Hi, I was recently the victim of a hacking (mid November). I belive they got in using a form-to-email script, I have now found out how vulnerable these are and have removed them, as well as all other scripts I had. In with my own files there were sevaral new files (with pornographic titles), created by the hacker, as well as a .php file and php code in the htaccess file. I removed the php file and deleted the php code in the access file, as well as deleting the new html files. I also changed the ftp password. Unfortunatley I am not a programmer, and certainly don't have the skills to hack, but what I would like to know is if, now I have removed these files, is the door closed to the hacker? Or do they now have easy access to my site? I do recognise no site is 100% safe. Thanks for any advice.
The best thing is to look at the source code of every file on your site line by line and check everything is as it should be. Then check that there are no cron jobs on the server and that the mysql databases (if you have them) are as they should be. If these tests are clear then you are OK.
Thanks mad4. I will look at the cronjobs. I have been looking at the source code on the pages, but with over 2,500 unique html pages it's taking a while. Actually what I did was to reload the site from a clean backup i had on disk. Thanks again.
2500 html pages? Sounds like you need a php programmer to create some templates for you! What do you do when you need to edit some code on every page?
Use 'find and replace' in dreamweaver. Still takes a while to do the whole site, especially if it's a unique piece of code on every page. Then its all done manually. Not fun! Still it's better than a 'real job'!
A php code could alter the site to the following: include(header.php); //put your content here include(menu.php) //more content here include(footer.php); Code (markup): Then you can use common headers, footers and menus for all your pages and update the entire site in 5 minutes.
You also need to look at the ways in which the computer hosting your site is accessed. Is there a firewall? Are all ports except those that need to be open for inbound connections closed? For instance, a web server only needs to have port 80 open. If you want to offer secure pages, you also need port 443 open. Every program needs a specific port opened -- ftp on port 21, ssh on port 22, pop3 to collect email on port 110 and so forth. If you do not offer a service, the port must be closed. How do you access your site? Directadmin, webmin, cpanel? Each uses a differnet port which must be open for inbound connections. Have you changed your passwords in the program used to access your site to something ard -- at a minimum a combination of letters and numbers of 10 or more characters. If you are limited to 8-character passwords, combine letters, numbers and other characters. Who has access through those programs? Is there a default admin account and password? Change and/or close those. Never allow "root" to connect directly through to internet to ssh or your control panel. Do you have ssh access? Are the individuals who can use that program limited to only those who need access? It should be just you. You should also print out a record of open connections and processes on that machine and take the time to find out what each one is. I still do this from time to time to see if there is anything unusual that I can detect. When it comes to network security . . . a bout of paranoia is a good thing from time to time. Do not forget. By hosting a website you have also taken on the job of sysadmin and network security admin your little part of the internet. You need to learn as much as you can about those jobs and do them as well as you can. NEVER assume other network admins and/or programmers are doing their's.
Thanks, Learning programming and more advanced design is on my 'to do' list. I accidentally got into the whole web thing, it was a hobby which turned profitable, I never took a course to learn web design, just self taught. But I think to stay ahead of the game I'm going to have to learn some more languages. Thankyou for all your help.