How to prevent your site got hack?

[metta]

Our site got hacked during the weekend and I spent over 4 days to clean up the mess. The hacker inserted links to our site. So every time the customers click on our url will bring them to another sites. And the links are different for every click. I really don't know how the hacker did it. The admin password is only known by my boss and me. What have I done wrong? How can I prevent it? I ended up re-installed the prestashop and the DB. Is this the right way to do it? Any advice please. :-S

[mlalley]

Sorry to say this there is no real way to stop a hacker, there is no magic code or software to stop them but I have a few different ways to help if this happens again.

- NEVER GIVE YOUR PASSWORD OUT TO ANYONE
* if you need to give your password out to someone for them to work on your store create a temporary employee with a temp email and password and once that person is done DELETE the temp employee. Never give out the original store log in even if you change the password for them. Now if you have to give the site login info (The user name and pass for your hosting to connect a ftp to your site) do the same create a new user and delete it after ward if you can’t create a new user you hosting company won’t allow it then create a temporary password.

- ALWAYS BACK UP YOUR FULL SITE.
Back up in FTP
Back up the MySql database
And back up the DB backup in the prestashop admin panel.

*NEVER use an online back up company they are not safe*

- CHANGE YOUR PASSWORDS OFTEN
* make sure not to save passwords on your computers hard drive such as creating a word document and saving them in the computer that is a dumb idea, go back in time and use a pen and paper and keep it safe or on a EXTERNAL flash or hard drive still I recommended a pen and paper I’ve done that for 15 years now and it has never once failed me. Just make sure to change your passwords often a good rule of thumb is once you start to memorize the password and see it in your sleep about four weeks or so that happens to me it is time to change it. Keep in mind you are dealing with customers imagine if they ever found out a site they have personal info on has been hacked.

*NEVER use those password software programs no matter how impressive they look.*

-REMEMBER
When backing up ANYTHING always, always, always, did I say ALWAYS us an external drive such as a Flash Drive, or external hard drive I personally us a 4GB Flash drive for all my site backups and it works great (Never use a disc they tend to get worn out and damaged very easily) o’Ya did I mention ALWAYS use an external drive to save on.


Sorry if you were expecting something more, but I have not found the magic number to stop a hacker I have never had this problem myself (knock on wood) but that is due to the simple fact I am very aware of hackers and know them well. If you need some help backing up your site I will be happy to show you how to do it. Just email me at [email protected] and I will get back with you ASAP. I hope this helps, hate for all the reading you had to do, but it is important to know it.

remember i am always here to help: [email protected]
NOTE - I live in Birmingham, ALabama USA my time zone is Central Standard Time the timenow is 12:06A.M so if you need to contact me keep in mind the time difference.

[tomerg3]

From what I've seen lately, attacks usually happen when you local computer gets hacked (which can happen more easily than a linux server).

You should make sure your computer is also secure.

[mlalley]

That’s true Tomerg3 unless you have your site info stored on your computer such as passwords or backups of the site that can happen i have seen once before where a buddy of mine used FileZilla (Which is what i use and it is 100% SAFE and secure) he saved his site login info in the software so all he had to do was click connect and not have to put in all the ftp info, and a hacker took full advantage of that but having good computer safety is key as well thanks for reminding me and everyone else of that it totally slipped my mind.

[Patric]

Topic moved. Please post in the good sections. Next time it may be deleted.