DigitSmith

Hackers!!!

Reply
 
Thread Tools Search this Thread
Old January 11th, 2017, 08:39 PM   #1 (permalink)
beneficentnurse beneficentnurse is offline
Junior Member
Join Date:
Mar 2015
Posts:
15
Liked:
0 times
Default Hackers!!!

We're running a website with online shop and blog site. Unfortunately, during the after christmas sale, our blog site was hacked. Good thing the sales area of the website remained untouched. So now we're thinking of extra security measures to prevent this from happening again. We want to implement as well added security including our staff who can access the website. What other solutions could you add to reduce the risk and keep our site safe. Thanks.
Send a private message to beneficentnurse ContactReply & Quote
Old January 12th, 2017, 01:06 AM   #2 (permalink)
dyesublimation dyesublimation is offline
Junior Member
Join Date:
Dec 2016
Posts:
2
Liked:
0 times
Default Re: Hackers!!!

Quote:
Originally Posted by beneficentnurse View Post
during the after christmas sale, our blog site was hacked.
I can absolutely relate.

Christmas season is big for one of our niche sublimation sites. Christmas 2015 was awful, not due to low sales, rather due to the fact we got hacked...hard. We had to suspend sales to protect customer data and our connected accounts.

I have a deep web dev background but I was truly humbled by the beating our servers took. After our webhost took us offline to protect their hardware we had to scan files AND source code of every page, script and image on our account. We discovered multiple hack tools which had been injected via an OLD, DORMANT, contact script in a TEST install of a defunct script.

These server tools gave remote access to create and delete directories. There were also HIDDEN directories that were not visible in the file list. That meant our data traffic and storage metrics were corrupt and $$$ liabilities. The hackers could create spoof users to send mail and who knows what else.

Scour your users for accounts created in obscure or dangerous countries. If you use wordpress, get a WP security system in place. WordFence, Sucuri, etc are good to start since they let you monitor live traffic.

What you're dealing with SUCKS. DM me for any other notions or sympathy. Good luck. Be diligent.

DELETE all unused files. UPDATE all scripts.
Send a private message to dyesublimation ContactReply & Quote
Old January 13th, 2017, 06:37 AM   #3 (permalink)
beneficentnurse beneficentnurse is offline
Junior Member
Join Date:
Mar 2015
Posts:
15
Liked:
0 times
Default Re: Hackers!!!

Thank you for responding. I can feel how much headache you've got from last year. Believe me, we are going through the same situation right now. I can say that we are a bit fortunate because the sales were left untouched, but nevertheless, a damage is still a damage.

Our main concern though is for both hackers and insiders. It crossed our mind that this could be an insider job, I wont further into details as this is still under investigation. Anyway, we are looking into least privilege solutions. This could be an option for us but the cost of services for something this reliable and secured might be bigger than we thought.
Send a private message to beneficentnurse ContactReply & Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search


All times are GMT -4. The time now is 11:13 AM.
Copyright © 2011 DigitSmith. All rights reserved.
Forums software by VBulletin, Copyright © 2000-2019, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2011, Crawlability, Inc.