Help !! My forum / blog (WebSite) is hacked !! What to do or how to save yourself from or after attack ?

You have a self hosted forum / blog. The site gets a little popular and you enjoy global traffic and one good morning you awake up and find the system is in mess and service out of order.. Text is messed up or domain is pointing towards some other web site or showing some thing else.

Web Site hacked !!!!

Basically you understand, you are hacked !!

What is hacking ?

In simple word, performing an unauthorized action is hacking..

What type of attack / hacking happens to a web site / forum / blog ?

There are 3 major parts of a web site. So the attack can happen on any of these or in multiple factors also.

Domain
Hosting
Script

The most critical part is domain, where as an attack on script or hosting can be prevented with simple 1 click solutions.

How the hacking is done on a web site ?

Naah !! Don’t assume that I would teach you as how to hack a web site or (Yahoo / Hotmail / Gmail) email address of your friends.

Frankly I dont know or rather I am not good enough to carry out the process practically. But rather I would try to put some light on the fact, so that, as an end user you can be aware of these methods.

Attack on your domain

The attack can happen either at user end or at domain registers end. How ever, a domain registrar would stay highly secure so usually and most the time the attack is done at user end.

Remember, your domain is the most important part of your web site.. If some one gains access to your domain panel and obtains the domain transfer key, then he / she can take your domain forever !!!!

The most common weapon of an hacker is to obtain your password. We, the web masters, are bit lazy in protecting our self and at 90% of the time, we loose the password because of our fault.

- PC is Spyware / Virus infected and password leaks out from it.
- We fall victim of spoof emails / malicious web sites.
- We use simple passwords, which are easy to guess
- Losing password of our email accounts which are used to manage the domain

Unauthorized DNS ZONEs

Some times an attacker may steal visitors via putting any extra DNS entry under your domains DNS / Zone records. In which your domain starts to point towards a different IP / web server than your own hosting space..

How do we protect our domain ??

- Make sure you don’t login to your domain management console from any PC which is Spyware infected and never login from any public PC. Its not every day that you are in need to login to your domain panel as you dont make DNS / WHOIS modifications everyday. So when you login, make sure you are using a secure PC running a proper AntiVirus and the system is uptodate !!
- Check the URL properly before you access your domain manager’s control panel to eliminate the possibility of fake / malicious web sites, which are designed to steal your passwords.
- Never use a simple password or same password for email account and domain manager. Simple passwords, dictionary words, known names, etc helps a hacker to simply guess your password.
- Protect your email account also. If one can gain access to your email account, which you have used to register the domain, can reset your domain accounts password by using this email address of yours. Its recommended that you use a separate email account to manage your domain.
- If possible, then change your password time to time…

Attack on your hosting

Unlike the domains, the bad news is, there is a good possibility that your host it self can get hacked. Where as the good news is, even though it can be hacked but it is that easy to restore..

Hosting is a place where you have all your data, so it is natural that we may think it needs the most attention. Theoretically yes, it must need attention and protection, but practically, we can backup the data and even if anything goes wrong, few simple mouse clicks can restore the backup and get our website up and running again.

How do you protect yourself from a hacking attack in your hosting ?

Off course follow the above mentioned techniques about protecting your password and apart from that,

- Backup.
- Don’t delete previous backups
- Backup again and again.

In case of cPanel / DirectAdmin hosting, you have a very good graphical web panel to backup your database and even the entire hosting accounts. Where as you can also setup Crontab, if having shell (SSH) access. If you are running forums / blogs / CMS then its recommended to backup your database every single night before you go to sleep, where as backup the entire web site when ever you make any modifications in your fourm / blog / CMS files.

The script you are running may fall victim

The scrip you are running is most commonly attacked by hackers as there is direct financial benefit for them. Once it is effected, the web pages of your site are used either for back-linking or to deliver Malware !!

Some basic methods for these type of attacks are

- Password theft
- SQL injection
- URL injection

Although you can make your PC secure but its true, that, some time for administration purpose you are in need to use the script and modify database from (using administration account of your forum / blog) an unsecured public PC. In these case below tips can help to prevent damage !!

- Backup / don’t delete the previous backup and always backup.
- periodically change the password of your administration accounts.

Backup is the best way to save your self from any hacking attack or any other problem, so always make a good backup policy for your self and follow it very strictly.

I hope, we never have to see our web site getting hacked. But even if it gets hacked, following these basic safety rules so be able to minimize the damage and help to get the website back-online again.

Help !! My forum / blog (WebSite) is hacked !! What to do or how to save yourself from or after attack ?

Related posts:

No trackbacks yet.

Sponsored Links

Polls

Blogroll

Archives

Categories

Choto Cheeta

Visitor MAP

Recent Comments

Contact ChotoCheeta.com