My website was hacked last Thursday
-
My business website was hacked (for the 2nd time in 12 months) last Thursday and all data lost. I've been rebuilding the site and database since then but I'm still getting Hacking Warnings each day.
The latest warning says:
Dear Colin/Administrator,
Someone has attempted to inject SQL into your domain:
HACK DETECTED!
PHP TYPE
IP: 94.100.17.134
Scriptname: /index.cfm
PathInfo: /index.cfm
QueryString: src=http%3A%2F%2Fpicasa.com.oprst.in%2Fshow.php%3Fid%3D16907217My Technical advisro tells me the IP address is that of Inferno Solutions of The Netherlands.
I wonder if anyone has suffered hacking like this what steps they too and what I could do about the potential hackers?
Colin
-
Thanks very much Sarah and thanks for the link and recommendations. I'll look into it today.
Plus the Extended Validation.
That's really kind of you.
Kind regards,
Colin
-
Hi Colin,
Just an additional note, Verisign (now Symantec) - as well as performing daily malware scans - has a fantastic range of SSL certificates that encrypts your customers' info when using forms and for online payments. I noticed in your contact page that the connection is not secure.
http://www.trustico.co.uk/products/symantec/secure_site/symantec-secure-site-ssl-certificates.php
I've sent a link for a basic domain validated certificate, but if you want a green bar at the top of your website so your customers know that you are whom you say then have a look at the EV (extended validation) certificates.
Nice website, by the way, I'd love a Nile cruise!
Sarah.
-
Thanks for those tips and the advice Ryan.
I will take your advice and look at adding Verisign too.
I'm getting the site back into shape but have noticed a dip in ranking from 5th (after the last hack when we were 1st) to 7th today.
Hopefully the need to rebuild a lot of the data including titles and descriptions might help me in the long run to create a better site.
Thanks again for your time and help.
Colin
-
What I could do about the potential hackers?
A few tips:
-
If you are using any software on your site, ensure you keep up with the latest version. Normally you do not have to run out and update the moment a new release comes out, but you should have a plan in place to always update within 90 days of any release.
-
Ensure you share any passwords with the fewest number of people possible. You, your web developer and possibly your SEO consultant are the only ones which may need access to your web server. If anyone with a password changes (i.e. employee leaves, developer changes, etc) then change your password.
-
Do not use an easy to guess password such as "admin1" or "password1". Actually, both your username and password should be difficult to guess.
-
Do not use shared server hosting. If you are paying $10 or less per month for hosting, you are on a shared server. Upgrade to VPS or better. VPS hosting starts at around $35 but there are numerous advantages over shared hosting.
-
Use a service such as Verisign (now Symantec) to perform daily malware scans. If you purchase a Verisign SSL certificate, the service comes with the package.
-
Each type of hosting (Apache, nginx, Microsoft, etc) and website will have its own security recommendations. Make sure they are followed. On my dedicated server, there are some security scripts which have been written by my web host to enhance security. Additionally, there is code I add to the htaccess file on all sites which block common attacks.
With all of the above in mind, nothing can beat a thorough security check from an expert. There are companies that focus web security as their business. Such inspections are very expensive but they offer a lot of value. Also know that even the biggest companies in the world suffer security breaches. By following all of the above steps, you will clearly be a more difficult target then many other sites whereas right now it sounds like you are an easy target.
Good Luck.
