Actually, I know of several -- they just haven't posted that it happened. I wouldn't of mentioned the CC site if it had been addressed right away.Originally Posted by Lee
One thing I WILL mention - is that there are a LOT of newer guys putting up paysites and NOT installing security software before opening the door. Some weren't aware they "needed it" and others say they can't afford it yet.
Whether it's password trading, Denial of Service attacks, someone wanting to setup phishng sites, or a 3rd world country trying to get attention ... you're asking for trouble if you don't install security software and/or if you don't keep your scripts upgraded. This applies regardless if it's a paysite or not.
We're seeing a lot of hacking happening on sites that use opensource or phpnuke type scripts. They make it easy to put up a dynamic site quickly, but are also at risk for hacking if you don't upgrade as needed.
It's also easy to "forget" to check back every now and then for any security updates. I know for myself I've "unchecked" the box to receive future information ... and after this weekend you can bet I wont make that mistake again.
I have a client that got hacked on 2 different sites within a matter of minutes. While I wasn't the one that originally built them, or had anything to do with the various old php scripts lying around on his server, Luke and I were the ones that had to go in and vaporize the mess and rebuild them.
If you're paying to have sites built for you, LEARN how to backup and download a copy of your sites! KNOW what scripts are being used and what version was used and keep track of your login information for the admin panels! Even if it's a simple index card system ... jot down that info, plus the url of what site the script came from. Make a habit of checking the site for security updates, and signup for their newsletter if they have one.
Another biggie a lot of people forget to do - is to DELETE the install files once they've added certain scripts. Be sure to read ALL of the instructions, and if they tell you to delete those files once you're sure it's installed, do it!
And if you didn't read Lukes hacker buggers thread - I'll also repeat that you should NOT use a folder on your website that is the SAME NAME as the script. Give the folder a different name. Change your config file to reflect the name change. This slows down the search using an SE to find sites with certain scripts in use. And by default, almost every script I've ever downloaded is inside a folder named after the script and they say to just send it on up. NOT a good idea!
Reply With Quote
Bookmarks