Hacking and security
-
Hi, we have had some of our sites hacked and i would like your advice on the situation.
We pay a fair but of money for a dedicated server as we thought that by having a dedicated server it would make the sites secure.
The language we use for our sites are joomla and wordpress but yesterday a few of them on the dedicated server were hacked.
the hosting company have sent us the following info
'There is one extra security improvement on the system we may offer you and it is cloudlinux with cageFS. This improves the overall security on the server but will not stop unsecured code exploiting if such coding is present in your website scripts.'
The hosting company is asking for an extra £20 a month to add this on.
we asked the hosting company what they meant by unsecured code and they said:
'Unsecure coding is code in your scripts which will allow injections of files from external source. Unfortunately better explanation is not available and for any detailed information you may check with experience local web developer.'
We thought that the sites would be secured. The hosting company have said that because one of the sites was not updated from joomla 1.5 to joomla 3.0 which we were planning to do this week, this is the reason why it has happened. However, this does not make any sense, as this is a dedicated server so why has the wordpress sites which are up to date been hacked when they are on the same dedicated server.
any advice in understand more on this issue would be great, as i need to find out why this has happened and if i should be taking my sites to another hosting company
-
The wordpress hacking was almost surely due to having outdated version of WP, or having a vulnerable plugin installed. There are a few helpful plugins you can use to secure your WP site, plugins like (http://wordpress.org/plugins/better-wp-security/).
also a couple things to note, you should also take basic measures to project the site by changing the default table prefixes of your DB from _wp, create a new admin user and delete the default "admin" accoun & limit access to your wp-admin section in your .htaccess file.... these security plugins will give you a whole checklist of items to "secure".
-
I have only used dreamhosts shared hosting, don't know about dedicated.
"would you expect the hosting company to let you know that your site has been hacked or is it down to yourself to know"
Generally no, that you be your responsibility (or if your have a maintenance contact with the web developer).
Again dreamhost has some cool auto safe guards eg one of my clients had malware/virus on his pc and was sending out spam, they auto reset the password when it was picked up. I also think they have other auto features to inform you about hacking, but its guaranteed service, its just a bonus they do.
I'm not saying you should go with dreamhost, I'm just telling you what they can/have done, (i have only use a few host companies) but I'm sure there are alot of hosts that do that too (maybe even more).
-
will have to look at dreamhost and see how much they charge for dedicated server. do they offer managed dedicated server. also the hosting company is not taking any responsibility.
would you expect the hosting company to let you know that your site has been hacked or is it down to yourself to know
-
What your saying is true, but I have never heard of anyone getting hacked (bar brute forcing password or poor passwords), if they keep upto date with the security fixes.
Some hosts eg dreamhost will auto update installs for you , so you don't have to worry about updating.
-
I don't think its the server, wordpress and other cms are continually hacked. The server can not stop much at all. your code needs stop most hacks, and since wordpress is used by so many, all some one needs to do is hack their own and then they can go out and hack all wordpress sites of the same version.
-
Yeah standard, "its not our problem" response.
As I said before, if the joomla site shared something like mysql database access then it was most likely not the hosts fault.
I have seen hosts blame opensource cms when actually they were just trying to hide their issues. Its going to be impossible to know until someone looks properly into it (which hosts will not do, which is fair enough).
-
just got this from my hosting company
Hello,
1. The server was not hacked. The application on these account has been compromised. In order to have the exact reason and coding vulnerability which allowed this to happen you may contact certified developer as we do not offer development services at this point.
2. Review the above. What we do is secure the service on the server by applying all the patches available for the same. The coding and the updates on your website functions and coding is your responsibility. The review and patching of any script you use for your website is development related task.
3. Again you will have to request this from expert web developer as s/he may review the coding of your website and provide the reason why and how it has been compromised.
4. Contact certified developer with proven feedback to review and patch your websites coding.
5. The answer to this question you may check here:
Should you have any further questions or comments please do not hesitate to contact us.