-
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
New Website & DA Score
We are preparing to build a new website for a branch of our company. According to Neil Patel (whom I highly respect) our DA should come in around 30 (categorizing us as a startup, see chart below). So I ask: Why do our current sites DA Score below 30? (20 & 29 respectively) Our sites were redesigned in 2013 and are responsive, pass the Google Mobile Friendly test and I've improved load speed by over 25% by compressing images. I have used Moz as guidance for 10 months on both 7 + yo sites, HP.com is 14 yo, our pages score in the high 90's and I have disavowed bad backlinks for 6 months (now only every other month). I thought we would be in or close to the 50 range by 2017 after a solid year of improvements, but I don't see that happening. Our scores go up a point or two, then back down, we have floundered 2 points either way for 10 months. Most important question: What do I do now to raise our DA? Lastly, my plan is to take all the lessons learned from the past years and apply it to the new site, measure the success and then redesign the other two sites in accordance to the new model. But that may be a year away. KJr www.heritageprinting.com www.heritageprintingcharlotte.com | DA | Rating |
Moz Pro | | KevnJr
| 1-10 | Poor – Your site is young and weak. You have a lot of growing to do. |
| 11-20 | Decent. Your site isn’t stellar, but you’re doing better. It would be good to grow. |
| 21-30 | Fair. Your site shows signs of SEO, but there are many things you can and should do to improve. |
| 31-40 | Competitive. A lot of startups find themselves in this DA range. It’s not bad, and you’re beginning to get close to the sweet spot. |
| 41-50 | Good. Now, you’re getting somewhere. This is a nice place to be, and many good e-commerce sites find themselves squarely in this category. |
| 51-60 | Strong. As you swing out of the lower half of the scale, you’re beginning to get much healthier. This is a good place to be. |
| 61-70 | Excellent. A DA at this level represents a great site with a lot of recognition, a lot of link backs, and a considerable authority in its niche. Many .edus are in this space. |
| 71-80 | Outstanding. You’re dominating in the SERPs and owning your niche. Quick Sprout is a 73. |
| 81-90 | Very outstanding. You’re in the upper echelons of authority. You can consider yourself to have arrived. |
| 91-100 | Rare. These sites are household names — Wikipedia, Facebook, New York Times, etc. Your site will probably never attain this level. Only a miniscule fraction of a percentage of sites on the Internet ever get this high. | https://www.quicksprout.com/2014/04/09/how-to-score-your-websites-seo-in-10-minutes-or-less/0 -
Help - Analyzing Web Traffic Across Multiple Websites
Hi Moz Community, Hope you can help. Is there any way to discover the most visited pages for a particular website, one that I do not administer? I wouldn't need exact numbers, just a relative breakdown of the "Most Visited" pages/sections. For example, if I was reviewing www.jcrew.com, I'd be interested in determining the 10/20/50 most visited pages/products. And just to provide another example, I would be interested in the 10/20/50 most visited pages/stories on www.buzzfeed.com. Any and all help is greatly appreciated. Thank you!
Moz Pro | | MountArashi0 -
How to know exactly which page links to a 404 page on my website?
Hi Moz users, Sometimes I get 404 crawl errors using Moz Pro and when my website has a few dozen pages it is hard for me to find the original page that links to a 404 page. Is there a way to find this automatically using Moz or do I have to look for it manually? I just need to find the original link and delete it to fix my 404 issue. Please let me know thank you for you help. -Marc
Moz Pro | | marcandre0 -
Moz & Xenu Link Sleuth unable to crawl a website (403 error)
It could be that I am missing something really obvious however we are getting the following error when we try to use the Moz tool on a client website. (I have read through a few posts on 403 errors but none that appear to be the same problem as this) Moz Result Title 403 : Error Meta Description 403 Forbidden Meta Robots_Not present/empty_ Meta Refresh_Not present/empty_ Xenu Link Sleuth Result Broken links, ordered by link: error code: 403 (forbidden request), linked from page(s): Thanks in advance!
Moz Pro | | ZaddleMarketing0 -
54 new 404 errors on my website?
Hi There In the latest report I have 54 404-errors. All last week, previously I had 2 404s that I fixed. In report say: Title404 : ErrorMeta DescriptionTraceback (most recent call last): File "build/bdist.linux- x86_64/egg/downpour/init.py", line 391, in _error failure.raiseException() File "/usr/local/lib/python2.7/site- packages/twisted/python/failure.py", line 370, in raiseException raise self.type, self.value, self.tb Error: 404 Not FoundMeta RobotsNot present/emptyMeta RefreshNot present/empty Are these normal 404 errors I have to look at and fix? Or is this some script that running on my server and causing errors? In general - what should I do to fix this? Thanks Dean
Moz Pro | | Passanger880 -
Campaign web crawl has failed last 4 times
I have 4 websites setup in my pro dashboard. The only site that isn't getting crawled is an HTTPS site. It has worked for over a year, but the past 4 crawls (an entire month now) has returned only one page crawled. Is there something going on with the crawler? I really need to be able to see these stats. Has anyone else experienced this issue?
Moz Pro | | nbyloff0 -
Should I setup separate campaigns for my website and blog?
Both the website and blog are hosted on the same domain, just wondering if I should setup separate campaigns under SEOmoz for each? If so, why would this be helpful? http://www.tatango.com http://www.tatango.com/blog
Moz Pro | | Tatango0