hacked hosting account

[jennifer]

My hosting account with godaddy.com was hacked on Sunday. On Tuesday I received a phone call which I missed and an e-mail from the abuse department at godaddy.com The hackers had deleted my index.php page and had added a phishing page to collect credit card numbers from a bank in England that I being from Oklahoma have never heard from. I was told to remove the offending pages withing 24 hours or lose my hosting account.

I of course removed the pages, and later the entire site since I wasn't certain that I had gotten everything. I am going to be setting everything back up in the next day or two (I made a backup before deleting).

Here is my point though: change your hosting password often !

The first person I spoke with in the abuse department acted as though it was my fault even though I didn't put up the content. He said something to the effect that my hosting account was given to me in a secure manner and that it was my responsibility to keep it that way. Frequent and complicated password changes are the only way I know to do this so I as a suggestion to others--do the same.

[islandgirl]

Sorry to hear this happened to you.. Thank God you backed up..

Good suggestion about the PW..

I sometimes get lazy and don't change PW's often enough..

I am not with GoDaddy, but think I will change mine anyway!!

[southern.scents]

Nothing can completely replace changing your password often but there are things that can be done on the Web Host's end to help prevent accounts being compromised.

Chances are, your hosting account was hacked by someone who managed to get your password from someone/somewhere OR the hacker used a brute force attack ( http://en.wikipedia.org/wiki/Brute_force_attack .) Brute force attacks typically take a while to work. The attacker is literally trying hundreds & thousands of passwords. Our server uses a firewall that quickly detects and blocks these type of attacks as well as several others attacks that are used by hackers. All web hosts should utilize some sort of software that secures data on their server.

A web host also has to make sure that their passwords are secure. So many times security issues are blamed on other people when in all actuality it was the hosting company'sfault (not saying that this was the case with GoDaddy but issues have come up recently where a security breach was blamed on a software developer when poor password management was the true issue.)

Another suggestion, make sure you keep whatever software you use up to date... (eg. ZenCart, osCommerce, Magento, CubeCart, X-Cart) These people release updates often to help take care of security holes that are found. So many times things go bad simply because someone wasn't keeping up with updates (and this includes your Anti-Virus software.... these updates contain information regarding new viruses that the anti-virus software needs to help keep you protected.) Don't assume that since your software is secure just because you don't see any ways for people to access anything they shouldn't be. These people sit around for hours and days at a time analyzing code and environment variables to find these flaws. Also, an SSL certificate does NOT mean everything is secure. It simply means that things sent from your browser to the website's server are secure. It doesn't mean that the software itself has no flaws or exploits that can be used to access things you'd normally want kept private.

Anyhow, to add to your statement about changing your password for your hosting account often.. You should change ALL passwords often. Also, do not use the same password for everything. If someone gets your password for XXXXX then they are going to try and use it a YYYYY. Never write down your passwords. All it takes is someone locating this common source of passwords and you are in for one crazy ride. Last but not least, get rid of information that tells exactly what websites you use, especially the ones that give your username and/or password. If someone managed to get access to your email then they are probably going to read it. Don't leave behind a little trail of all the sites you use. Yeah, they may know you use TTTTTT email provider but that doesn't mean you have to let them know that you use eBay, PayPal, Facebook, MySpace, Craftserver, etc.

[wwjacks]

That is scary. Back ups are a good thing to do, along w/changing the password often.

[jennifer]

I was thankful that it was my hosting account and not my admin area or my sql accounts. I kept telling the people over and over that I didn't understand why someone would choose my site cause I have very few customers online and none of purchased from the site. Maybe that is exactly why though because with little to no traffic no one would notice I guess. Oh well, my weekend will be full fixing it all back up.