Site got hacked


#1

Hi there,
Just sharing my experience with DH for when the site got hacked.

Our company’s website got hacked and opened a back door on 3/4/2013.
DH put our site to inactive on 3/5/13.
DH told me there were some old version of the joomla, wordpress, etc installed which we already don’t have FTP access anymore. (domin moved)
So I used the update (delete) function under “1 click installation”.
it took two days for DH to tell me the joomla still old and the back doors are still there. Then I spent another day to tell them that we can’t use FTP to delete the files, another 24 hrs for DH to delete the file, and email me saying, hey, if you need to re-scan your account, please email us!
Come on, of course I want to re-scan and get our site back to active!
Right now it’s already 7 days, and our site still down.

I don’t know what to say~~~


#2

Why don’t you have FTP access anymore? Just moving your domain doesn’t delete the access. If you can get into panel, you can reset the FTP account’s password, log in, and delete everything.


#3

Just want to point out for those unaware, setting up a website and running it are two different things.

None of this is Dreamhost’s fault. If you install a version of software and don’t take the time to update it, that’s your fault. Further, while I know this is impractical for many reasons, a lot of problems would be solved if people stopped using these software(s) and coded their own. I trust my own coding more (maybe I shouldn’t?) because I understand the different vulnerabilities, and the ways to prevent them. [[though this method is faulty as I will only ever think of the same ways to break my code, and someone else might think of something more clever]]

A back door should be relatively easy to spot at any rate. Though mildly time consuming to manually search each and every file, going line by line looking for it.


#4

If you site gets hacked, the best thing to do is to erase everything and restore from backups, it should take a few hours, the only fault that Dreamhost seems to have made is not to tell you how to get your FTP account back, it should be you restoring the site and not them.

Most hosts I know of don’t solve customers hacked sites, it is odd that they agreed to do that, sorry but that is not their job, if your site got hacked because you didn’t update the software a host can’t clean it up for you or the next thing you know is that people will be asking support to design a banner for their site.

If you want your site back in hours simply restore from backups.