Website Hacked? This Might Explain It

by Administrator on December 30, 2009

Phishing is "To request confidential information over the Internet under false pretenses in order to fraudulently obtain credit card numbers, passwords, or other personal data.". And according to another blog post I read recently, some phishing emails have been sent out with the goal of getting website owners and webmasters to give up their cPanel login credentials. Boom. You are “owned”, as they say…

Let me break this down a bit:

  • You get an email requesting your confidential cPanel login details.
  • This email is sent under false pretenses (“we need you to verify your FTP details”).
  • You fall for it, click on the link, and enter your details.
  • Somebody else has total control over your website and proceeds to add their stuff to it.

Pretty simple, isn’t it?

I write this because some people I’ve encountered lately have been wondering how their websites have been hacked. If you fell for this phish, then you know what happened: The party responsible for hacking your website was able to log in and hack it because YOU gave them the userid and password. This isn’t the only reason for having a hacked website, but it is the easiest way to hack it.

Once again, let me spell out some basic security precautions you can follow to prevent this from happening to you:

  • Don’t click on links in emails that you were not expecting. Same thing goes for email attachments that you weren’t expecting; don’t open them, just delete them.
  • Speaking as a former sysad, if I want to access your stuff, I don’t need your password because I already have administrator / super user rights for the entire web server and can go anywhere I want on that server and do whatever I want to do. Your hosting company will never, EVER need to ask you for your login details.
  • If you need to give out your website login details to somebody (i.e. you outsourced a task to a contract web designer), change the password as soon as the work is done.
  • Change your website password frequently (every 3 months, at the least). Your password should have at least 10 characters, should not even remotely resemble a word in ANY known language, and should contain a mix of upper case letters, lower case letters, numbers, and special characters.
  • If you get an email or a phone call that’s allegedly from your web hosting company (or bank or whatever), asking for your login details, contact the hosting company (or bank or whatever) using contact information that you know to be good and ask them if the request came from them. The answer will always be “no” (and if it isn’t, close your account and take your business elsewhere).
  • Run a good anti-virus / anti-spyware program on your computer. There are lots of trojans “out there” that like to steal your login details (Zeus Bot comes to mind off the top of my head); good security software can help prevent it from being installed on your system and can help get rid of it if it’s already there. Just be sure to always use the latest version of the software, ensure that it’s properly configured to protect all files on your computer and to run daily “deep” scans, and keep the detection signatures updated. I use Sunbelt Software’s VIPRE Anti-Virus and Anti-Spyware software because it combines both anti-virus and anti-spyware into one program, runs on a modern detection engine, is well-supported by a good company, and has a reasonable licensing fee. There’s also a 30 day, fully functional free trial available so you can see if it meets your needs before you invest in a license. There’s no longer ANY excuse for not having powerful security software on your computer!

That’s enough to get you started.

Regarding passwords: Yes, it’s hard to remember a zillion passwords, and writing them down isn’t really a good solution (unless you keep them in your wallet and treat that piece of paper like it’s a gift card with about $1,000,000 on it). I personally use RoboForm to manage my passwords and protect me from identity theft. It will generate hard to guess passwords and store them for you on your computer. If you use more than one computer (like I do), upgrade to the mobile version that you can install on a thumb drive and move from computer to computer.

How will Roboform protect you? If you don’t have to remember passwords, you can let RoboForm generate hard-to-guess (and hard-to-crack) passwords. RoboForm securely stores them. And if you don’t have to remember them, you’ll also be more apt to change them frequently. Combine this with some common sense steps (as I outlined above) and you can easily reduce the risk that your website login credentials will end up in the hands of somebody who should not have them.

NOTE: This posts contains affiliate link(s). If you click on the link(s) and purchase something, I will receive a referral commission. It will not have any effect on the purchase price of the product. As a general rule, I do not accept free products for review and my decision to promote these products is based on my own satisfaction with the products after purchasing them and my desire to tell you about high quality products while generating revenue for my business. Any exceptions will be clearly noted. Also keep in mind that I am a college graduate, have considerable work, leadership, and management experience, and have been studying and practicing online marketing since 2004. These factors have a positive impact on my results that you will not be able to replicate. Thanks!

If you found this post to be helpful, you can say "thanks" and support this website by clicking here.

Comments on this entry are closed.

Previous post:

Next post: