mr.blaze   10 #13 Posted November 13, 2016 If you PM me your web address I can do you a quick free security scan of known exploits, that should be able to get to the bottom of your problem. Share this post Link to post Share on other sites Share this content via...
the_bloke   17 #14 Posted November 14, 2016 Owasp is your friend, should be everyone's really. Share this post Link to post Share on other sites Share this content via...
Ghozer   112 #15 Posted November 14, 2016 I could check ur code, have used 123reg and xara web designer myself - there was a known exploit a few versions back with one of the image/file uploaders, that let ppl upload malicious code or inject code... Could be the issue Share this post Link to post Share on other sites Share this content via...
sgtkate   10 #16 Posted November 14, 2016 Good luck. I work in IT security, not the web side though so can't offer any better technical advice than Google I'm afraid. It's a nightmare to keep things secure in any situation, unfortunately you've got a handful of people working to keep things secure and about a million working to try to hack. It's a pure numbers game. As soon as one exploit is patched another has been found.  My advice is accept you WILL be hacked. Know what has been accessed/changed - full audit control Get notified about any and all changes immediately so you are alerted the instant someone gets in - email notifications for example Have a plan to recover back to where you want to be - tested backup and recovery plan  No matter how quickly you patch, how amazing your password is, how protected you think you are, someone out there will get around it. Share this post Link to post Share on other sites Share this content via...
tinfoilhat   11 #17 Posted November 14, 2016 (edited) Owasp is your friend, should be everyone's really.  Sitelock follow OWASP protocols (is that the right word?)  ---------- Post added 14-11-2016 at 14:13 ----------  I could check ur code, have used 123reg and xara web designer myself - there was a known exploit a few versions back with one of the image/file uploaders, that let ppl upload malicious code or inject code... Could be the issue  Latest version of xara is used, website done from scratch. 123reg only have teh domain.  Moving hosting now. Fingers crossed.  ---------- Post added 14-11-2016 at 14:14 ----------  Good luck. I work in IT security, not the web side though so can't offer any better technical advice than Google I'm afraid. It's a nightmare to keep things secure in any situation, unfortunately you've got a handful of people working to keep things secure and about a million working to try to hack. It's a pure numbers game. As soon as one exploit is patched another has been found.  My advice is accept you WILL be hacked. Know what has been accessed/changed - full audit control Get notified about any and all changes immediately so you are alerted the instant someone gets in - email notifications for example Have a plan to recover back to where you want to be - tested backup and recovery plan  No matter how quickly you patch, how amazing your password is, how protected you think you are, someone out there will get around it.  Thanks for the confidence boost sgt - my desk already has in imprint of my forehead Edited November 14, 2016 by tinfoilhat Share this post Link to post Share on other sites Share this content via...
Jomie   30 #18 Posted November 14, 2016 Which hosting company have you chosen? Share this post Link to post Share on other sites Share this content via...
the_bloke   17 #19 Posted November 14, 2016 Sitelock follow OWASP protocols (is that the right word?)  It's not so much that; OWASP also have some lovely steps as to how you can check your own site security too. Never be afraid to try and hack your own site. Share this post Link to post Share on other sites Share this content via...
tinfoilhat   11 #20 Posted November 14, 2016 It's not so much that; OWASP also have some lovely steps as to how you can check your own site security too. Never be afraid to try and hack your own site.  I havent got the knowledge to do that. I'm borrowing snippets from what I know and what my business partner (shes the deigner) knows. We arent internet secuirty specialists. Im asking, and indeed have been asking, the people wjho we pay money to give me information - one of them took the same line Sgtkate said, the only thing he said it 24 hours after I'd took out a contract at £30 a month with him. I'm trying to pick up bits from google and here (thanks again folks!!).  The move is going OK though and I can lock my ftp which i couldnt do before - I'm still getting to grips with the control panel.  ---------- Post added 18-11-2016 at 21:29 ----------  Well, we've moved and so far free of anything nasty. Quicker too.  One thing I've found out that my old hosting service was using IIS 7.0. To my untrained eye that's old and is it even supported anymore? Does anyone know for sure?  Thanks again everyone for all the suggestions and support Share this post Link to post Share on other sites Share this content via...
Jomie   30 #21 Posted July 5, 2018 Similar problem to the OP. Looking for a good UK host company, preferably with telephone support. Does anyone have any suggestions please? Share this post Link to post Share on other sites Share this content via...
truman   10 #22 Posted July 5, 2018 Similar problem to the OP. Looking for a good UK host company, preferably with telephone support. Does anyone have any suggestions please?  I use tsohost...tech support seems good...there's also Intuitiv....dont know what size your site is but I think they both cater for small and large ones Share this post Link to post Share on other sites Share this content via...
Jomie   30 #23 Posted July 6, 2018 Thank you truman - much appreciated. Coincidentally, since posting I have had TSOHosts recommended by someone else. I plan to telephone the company today and hope to get things moving asap. Share this post Link to post Share on other sites Share this content via...
tinfoilhat   11 #24 Posted July 6, 2018 Heart internet are looking after ours and they are or will be offering telephone support according to an email I receceived recently. The text support was fine for me though. Share this post Link to post Share on other sites Share this content via...