Help! My Site Has Been Hacked.

Steve Silberberg of Fitpacking: My site has been hacked twice. The first time several months ago, the attacker somehow added an advertisement to one of my deeply buried pages by adding a column to an existing table. This time, the attacker added a single line of code to my index page that called an ASP User Control that
didn’t exist. It caused the site to go down in error because the attacker did not successfully add their User Control onto the page.How is this possible and how do I prevent it? Why could the attacker add
one line, but not the rest of their control? Why don’t they repeatedly
attack? Would changing the FTP password do it or is there something else?
Clyde A. Lettsome, PhD, PE, MEM Answer: Steve, there are a number of ways that a website can be hacked. The most common ways your website can be hacked are as follows:

  • The hacker possibly figured out your ftp or your website portal account password as you indicated. Changing your password regularly can help.
  • If you have a form on your website and the form is used to generate code for a page on a site then the site can be hacked this way. Make the page password protected and add human/image verification code to the form.
  • If you are using a content management system (example WordPress) and recently added a plugin, the hacker may have entered your site via the plugin. A poorly written plugin can allow a hacker to easily change code on your page. Research your plugins and remove the problem plugins. A site I designed was hacked this way a few years ago.
    As for adding controls this is too difficult for me to determine without know the full details. They are most likely not attacking repeatedly because they are trying to be as inconspicuous as possible.

I hope this helps.

Good Luck!

Are you a struggling with a technical question? Would the answer to the question improve your life or business? Submit your technical questions.

View Archives >>