How can I secure my website?

[kentzy99]

Hi Guys,

Recently there are some fu*king hackers hacked into my sites, in fact all of them are down now... I don't really know what I have did wrong, perhaps I didn't have very good security measures. The hackers deleted all the necessary files to run my website, all my scripts and folders...

Can anyone here advice me how I can implement better security to prevent hackers from hacking my websites again? I really appreciate if anyone could give me some good advice, what do I required to take note of when having websites on the servers etc.

Thanks and Regards,
Kent

 

[espfutbol98]

I'm not really too familiar with that sort of hacking but if you're sure it's not a server error, I would monitor the ip adresses of your visitors to find the hackers. Put the logging scripts in places normal visitors don't go and hack them back (if you're sure it's them).

More conservative advice would be to use VERY secure passwords on your CPanel and SQL databases, then rebuild and zip your site and save it somewhere.

That's just a novice's opinion though.

 

[zen-r]

Another novice opinion:

Also make sure your site's / forum's software on the server is up-to-date.

New flaws are being discovered all the time, & hackers exploit them. Even bank sites have been hacked. Look up things like SQL injection attacks.

Other really obvious stuff includes looking after your passwords - both physically (no Post-it notes on the computer!) & virtually (are the computers that you use to access your web account secure? have they got trojans or other compromises on them which are stealing your passwords as you enter them?)

And so on!

Finally, if your sites are hosted on x10, are you sure your files didn't just go missing in the recent server transfers? It happened to a lot of people, but staff can restore the files from a back-up. Read the News section here about it (if you haven't already) - there has been lots going on!

Please click my Reputation button

(at the corner of this post) & make me -it costs you nothing!

If I've traded services/credits with you, please remember to leave iTrader Feedback. Thanks.​

 

[nirajkum]

what were u hosting on your site ... most of the time it happens is that by mistake you run some script it happens with blog like wordpress ... So be sure to click on any click and make sure its not some perl script or other which get executed with admin permission

 

[kentzy99]

Hi Guys,

I want to thank you all for your replies. There is one other thing that the hacker is able to do... they hacked my sites on another host too. I think they might have hijacked the passwords that is stored on my computer or something, my account on lunarpages is also hacked. It's really frustrating when someone hacks into your sites... all your efforts for putting the site up is gone, and they are still at large.

I have one question, does using chmod modes on files help provide more security? I have found that the hacker is able to upload a file onto the web server named "ayyildiz.html" it was set to 644 chmod. Please enlighten me.

Kent

 

[espfutbol98]

That sounds like you have a keylogger or other type of spyware. It could also be (if you have one) your wireless network has been infiltrated and network communications intercepted, although highly unlikely.

I would get a few different, good anti-virus and anti-spyware programs. Anti-malware is not 100% so you might want a few different ones.
If you have wireless:

• Change your web key to about 20-40 strong characters.
• Turn SSID Broadcast off.
• Use WPA2-Personal (with AES) encryption.
• Use Mac Address filter to limit only certain machines.

And use ssl whenever possible.
Wish I could help more but that is the extent om my knowledge.

 

[farscapeone]

I have one question, does using chmod modes on files help provide more security? I have found that the hacker is able to upload a file onto the web server named "ayyildiz.html" it was set to 644 chmod. Please enlighten me.

If they got your username and password then chmod won't stop them. You can change chmod right, then if they got your host username and password they can do whatever they want

Only thing you can do now is get some good anti-virus and try to change all your passwords, or if that's not an option try changing passwords from some other computer (like friends, or at work or school) cos, like espfutbol98 said, you might got yourself a nasty old keylogger.

Hope you'll recover from this.

 

[prespana]

Hi guys! I have one problem. I have an Joomla web site. What is the best way to protect it from attacks? Any good plugin to sugest to me?