Our website has been hacked - help please

By vistaway
Jun 23, 2008
  1. Hello

    We discovered last night that our website has been hacked by a turkish group. There had been some unusual activity with the forms on the website coming through to us incomplete and no record of where they had come from. My question is, is it worth us reinstating the website in it's current format, or would it now be a very simple process for the same person/people to hack it again?

    Also, could it be anything to do with the shared server or likely to be the way the code has been written for the website?

    Thank you in advance for any helpful advice.
  2. jobeard

    jobeard TS Ambassador Posts: 9,150   +597

    Website Security

    First line of defense is to Lock Down the security of the webserver machine.
    Lock Down Linux
    Lock Down Windows

    Second is to secure the webserver itself.
    Lock Down Apache
    Lock Down IIS
    Locking IIS and SqlServer

    Thrid is to 'taint all inputs' for your CGI programs.
    While taint is a Perl implementation, the concept is extensible to all CGI languages.
    see also:,289483,sid14_gci892449,00.html

    Lastly, be very careful on how you update the website.
    Logging on with FTP is a non-no, as the passwords are not encrypted!
    Be sure to use SSH or HTTPS method PUT to upload files.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...