A website I'm messing around with was hacked yesterday, about 10mins after purchasing the domain name from GoDaddy (fast by any standards, I would have thought it would take 24hrs for the nameservers to kick in). The website has existed for 4 years and the domain name was new.
When I say 'hacked', it was to the extent of the home page displaying a political message and unpleasant language.
Googling the text, it came up with around 12 other sites, all with domains registered with GoDaddy and hosted by F5, a minor hosting outfit we use.
GoDaddy's attitude was 'nothing to do with us mate'.
Although F5 fixed the problem quickly, I am concerned about long-term security issues. Their tech guys don't do dialogue.
Has anyone had a similar problem, and how would you protect against it happening again?
Thanks.
MG
Hacked website problem - any guru on duty?
-
Mountain Goat
- Posts: 6070
- Joined: Wed Apr 19, 2006 1:31 pm
- Location: Leysin, Alpes Vaudoises, Switzerland
- Contact:
Hacked website problem - any guru on duty?
Last edited by Mountain Goat on Wed Nov 14, 2007 9:25 am, edited 2 times in total.
Hacked Site.
Was your domain forwarded to another website? Or was the offending content actually created on your webserver? Either way I think the answer might be to create strong passwords and change them frequently.
1) If your domain was forwarded to another website: I would suggest changing the password you use for godaddy. If someone hacks your godaddy account they can easily change DNS info to point to whatever webserver they want (bad).
2) If your actual webserver at F5 was hacked, then you need to change the password you use to administer your domians at F5. If you administer your own websites at F5 then be careful about what program you use to upload/download your edits. Make sure that your connection method is secure (example: use ftps instead of ftp). Otherwise when you login to F5, your password is being sent in clear text and can be intercepted by others.
Fine print: i'm not an expert on this so you may want opinions form others as well.
1) If your domain was forwarded to another website: I would suggest changing the password you use for godaddy. If someone hacks your godaddy account they can easily change DNS info to point to whatever webserver they want (bad).
2) If your actual webserver at F5 was hacked, then you need to change the password you use to administer your domians at F5. If you administer your own websites at F5 then be careful about what program you use to upload/download your edits. Make sure that your connection method is secure (example: use ftps instead of ftp). Otherwise when you login to F5, your password is being sent in clear text and can be intercepted by others.
Fine print: i'm not an expert on this so you may want opinions form others as well.
-
Mountain Goat
- Posts: 6070
- Joined: Wed Apr 19, 2006 1:31 pm
- Location: Leysin, Alpes Vaudoises, Switzerland
- Contact:
Thanks for your advice, Riovino
It wasn't at the GoDaddy end, but the F5 end, and it was hacked through them and not via our FTP connection. However, I seriously take your point about the FTP security, which we will tighten up on.
This hacker didn't just hit F5 - several other hosts got worked over as well.
MG
It wasn't at the GoDaddy end, but the F5 end, and it was hacked through them and not via our FTP connection. However, I seriously take your point about the FTP security, which we will tighten up on.
This hacker didn't just hit F5 - several other hosts got worked over as well.
MG
