By beneficentnurse on
Jan. 11, 2017
Forums:
We're running a website with online shop and blog site. Unfortunately, during the after christmas sale, our blog site was hacked. Good thing the sales area of the website remained untouched. So now we're thinking of extra security measures to prevent this from happening again. We want to implement as well added security including our staff who can access the website. What other solutions could you add to reduce the risk and keep our site safe. Thanks.
Location:
United States
Re: Hackers!!!
I can absolutely relate.
Christmas season is big for one of our niche sublimation sites. Christmas 2015 was awful, not due to low sales, rather due to the fact we got hacked...hard. We had to suspend sales to protect customer data and our connected accounts.
I have a deep web dev background but I was truly humbled by the beating our servers took. After our webhost took us offline to protect their hardware we had to scan files AND source code of every page, script and image on our account. We discovered multiple hack tools which had been injected via an OLD, DORMANT, contact script in a TEST install of a defunct script.
These server tools gave remote access to create and delete directories. There were also HIDDEN directories that were not visible in the file list. That meant our data traffic and storage metrics were corrupt and $$$ liabilities. The hackers could create spoof users to send mail and who knows what else.
Scour your users for accounts created in obscure or dangerous countries. If you use wordpress, get a WP security system in place. WordFence, Sucuri, etc are good to start since they let you monitor live traffic.
What you're dealing with SUCKS. DM me for any other notions or sympathy. Good luck. Be diligent.
DELETE all unused files. UPDATE all scripts.
Re: Hackers!!!
Thank you for responding. I can feel how much headache you've got from last year. Believe me, we are going through the same situation right now. I can say that we are a bit fortunate because the sales were left untouched, but nevertheless, a damage is still a damage.
Our main concern though is for both hackers and insiders. It crossed our mind that this could be an insider job, I wont further into details as this is still under investigation. Anyway, we are looking into least privilege solutions. This could be an option for us but the cost of services for something this reliable and secured might be bigger than we thought.