Hacked Website: 5 Preventive Action Steps
This is so disturbing. I don’t have any concrete data to say definitely something is going on. But two reports of website hacking in less than 3 days by two different people is not a coincident.
One of my clients (and friend) also reported that the hacking cost her more than inconvenience. She’s restored her site. But now, when someone clicks on her website from Google search results, they get a big, awful notice that her site contains malicious code. The other person has some weird foreign forum on her site now. I feel outraged for them.
What you can and should do:
- Backup, backup, backup your websites. Don’t know how? Here’s a video. Don’t want to do it yourself and want to keep a copy somewhere other than your office? Outsource your backup.
- If you have no need for FrontPage extensions, don’t install it.
- Update all your scripts including blogs.
- Change your webhost control panel logins regularly.
- Use RoboForm to keep up with your logins and share them securely. If your assistants and webmasters don’t have RoboForm, buy them a copy.That’s what I did last Christmas. As a gift, I gave everyone I was working with a copy of RoboForm. Now, I assign a special passcode to them and when I need to send them login details, I package it up through RoboForm and email it as an attachment.
It’s encrypted and even if the email is intercepted, they’ll have the additional task of cracking the passcode. You can download a free trial here.
I can’t guarantee you these action steps will keep your website in a vault and you’ll never ever be hacked. However, you will minimize your vulnerabilities and put stumbling blocks in their path to slow them down. That could make all the difference.
Do You Want A Hands-Free Business?
Then get this guide to help you systemize your business so you'll have more time working on your business.
Hey! I want to make sure you know what you're getting here. In addition to the guide, you will also receive our memo that includes special offers, announcements and of course actionable information.
Lynette, you rock my world sista! I so needed this…thanks!
Nell
Lynette, you rock my world sista! I so needed this…thanks!
Nell
I keep my backups on 1 and 2 G thumb drives, I like the idea of outsourcing your backup. Not a bad idea. All very good advice, thank you Lynette 🙂
I keep my backups on 1 and 2 G thumb drives, I like the idea of outsourcing your backup. Not a bad idea. All very good advice, thank you Lynette 🙂
I’m just getting started, so this is very good and timely advice.
Thanks, Lynette
I’m just getting started, so this is very good and timely advice.
Thanks, Lynette
Lynette: You mentioned do not install FP extensions if not needed. What is the reason for not using FP extensions?
Lynette: You mentioned do not install FP extensions if not needed. What is the reason for not using FP extensions?
If you’re not using the (obsolete) Microsoft FrontPage software to design your website, you don’t need FrontPage extensions. If you are using a FrontPage version newer than 98, you probably don’t need FrontPage extensions regardless. But if you’re using any version of FrontPage, you have my sympathies.
If you’re not using the (obsolete) Microsoft FrontPage software to design your website, you don’t need FrontPage extensions. If you are using a FrontPage version newer than 98, you probably don’t need FrontPage extensions regardless. But if you’re using any version of FrontPage, you have my sympathies.
Well put. Its very important to take steps to protect your site. Ive had instances of my competition trying to take down my site. Granted these are rare, but if its your business, you have to protect yourself. Make sure your hosting provider is reliable. and set up their services they provide to insure backups get done. And dnload those backups and put them somewhere safe.
Well put. Its very important to take steps to protect your site. Ive had instances of my competition trying to take down my site. Granted these are rare, but if its your business, you have to protect yourself. Make sure your hosting provider is reliable. and set up their services they provide to insure backups get done. And dnload those backups and put them somewhere safe.
Great post Lynette and a very nice reminder for everyone.
One of the resaons not to use FP Extensions is the folders it creates on your hosting account are very nice places for hackers to hide malicious scripts they can then activate remotely. Who ever checks what’s in those folders?
Great post Lynette and a very nice reminder for everyone.
One of the resaons not to use FP Extensions is the folders it creates on your hosting account are very nice places for hackers to hide malicious scripts they can then activate remotely. Who ever checks what’s in those folders?
Front Page has worked very well for me. I am not sure why another poster felt the need to make discouraging remarks about it.
Lynette, can you elaborate more on what the pitfalls are with FP extensions. Are there precautions I can take if I have to use FP?
Thanks for all you do Lynette. You keep this “non-techie gal” safe from those internet bad guys.
Front Page has worked very well for me. I am not sure why another poster felt the need to make discouraging remarks about it.
Lynette, can you elaborate more on what the pitfalls are with FP extensions. Are there precautions I can take if I have to use FP?
