into shape but have noticed a dip in ranking from 5th (after the last hack when we were 1st) to 7th today.
Hopefully the need to rebuild a lot of the data including titles and descriptions might help me in the long run to create a better site.
Thanks again for your time and help.
Colin
-
What I could do about the potential hackers?
A few tips:
-
If you are using any software on your site, ensure you keep up with the latest version. Normally you do not have to run out and update the moment a new release comes out, but you should have a plan in place to always update within 90 days of any release.
-
Ensure you share any passwords with the fewest number of people possible. You, your web developer and possibly your SEO consultant are the only ones which may need access to your web server. If anyone with a password changes (i.e. employee leaves, developer changes, etc) then change your password.
-
Do not use an easy to guess password such as "admin1" or "password1". Actually, both your username and password should be difficult to guess.
-
Do not use shared server hosting. If you are paying $10 or less per month for hosting, you are on a shared server. Upgrade to VPS or better. VPS hosting starts at around $35 but there are numerous advantages over shared hosting.
-
Use a service such as Verisign (now Symantec) to perform daily malware scans. If you purchase a Verisign SSL certificate, the service comes with the package.
-
Each type of hosting (Apache, nginx, Microsoft, etc) and website will have its own security recommendations. Make sure they are followed. On my dedicated server, there are some security scripts which have been written by my web host to enhance security. Additionally, there is code I add to the htaccess file on all sites which block common attacks.
With all of the above in mind, nothing can beat a thorough security check from an expert. There are companies that focus web security as their business. Such inspections are very expensive but they offer a lot of value. Also know that even the biggest companies in the world suffer security breaches. By following all of the above steps, you will clearly be a more difficult target then many other sites whereas right now it sounds like you are an easy target.
Good Luck.
-
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
What is the best way to increase the DA and PA of website?
Hello, I hope everybody is fine. I am looking for a right way to increase the DA and PA of the website and its webpage. I have a lesco duplicate bill info related webpage which I want to increase the PA. Kindly guys guide me the legit way of increasing the Page Authority. Thanks
Moz Pro | | rankvizguru1 -
Is a new website the only way to get better rankings?
Our website is https://www.franklin-bell.com.au. For a while now we've been trying to get a few of our pages on there to get a better rank on google. A local SEO agency told us that some of our pages are not like "the modern standard" for web pages, but our page score for the keywords we want is 90% and higher. Do we really need to completely rebuild the website (it was built in 2014) in order to get better rankings? Or is it sufficient to have the 97% page score and then just get some back links and social media referrals etc. Thanks in advance.
Moz Pro | | franklin-bell0 -
Can you suggest a good website for a roofing contractor??
I have a roofing contractor friend that wants a new site. There's a lot of choices out there, so to save a little time I'm looking for good suggestions. Ideally one with a good DA, and the ability to make manual edits on the back side. Thanks in advance:)
Moz Pro | | MissThumann0 -
My website not getting organic hits
Hello Moz, I am enjoying being here i just bought moz pro, and am digging for what to change in my website, Apart from that I just wanna know why my website not getting rank in search engine, if someone can do quick audit for me it will be obligation on me. querease(dot)com
Moz Pro | | querease0 -
The keyword ranking report takes into account all my website urls? Can I specify the URLs where I want to track the keywords?
I don't know if my weekly reports are reporting the ranking of my keywords correctly. I have added some new keywords, since that all my reports are in red numbers. I don't know if this is happening because I did something wrong, or if is because my rankings are really falling down.
Moz Pro | | hockerty0 -
Two PR 5 websites, but little to no link data in OSE. How??
As the title states - We've recently developed two sites for clients - within the last 4 months or so. With the Google PR update, both sites are sitting as PR 5 sites. I've tried to have a look in the OSE for the backlink profile of both websites, but I see nothing. Even Majestic SEO's fresh index doesn't provide much info. The DA of each site is 11-16. I would really love to see what's generating the link juice to these sites. Any ideas? The two sites are: https://bfore.co.za
Moz Pro | | Mark.RedGiant
http://ictjournalafrica.net0 -
Not seeing updated rankings from this last saturday?
In my dashboard I'm not showing the ranking reports from this most recent saturday.... it is now july 3rd but my dashboard still shows: Last Data Update: 06/27/2011 Is this normal to have the rankings delayed? Thanks for any ideas
Moz Pro | | PillarMarketing0 -
How to track with SEOMOZ a website in several language
Hi, We have a customer with a website in EN, FR and ES. They used Joomfish, so each language is in a subdirectory : sitename/en sitename/fr sitename/es and they want their website to be well placed on the web for all that languages and countries: English, French, Spanish, German and Italian. It is a website for specific affiliation, that's why there is no barriers. What I need to do to use the best way SEOmoz. For the moment I created one campaign following Google US, google Germany and Google France. To go deeper, I would need to create different campaigns in my account? And also, your robot will be able to recognize the different subdirectories and languages? And to improve the SEO of this website, it wouldn't be better to have 3 domains name, one for each country? Thanks a lot in advance for your answer, Anne
Moz Pro | | ahernoux1