Best regards,
-
i am waiting for the hosting company to get back to me, they have been working on this now for over 24 hours, i have sent them some questions but they have said they cannot answer them yet. it seems strange that the wordpress sites were hacked and they were all hacked even though they all had seperate logins
-
I'm not an expert (but have some experience) , but if they are truly separated, and the word press sites were up to date but were hacked too, then there is something very wrong.
-
ok thanks. The sites all have their own access but are all on the dedicated server. they can all be gained through a whm where we can change cpanel passwords and usernames but besides that they have no connection.
-
If each site was on a different domain and were completely separate (separate ftp access, separate mysql database access, no master/common username and passwords etc) then that might point to a problem with the hosting side, but to be honest it really hard to know, with our proper investigation.
Since your not technically minded you would be better getting someone with more technical knowledge to review you current setup to see if it was the hosts failing or it was the way you have your sites set up, there is just too many unknowns to get conclusive help from a forum.
Hope that helps
-
hi, it is a managed dedicated server where they look after everything.
there is a joomla site on there that was not hacked but all the other sites were hacked including wordpress.
all the wordpress sites were upto date but there were three joomla sites that were in joomla 1.5 instead of joomla 3.
we were told when we moved up to a bigger and newer dedicated server it was secure from hacking but we have now been hacked.
i am trying to find out, how this has happened, this happened over 24 hours ago and still they are sorting out putting the back up of the sites live but it seems to be taking a long time.
we have another site on there which is not ours who we let use the space and they have a it expert on board who claims this should not have happened even if there was a older joomla site on there.
they claim that the hosting company should have made everything secure and has suggested we move to a better server that is secure.
i am not technically minded so not sure what we should do, if it was the hosting company fault or not.
-
When you say dedicated do you mean a "managed" dedicated server? or are you in charge of server maintenance?
As for joomla I think there are security updates for 1.5 (best check if its still supported, just make sure you have them upto date. to late now unless you have a backup before the hack then, update straight away and change passwords (there is a how to recover from a hack guide for this on the joomla site)
If the hacker got into you joomla site and was able to get you database passwords and if that was a master user account that also had access to the wordpress database then I could see how they could have gotten into both. Of if the word press site is on the same domain as the hacked joomla site, then again they could get into the wordpress site. Or if you used common usernames or passwords for the different sites.
But the most important with any opensource software is to make sure that your uptodate with security fixes, because as soon as there is a exploit found script kiddies search the web for vulnerable site and have there fun. I'm know what "cloudlinux with cageFS" is but as your host says it would not have stopped this hack.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Site hacked in Jan. Redeveloped new site. Still not ranking. Should we change domain?
Our top ranking site in the UK was hacked at the end of 2014. http://www.ultimatefloorsanding.co.uk/ The site was the subject of a manual spam action from Google. After several unsuccessful attempts to clean it up, using Securi.net and reinstating old versions of the site, changing passwords etc. we took the decision to redevelop the site. We also changed hosting provider as we had received absolutely no support from them whatsoever in resolving the issue. So far we have: Removed the old website files off the server Developed a new website having implemented 301's for all the old URL's (except the spam ones) Submitted a reconsideration request for the manual spam action, which was accepted. Disavowed all the spammy inbound links through Webmaster Tools Implemented custom URL parameters through Google to not index the SPAM URLs ( which were using parameters) Our organic traffic is down by 63% compared to last year, and we are not ranking for most of our target keywords any longer. Is there anything that I am missing in the actions I have taken so far? We were advised that at this stage changing domain and starting again might be the way to go. However the current domain has been used by us since 2007, so it would be a big call. Any advice is appreciated, thanks. Sue - http://www.ultimatefloorsanding.co.uk/
Technical SEO | | galwaygirl0 -
Home Page Deindexed Only at Google after Recovering from Hack Attack
