[ubuntu-uk] Website Hacked.....
LeeGroups
mailgroups at varga.co.uk
Sun Jun 28 00:25:03 BST 2009
> I would guess that possibly, as your site is on a shared server, that
> the server was hacked into and by gaining root access, they had access
> to all sites on that server, including yours. Then they probably
> removed your site and all the others to replace them with their evil.
>
> I doubt if the host will tell you if other sites were compromised,
> because they want to protect client confidentiality, and they do not
> want to admit to being liable in allowing their server to be hacked.
>
> I would suggest you maybe look for a new host. I use 1&1 Internet
> Ltd.
> <http://www.1and1.co.uk/?k_id=3899401>http://www.1and1.co.uk/?k_id=3899401
>
>
> I have never, afaik, had my sites on there hacked into or messed with.
>
> Or get some recommendations for other hosts that are within your price
> range and totally secure.
>
> David King
David,
Let's be realistic here, just because you're with 1&1 and you've "never
been hacked", doesn't make 1&1 bombproof.
The whole nature of web servers and the software then run makes them a
constantly moving target.
The more software you/they run, the more 'attack surface' there is for
the bad guys to aim at.
The mind boggles at the amount of code a modern web server can run -
Apache, its modules, Perl, PHP, MySQL, CMS's, Forums, Control Panels,
Hypervisior front ends, etc and that's without getting into the can of
worms that's IIS/FP/ASP/etc.
Running old software has issues because attack vectors appear over time,
so you must constantly upgrade to new versions of all that software.
However, newer versions of the software may have more attack vectors, by
virtue of the fact they're new and haven't been tested as much...
It's a no win situation, either you pay a lot of money and have the site
professionally hosted or even managed.
Or you learn a lot and do it yourself, and keep up with the security
advisories.
Or you do neither and run the risk of all out chaos...
The only think that you can do, in any situation, is to take backups
frequently. And I mean daily if you site changes daily.
And keep copies going back, days, weeks, months just in case.
Lee
More information about the ubuntu-uk
mailing list