Wednesday, April 04, 2007

Restoration of service in progress.

Have you ever gone to a site and seen the message:

"There's been ..issues. Restoration of service in progress."

OR


"Account suspended ..."?


If you went to 1 of my sites a few days ago you did and here's
what happened.


My hosting provider discovered I had some software on my susancarrollhome site and immediately closed it down and sent me an email. As soon as I saw the email I replied to their request to help them determine if I had placed the illegal software on my site.


Since I hadn't placed the software there, my provider and I both worked quickly to get it off and to get my site back up again.


Finding the "bad" code wasn't easy since the hackers had not placed it on any of my html pages. They had placed it in several java and php files. However, with both of us working the problem, we managed to get through all my files to get them cleaned up and working properly again.


How did the get their software on my site?


They logged in to my ftp port and edited some of my files to place their code.


Was my ftp port password protected?


Yes, and I don't share my private login information for my hosted accounts with anyone. Nor do I keep them written down where anyone can find it. I also do not use easy-to-guess passwords.


Who hacked my account and how did they find my password?


While I don't know the name of the person who performed this illegal action, both I and my hosting provider know their IP address and the country where it is located. (My host may know more however they did not share that information with me.) As to how they discovered my password, who knows?


What can you and I do to protect our sites?


For 1 thing, we must start changing our passwords regularly. This is something no one, not even me, likes to do. We get used to a password and it's easy for us to remember so we tend to be lazy and keep it around. Unfortunately, the longer you use the same , the more vulnerable it is.


How often do we need to change our passwords?


Good question and I really don't know the correct answer. As for me, I intend to start changing my passwords at least once a month.


Will changing our passwords more often keep our sites totally protected from hackers?


No, but it's a start.


How about getting a "" certificate?


After reading this article and this forum, it's not something I recommend right now.


What other measures can we take?


The 2 things I discovered about the who invaded my site was that they were lazy and smart. They only infected files that were in my main directory, my image directory and my recommends directory. All of these directories get the most traffic and it's easy to identify what's in them. Possibly giving directories names that don't imply what's in them and moving most of your pages and scripts to subdirectories may help keep them safe.


Currently all my sites have new passwords and are safe and I am working to keep them that way because I don't want you to see:

"Account suspended ..." again.


To Your Success,
Susan Carroll