Hello, Facing a Strange issue, wordpress blog hghscience[dot]com was hacked by someone, when checked, I found index.php file was changed & it was showing some page with a hacked message, & also index.html file was added to the cpanel account.All pages were showing same message, when I found it, I replaced index.php to default wordpress index.php file & deleted index.htmlI could not find any other file which was looking suspicious. Site started working fine & it was also indexed but cached version was that hacked page. I used webmaster tool to fetch & render it as google bot & submitted for indexing. After that I noticed home page get deindexed by google. Rest all pages are indexing like before. Site was hacked around 30th July & I fixed it on 1st Aug. Since then home page is not getting indexed, I tried to fetch & index multiple time via google webmasters tool but no luck as of now. 1 More thing I Noticed, When I used info:mysite.com on google, its showing some other hacked site ( www.whatsmyreferer.com/ ) When Searching from India But when same info:mysite.com is searched from US a different hacked site is showing ( sigaretamogilev.by )However when I search "mysite.com" my site home page is appearing on google search but when I check cached URL its showing hacked sites mentioned above.As per my knowledge I checked all SEO Plugins, Codes of homepage, can't find anything which is not letting the homepage indexed.PS: webmaster tool has received no warning etc for penalty or malware. I also noticed I disallowed index.php file via robots.txt earlier but now I even removed that. 7Dj1Q0w.png 3krfp9K.png
Technical SEO | | killthebillion0 -
Site hacked, but can't find the code
Discovered some really odd words ranking for us in WMT. Looked further and found pages like this www.pdnseek.com/wll/canadian-24-hour-pharmacy. When you click it it redirects to the home page. The developers can't find /wll anywhere on the site. The pages are indexed and cached. Looked at the back links in moz and found many backlinks to our site from other sites using URLs like this. The host says there is nothing on the server, but where else could it be. We've run virus scans, nothing, looked through source code, nothing. Anyone with some idea? www.pdnseek.com is the URL
Technical SEO | | Britewave0 -
My site was hacked and spammy URLs were injected that pointed out. The issue was fixed, but GWT is still reporting more of these links.
Excuse me for posting this here, I wasn't having much luck going through GWT support. We recently moved our eCommerce site to a new server and in the process the site was hacked. Spammy URLs were injected in, all of which were pointing outwards to some spammy eCommerce retail stores. I removed ~4,000 of these links, but more continue to pile in. As you can see, there are now over 20,000 of these links. Note that our server support team does not see these links anywhere. I understand that Google doesn't generally view this as a problem. But is that true given my circumstance? I cannot imagine that 20,000 new, senseless 404's can be healthy for my website. If I can't get a good response here, would anyone know of a direct Google support email or number I can use for this issue?
Technical SEO | | jampaper0 -
Have my SERP listings been hacked?
When you Google my site the organic search results look normal. The preview site images even display my actual site when you roll over the results. However, when you click a result you are directed to various Spam pages, not my website. How is this possible? This only happens when you click through from search engines. If you type the URL directly in your browser, you are not redirected to a spam site. the site: funeralhomeoptions.com Have any of you seen or experienced this before?
Technical SEO | | emmyjo0 -
Secure Vs Non-Secure Redirects
I have a client who has a lot of duplicate pages on their site. The pages are secure and then non secure counterparts. Not sure why they have this in place but i recomended that they redirect on to the other or vice versa using 301 redirects. I am getting some questions as to why they should do this. Does anyone have a good document outlining the reasoning behind this? For me its just a matter of cleaning up duplicate content but wondering if there is any technical data out there.
Technical SEO | | gkellyiii0 -
Website hacked
Hi I've been asked to help a colleague with his website. It seems to be hacked. He recently received an e-mail from Google saying his adwords account was suspended 'due to high probability his site may be hosting or distributing malicious software' I just checked his source and there seems to loads of weird on code on his pages, this would not have been but on by any members of the website owners. Please image attached when we try to access his website via google search I just contacted the hosting provider - does anyone have experience with this and how to prevent such hacking in the future. The site is build using HTML with no CMS. IjW19.jpg
Technical SEO | | Socialdude0 -
RSS Hacking Issue
Hi Checked our original rss feed - added it to Google reader and all the links go to the correct pages, but I have also set up the RSS feed in Feedburner. However, when I click on the links in Feedburner (which should go to my own website's pages) , they are all going to spam sites, even though the title of the link and excerpt are correct. This isn't a Wordpress blog rss feed either, and we are on a very secure server. Any ideas whatsoever? There is no info online anywhere and our developers haven't seen this before. Thanks
Technical SEO | | Kerry220