Thanks for all you do Lynette. You keep this “non-techie gal” safe from those internet bad guys.
Blair, all that Rich and Nic said about FP extensions are not meant to be mean or discouraging. They are correct. FP extensions open up a lot of vulnerabilities to any hosting account.
I know a lot of people like FrontPage and have used them for years without problems but I also know of people whose servers and websites are constantly plagued by problems because FP extensions are installed.
I think the only one who can really safeguard a server that uses FP extensions is your web host. Even then, there is very little they can effectively do because once you turn it on, it’s ‘open’ the only way to protect the server is to turn it off. Which is why most web hosts now have big red letters when you turn on FP extensions, to not turn it on unless you absolutely have to.
But to make matters worse, if you’re on shared hosting, even if you turn it off but someone else sharing the same server with you has it turned on, the whole server is vulnerable. That’s what happened to me once. I’d not used FP extensions in years but the site was still defaced because someone else did 🙁
This has been going on for years. Sorry FP users to bring bad news but it is what it is. If you’d like to read further about FP vulnerabilities here are some resources (mind the language and somewhat technical content):
http://www.acunetix.com/vulnerabilities/Frontpage-Extensions-Enab.htm
http://insecure.org/sploits/Microsoft.frontpage.insecurities.html
http://www.securiteam.com/windowsntfocus/5AP0H1PIAC.html
Blair, all that Rich and Nic said about FP extensions are not meant to be mean or discouraging. They are correct. FP extensions open up a lot of vulnerabilities to any hosting account.
I know a lot of people like FrontPage and have used them for years without problems but I also know of people whose servers and websites are constantly plagued by problems because FP extensions are installed.
I think the only one who can really safeguard a server that uses FP extensions is your web host. Even then, there is very little they can effectively do because once you turn it on, it’s ‘open’ the only way to protect the server is to turn it off. Which is why most web hosts now have big red letters when you turn on FP extensions, to not turn it on unless you absolutely have to.
But to make matters worse, if you’re on shared hosting, even if you turn it off but someone else sharing the same server with you has it turned on, the whole server is vulnerable. That’s what happened to me once. I’d not used FP extensions in years but the site was still defaced because someone else did 🙁
This has been going on for years. Sorry FP users to bring bad news but it is what it is. If you’d like to read further about FP vulnerabilities here are some resources (mind the language and somewhat technical content):
http://www.acunetix.com/vulnerabilities/Frontpage-Extensions-Enab.htm
http://insecure.org/sploits/Microsoft.frontpage.insecurities.html
http://www.securiteam.com/windowsntfocus/5AP0H1PIAC.html
Thank you for the information on FP. The way you put it was professional. I do want to know about the pitfalls of FP. I just thought it is rude to make discouraging remarks about FP with no explanation. It felt like a put down.
I have another question: I use FP 2003. Is there a way to FTP without extensions? Can I fix this without having to redo my pages? I have over 1000 pages and I just recently re-did my entire site in FP 2003. Can you advise me?
Thanks in advance 🙂
Thank you for the information on FP. The way you put it was professional. I do want to know about the pitfalls of FP. I just thought it is rude to make discouraging remarks about FP with no explanation. It felt like a put down.
I have another question: I use FP 2003. Is there a way to FTP without extensions? Can I fix this without having to redo my pages? I have over 1000 pages and I just recently re-did my entire site in FP 2003. Can you advise me?
Thanks in advance 🙂
Hi again Blair. Yes, you don’t have to use FP extensions to publish a website. But if you go FTP, you won’t be able to edit Live or your included content may break. As mentioned before, I haven’t used FP in ages. Not exactly sure what will happen but found this thread that might help enlighten you.
http://www.webmasterworld.com/html_editors/3446503.htm
Hi again Blair. Yes, you don’t have to use FP extensions to publish a website. But if you go FTP, you won’t be able to edit Live or your included content may break. As mentioned before, I haven’t used FP in ages. Not exactly sure what will happen but found this thread that might help enlighten you.
http://www.webmasterworld.com/html_editors/3446503.htm
I was surfing your blog this morning and found this post – thank you so much! This is very timely for me as I haven’t been the most conscientious about backing up my data. I also wasn’t aware about the issue with FP extensions. I’ll be referencing your post on my blog and trackback to you.
Thanks again for the great info!
I was surfing your blog this morning and found this post – thank you so much! This is very timely for me as I haven’t been the most conscientious about backing up my data. I also wasn’t aware about the issue with FP extensions. I’ll be referencing your post on my blog and trackback to you.
Thanks again for the great info!