Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Website Security Help


  • Please log in to reply
2 replies to this topic

#1 greatchap

greatchap

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 21 December 2017 - 12:32 PM

Hello Everyone,

 

My website got hacked two days ago and I see strange scripts appearing, htaccess file either being renamed or being deleted, js files getting junk data and so on.

 

In order to protect my site I think I will -

 

1) Install SSL
2) Install Firewall

3) Install a scanner

 

My site runs on Linux server (Centos). I was told to install ClamAV anti virus along with Sitelock & Comodo. However some else suggested install Wordfence.

 

What should I do? Tell me something that cost effective.

 

Thanks,

 

Regards,

GR


Edited by hamluis, 22 December 2017 - 06:07 AM.
Moved from AII to Gen Sec - Hamluis.


BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 23 December 2017 - 03:26 AM

To properly protect your website, it is important to know what software it is running.

And it can help a lot if you know how your website was compromised.

 

So please provide the necessary information.

 

For example, if you use Wordpress & plugins, it is very important to keep this software up-to-date.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 Vectron

Vectron

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:04 PM

Posted 23 December 2017 - 11:46 AM

I would completely format the entire server and reinstall whatever OS you're running because you can't know what has been modified by the hackers. You should definitely start with building a threat model and then apply the necessary precautions. Firewall is a must and make sure you only open up the ports you actually need for the server to work. Keeping software up-to-date is extremely important so make sure you regularly update your system as well as any web applications you may be running. Remember the first rule of computer security: Security is a process.

 

If you're using SSH remote administration consider switching to certificate authentication. Using SSL/TLS is highly recommended, as it will protect your customers from eavesdropping. I hear Mozilla has some free certificates with their "Let's Encrypt" program. ClamAV I'm not so sure about, but if you're feeling more brave then you could also try to setup an IDS/IPS system like Snort or Suricata, but that's rather an advanced topic that requires a lot of time to setup properly and maintain. Personally I would put the firewall/IPS on a separate device and put the server machine behind it.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users