PartyPlans.com.au
Join us on facebook

Resources...

What's new...

See what's happening in our online community

visit our community...

More topics...

Opportunities...

view our directory...

HACKING WARNING!!

Discussions : General discussion : HACKING WARNING!!

JustRachel wrote:

Hi Everyone,
I posted in shameless advertising this morning about our new website, and was hacked this arvo! Have lost half of it grrrr... at least most of it is backed up... i remember [ExMember148] i think saying she was hacked not long ago..and partyplans was not long hacked,. so i think there is a possibility someone is browsing the forum and hacking us!!!!! Just thought I'd let you know to be careful  about posting links incase that is it.
Rachel

partyplans replied:

...are you sure that is not a problem with your website host?

The error message said that the domain does not exist on their server.

JustRachel replied:

my hosting company wrote to me saying it was a hacking attempt and they've removed all unauthorised code and loaded my site with what was backed up. I host 3 domains on there, my main one cherished treasures is there but lost something naughty parties as its only been recently added.

partyplans replied:

....I understand your pain

JustRachel replied:

Thanks Mr.PP, i'm sure you do, you did a great job getting partyplans up and going again Lets hope the kettle doesnt break down tonight..I'm gonna need it

ExMember148 replied:

My web hosts also said they weren't to blame.  Blah Blah all the rest.  It still continues............

I am sick of it...........going to try something else now.............

JustRachel replied:

is your site still been hacked julie??? aww i really feel for you... once is enough!!!

HandsOn replied:

from a webdesigner/hosting providers point of view, i know how annoying this can be! we constantly had people doing it to one of our clients websites, and they would only go in and change passwords, how annoying! anyway, what we found is that forms are usually one of the biggest reasons a website gets hacked...

Hackers go to a website, find a contact us form, fill it in with their hacking code, and it gets in to the back end of the system and bang - your ruined. My suggestion is for those who have forms but don't reeeeeally need forms, just put your email address on there, OR invest in a proper form with security measures, which is what we do on all our clients websites now, as its not worth the pain of recovering everything time after time, let alone the loss of business it may result in.

hope this helps!

Jo x

partyplans replied:

Yes - Forms (and file uploads) are almost always the problem. They are generally the only external user interaction with your server. The PartyPlans forum was hacked through the form on the "lost password" page as it lacked the security measures of the rest of the forum!

It also depends on the popularity of the programs you install on your website (especially open source projects where nerds can actually view the source code and look for ways in). Popular programs are always attacked as vulnerabilities are always being developed and made public.

Most hosts give you a range of these open source programs free as part of your package (usually out-of-date versions) so you will be hacked, just a matter of time.

JustRachel replied:

Thanks for the security tips mr.pp and Jo , I'm still studying so ALOT more to learn!! Security is an issue  I have only very very lightly touched. Definately something I will be investigating and putting more time into and implementing in the future. (time permitting, never enough hours in the day!)