Website hacked - annoyed.

[mr.blaze 10]

If you PM me your web address I can do you a quick free security scan of known exploits, that should be able to get to the bottom of your problem.

[the_bloke 17]

Owasp is your friend, should be everyone's really.

[Ghozer 112]

I could check ur code, have used 123reg and xara web designer myself - there was a known exploit a few versions back with one of the image/file uploaders, that let ppl upload malicious code or inject code... Could be the issue

[sgtkate 10]

Good luck. I work in IT security, not the web side though so can't offer any better technical advice than Google I'm afraid. It's a nightmare to keep things secure in any situation, unfortunately you've got a handful of people working to keep things secure and about a million working to try to hack. It's a pure numbers game. As soon as one exploit is patched another has been found.

 

My advice is accept you WILL be hacked.

Know what has been accessed/changed - full audit control

Get notified about any and all changes immediately so you are alerted the instant someone gets in - email notifications for example

Have a plan to recover back to where you want to be - tested backup and recovery plan

 

No matter how quickly you patch, how amazing your password is, how protected you think you are, someone out there will get around it.

[tinfoilhat 11]

Owasp is your friend, should be everyone's really.

 

Sitelock follow OWASP protocols (is that the right word?)

 

---------- Post added 14-11-2016 at 14:13 ----------

 

I could check ur code, have used 123reg and xara web designer myself - there was a known exploit a few versions back with one of the image/file uploaders, that let ppl upload malicious code or inject code... Could be the issue

 

Latest version of xara is used, website done from scratch. 123reg only have teh domain.

 

Moving hosting now. Fingers crossed.

 

---------- Post added 14-11-2016 at 14:14 ----------

 

Good luck. I work in IT security, not the web side though so can't offer any better technical advice than Google I'm afraid. It's a nightmare to keep things secure in any situation, unfortunately you've got a handful of people working to keep things secure and about a million working to try to hack. It's a pure numbers game. As soon as one exploit is patched another has been found.

 

My advice is accept you WILL be hacked.

Know what has been accessed/changed - full audit control

Get notified about any and all changes immediately so you are alerted the instant someone gets in - email notifications for example

Have a plan to recover back to where you want to be - tested backup and recovery plan

 

No matter how quickly you patch, how amazing your password is, how protected you think you are, someone out there will get around it.

 

Thanks for the confidence boost sgt - my desk already has in imprint of my forehead

Edited November 14, 2016 by tinfoilhat

[Jomie 30]

Which hosting company have you chosen?

[the_bloke 17]

Sitelock follow OWASP protocols (is that the right word?)

 

It's not so much that; OWASP also have some lovely steps as to how you can check your own site security too. Never be afraid to try and hack your own site.

[tinfoilhat 11]

It's not so much that; OWASP also have some lovely steps as to how you can check your own site security too. Never be afraid to try and hack your own site.

 

I havent got the knowledge to do that. I'm borrowing snippets from what I know and what my business partner (shes the deigner) knows. We arent internet secuirty specialists. Im asking, and indeed have been asking, the people wjho we pay money to give me information - one of them took the same line Sgtkate said, the only thing he said it 24 hours after I'd took out a contract at £30 a month with him. I'm trying to pick up bits from google and here (thanks again folks!!).

 

The move is going OK though and I can lock my ftp which i couldnt do before - I'm still getting to grips with the control panel.

 

---------- Post added 18-11-2016 at 21:29 ----------

 

Well, we've moved and so far free of anything nasty. Quicker too.

 

One thing I've found out that my old hosting service was using IIS 7.0. To my untrained eye that's old and is it even supported anymore? Does anyone know for sure?

 

Thanks again everyone for all the suggestions and support

[Jomie 30]

Similar problem to the OP. Looking for a good UK host company, preferably with telephone support. Does anyone have any suggestions please?

[truman 10]

Similar problem to the OP. Looking for a good UK host company, preferably with telephone support. Does anyone have any suggestions please?

 

I use tsohost...tech support seems good...there's also Intuitiv....dont know what size your site is but I think they both cater for small and large ones

[Jomie 30]

Thank you truman - much appreciated. Coincidentally, since posting I have had TSOHosts recommended by someone else. I plan to telephone the company today and hope to get things moving asap.

[tinfoilhat 11]

Heart internet are looking after ours and they are or will be offering telephone support according to an email I receceived recently. The text support was fine for me though.