Website protection

Started by rajeshmehra615, Jul 18, 2022, 12:56 PM

Previous topic - Next topic

rajeshmehra615Topic starter

There is such problem - hаckers are breaking into the site.
They write their script instead of mine, those place direct links to the file, edit  and save. I can't figure out how to fix this problem.


You need to look for a backdoor script most likely. Look at the server access logs.

For example, they edited their script to its original state. Then we wait for it to be replaced by someone else again. We look at the time of editing the file. And by this time in the logs we are looking for - where the access to the file came from and what was recorded before.

Finding a backdoor is not enough - you also need to understand how it placed on the site - that is, find a vulnerability.

What is the engine version?

And give an example of code that is being implemented.


Unfortunately, even very well-known web sites (TW, Facebook, etc.) are often subjected to such attacks and it is quite difficult to resist them. Our advice is to use a good CMS or hire an experienced programmer. If there is no money for a programmer, then try to remove from your site the opportunity to register and have your own account for any users.

Viruses on your computer.
It is absolutely not for nothing that everywhere and everywhere they say "You need to check your computer for viruses", "Update your antivirus", etc.
Yes, indeed, if there are viruses on your computer, then with a very high probability the same malicious code has already "stolen" all your usernames and passwords from everything: mail, Internet-banking, the administrative panel of web site, databases, access to all your personal accounts.

What to do?
Try not to store passwords on your computer, and even more so in the browser. Check your computer regularly for viruses and, if necessary, "clean up" from them. Antivirus also needs to be constantly updated.
Use only proven and reliable antivirus software or switch to UNIX-like systems altogether.

Do not download or install suspicious software, do not download images from emails from an unknown sender, and, moreover, do not follow the link in the body of such emails.

Site Security Tips.
Check web site for viruses.
Make a backup of web site as often as possible (for most sites - once a day).
Log files contain all requests sent to the server and, as a rule, can help identify the loophole through which the site was hаcked. If you understand them, of course... But even if you don't understand, then save them as often as possible, because web hosting provider stores logs for a certain time (about 2 weeks). If your site was infected at an earlier date, then it will no longer be possible to use log files to detect the "hole".

If your web site has payment functions (you need to enter bank card numbers, etc.), then either use the secure https protocol, or use external payment services.
Study the functionality of web hosting provider. Large hosting companies, as a rule, take care of the security of their clients' services and websites, and therefore you can find many popular ways to protect your web  site directly in the hosting provider's control panel.
Set your site developer the task of protecting the site from hаcking and carefully study the report of the work performed.
Consult with another developer and ask them to check whether all the "holes" of your site are closed for sure. If at first glance these events seem expensive and meaningless to you - imagine how expensive it will cost you to hаck your web site and make the right decision for yourself.