One of My Sites Was Hacked

by Martin Malden

Drilling into sitesSeems like the hackers are after me at the moment: 2 weeks ago my Twitter account was hacked and last week one of my static web sites was hacked.

Last week’s hack was particularly embarrassing.

I’d sent someone the link to my Web Services site. On the web design page there are some links to sample sites and the hackers had installed a Trojan on one of those.

So when my prospect clicked on the link to the affected site they were greeted with one of those big, shout-at-you messages warning them that my site was trying to install a Trojan on their PC.

Not a good way to get new business. 🙁

Fixing the site was easy – and done in less than 10 minutes. All I did was to delete every file on the server and re-upload the entire site.

As soon as the clean site was up I changed my FTP and hosting provider passwords and, so far, no further problems.

So the next question was: how did they get in?

I raised the question with my hosting provider, but they were not that helpful. However, they did suggest that one of the scripts on my site might have been the entry point.

The only scripts on that site are for the contact form and the statistics. The contact forms are done using scripts, so I downloaded the latest version of my contact form builder and re-did the contact forms on all of my sites. That took me most of Saturday – a lot longer than fixing up my hacked site did!

There’s nothing I can do about the scripts for my statistics – they haven’t produced any upgrades.

This particular site is for a JV business venture that I’m doing with someone else and, therefore, it wasn’t hosted at Hostgator, along with my other sites.

However, the hosting provider it’s hosted with doesn’t support SFTP so, for the moment, I’ve moved it onto my Hostgator account.

With the growing sophistication of hackers, and the increase in online crime, it’s difficult to understand why a hosting provider would not support SFTP. In fact I think it’s both negligent and irresponsible on their part.

Needless to say, I will not be renewing that contract when it comes up.

Cheers,

Martin Malden

Please share this article - I'm counting on you!
       
Found this article useful? Get free updates!

Get regular updates, plus a free eBook on how to set up a business online - join us!

Your details are safe with me.
My Privacy Policy.

Previous post:

Next post: