Quote:
Originally Posted by beneficentnurse
during the after christmas sale, our blog site was hacked.
|
I can absolutely relate.
Christmas season is big for one of our niche sublimation sites. Christmas 2015 was awful, not due to low sales, rather due to the fact we got hacked...hard. We had to suspend sales to protect customer data and our connected accounts.
I have a deep web dev background but I was truly humbled by the beating our servers took. After our webhost took us offline to protect their hardware we had to scan files AND source code of every page, script and image on our account. We discovered multiple hack tools which had been injected via an OLD, DORMANT, contact script in a TEST install of a defunct script.
These server tools gave remote access to create and delete directories. There were also HIDDEN directories that were not visible in the file list. That meant our data traffic and storage metrics were corrupt and $$$ liabilities. The hackers could create spoof users to send mail and who knows what else.
Scour your users for accounts created in obscure or dangerous countries. If you use wordpress, get a WP security system in place. WordFence, Sucuri, etc are good to start since they let you monitor live traffic.
What you're dealing with SUCKS. DM me for any other notions or sympathy. Good luck. Be diligent.
DELETE all unused files. UPDATE all scripts.