My website was hacked last Thursday
-
My business website was hacked (for the 2nd time in 12 months) last Thursday and all data lost. I've been rebuilding the site and database since then but I'm still getting Hacking Warnings each day.
The latest warning says:
Dear Colin/Administrator,
Someone has attempted to inject SQL into your domain:
HACK DETECTED!
PHP TYPE
IP: 94.100.17.134
Scriptname: /index.cfm
PathInfo: /index.cfm
QueryString: src=http%3A%2F%2Fpicasa.com.oprst.in%2Fshow.php%3Fid%3D16907217My Technical advisro tells me the IP address is that of Inferno Solutions of The Netherlands.
I wonder if anyone has suffered hacking like this what steps they too and what I could do about the potential hackers?
Colin
-
Thanks very much Sarah and thanks for the link and recommendations. I'll look into it today.
Plus the Extended Validation.
That's really kind of you.
Kind regards,
Colin
-
Hi Colin,
Just an additional note, Verisign (now Symantec) - as well as performing daily malware scans - has a fantastic range of SSL certificates that encrypts your customers' info when using forms and for online payments. I noticed in your contact page that the connection is not secure.
http://www.trustico.co.uk/products/symantec/secure_site/symantec-secure-site-ssl-certificates.php
I've sent a link for a basic domain validated certificate, but if you want a green bar at the top of your website so your customers know that you are whom you say then have a look at the EV (extended validation) certificates.
Nice website, by the way, I'd love a Nile cruise!
Sarah.
-
Thanks for those tips and the advice Ryan.
I will take your advice and look at adding Verisign too.
I'm getting the site back into shape but have noticed a dip in ranking from 5th (after the last hack when we were 1st) to 7th today.
Hopefully the need to rebuild a lot of the data including titles and descriptions might help me in the long run to create a better site.
Thanks again for your time and help.
Colin
-
What I could do about the potential hackers?
A few tips:
-
If you are using any software on your site, ensure you keep up with the latest version. Normally you do not have to run out and update the moment a new release comes out, but you should have a plan in place to always update within 90 days of any release.
-
Ensure you share any passwords with the fewest number of people possible. You, your web developer and possibly your SEO consultant are the only ones which may need access to your web server. If anyone with a password changes (i.e. employee leaves, developer changes, etc) then change your password.
-
Do not use an easy to guess password such as "admin1" or "password1". Actually, both your username and password should be difficult to guess.
-
Do not use shared server hosting. If you are paying $10 or less per month for hosting, you are on a shared server. Upgrade to VPS or better. VPS hosting starts at around $35 but there are numerous advantages over shared hosting.
-
Use a service such as Verisign (now Symantec) to perform daily malware scans. If you purchase a Verisign SSL certificate, the service comes with the package.
-
Each type of hosting (Apache, nginx, Microsoft, etc) and website will have its own security recommendations. Make sure they are followed. On my dedicated server, there are some security scripts which have been written by my web host to enhance security. Additionally, there is code I add to the htaccess file on all sites which block common attacks.
With all of the above in mind, nothing can beat a thorough security check from an expert. There are companies that focus web security as their business. Such inspections are very expensive but they offer a lot of value. Also know that even the biggest companies in the world suffer security breaches. By following all of the above steps, you will clearly be a more difficult target then many other sites whereas right now it sounds like you are an easy target.
Good Luck.
-
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Whether or not to remove a link from a website with high spam score on Open Site Explorer
Hello Moz! I just subscribed for your Moz Pro program. Amazing stuff! On open site explorer, I found a number of links to my site from a page called with a very high page authority and high domain authority, but also a high spam score (8 or 9, one with a 10). I say multiple spam scores, because it's strange, there are what appears variations of the same url, and each one is considered a link. For instance, there's an abc.linkstomysite.com and xyz.linktomysite.com, and 123.linktomysite.com... there are about 15 of these (all with the spam scores mentioned above)! This must have been some old SEO work done I payed for back in the prehistoric SEO days. However, my fear is the following: Removing these links, and then losing some potentially strong link juice. I don't have many high DA or PA links to my site, and these are some major ones. The domain in question "linktomysite.com", when entered into OSE, only has a spam score of 4, and it has a domain authority of 45 and page authority of 37. My site has a spam score of 2 and no messages from google regarding a penalty, but an overall reduction in google traffic over the years (just keeps slowly dropping... as if a weight is pulling me down?) What do you think, should I leave, or remove? The linkstomysite page is just a LONG page full of links, with short descriptions, nothing of value, but with a an old domain age (relatively). Most important for me is keeping at least some ranking/visibility, while I personally work on building quality links and helpful content. thanks!
Moz Pro | | DavidC.0 -
Website Issues - Duplicate Content
Hello, I'm fairly new to using Moz and I logged on this morning to find Issues have been found in one of the websites - 22 High Priority and 44 Medium. I know it's due to duplicate content in the blog, but i can't figure out what is duplicated? I've only recently come on board this website so I don't know if the content has been plagiarised or what? The link to the site is here: delacyspa.co.uk Any help would be appreciated. Thanks zFxQmmd
Moz Pro | | Cowbang0 -
Page Authority and Google updates favouring websites with black hat practices ?
Can someone explain how is it that most of the competitors I have online and that rank in first page of the search results almost entirely get links ( in the thousands) and still have higher or equal domain/page authority than mine? I went 1 by 1 checking all their links and they mostly come from sex pages, and non related sites. I say stop creating angry pandas and penguins and start taking out of the game people that just play dirty. Thanks.
Moz Pro | | AbellSEO0 -
Why can't I see last week's stats?
Can see stats week ending May 1st but nothing after that- and it's May 9th!?
Moz Pro | | locumhunter0 -
How To Ques. Getting ranked on page one for a keyword when you compete with bigger websites/companies/stores
Can David Beat Goliath. I work with small businesses with top products that are up against big brands and their online presence. If I am working with them to create content that meets the needs of all their stakeholders/customers/prospects to generate revenue I wonder if keyword targeting with content can really pay off to get them page one, #1 position ranking. So I ask you this question? How do you create a story for a small online store that can get ranked on page one for a keyword when you compete with bigger websites (or sites with higher domain authority)? I don't need all the basics, I'm just looking for a key insight or tip that you have found or heard is working for a David to beat a Goliath (and hold their position rank once they get highly ranked). We are up against sites - for viable keywords -who have higher domain authority and in some cases more content or link backs. Also, I've notice in situations when I do get to page one and I'm in position 7 MOZ analytics show low to no traffic coming from it? Yikes, what do I do to improve that? These are top keywords.
Moz Pro | | brandawakening0 -
Can you change the websites in your PRO Dashboard?
Hello, I set a client's website in one of my 5 campaigns in my Pro Dashboard. But my client changed his domain. I don't see an option to change the domain server in the Campaign settings. Is it possible?
Moz Pro | | Eblan0 -
Websites First Crawl - Over 2 Hour Suggested Wait
Hello SEOMoz! We recently signed up for a free trial and on the pro dashboard it states the following. "To get you started quickly Roger is crawling up to 250 pages on your site. You should see these results within two hours. The full crawl will complete within 7 days." It's been nearly 24 hours and we see no results under Crawl Diagnostics however we do under rankings. Is this normal? Thanks
Moz Pro | | hostsurfuk0