Likes: 0
Needs Pictures: 0
Picture(s) thanks: 0
Results 1 to 3 of 3
Thread: Protecting a website
-
6th December 2014, 03:50 PM #1
Protecting a website
I am looking for advice on protecting my website, inthewoodshop.com
The server I use is Readyhosting in the USA. They were chosen early on (about 10 years ago now) as they were (a) cheap, (b) easy to set up, and (c) I did not have a clue at the time. Over time there have been a few ups-and-downs but overall they have remained cheap and reliable. They offer good support, which is important.
Some months ago, reading reports on the Internet, I began to be concerned about the possibility of the website being "attached" and contaminated by malware. I contacted a company - SiteLock - that offered a service scanning for malware, and took out a contract for a year. Very shortly after this Google contacted me to say that there was malware on the site. This was not picked up by SiteLock. ReadyHosting confirmed its presence, and I dealt with it by deleting the offending files and restoring fresh from my MacBook Pro. All my files are now checked on my computer by ClamXav. I used to also run Windows via Parallels, and it is possible that some malware could have got in that way on some files a few years ago. I do not use Windows anymore.
About 10 days ago I had two separate alerts from cyber friends on a woodworking forum that their antivirus program warned of malware on one particular index on my site. SiteLock did not pick this up. I deleted the files, and restored fresh files. My friends confirmed that there were no warnings any longer. A few days after this Sitelock sent me a notice that my site had malware. My friends disagreed, as did ReadyHosting when I alerted them to this. I checked via Securi Sitecheck, who also passed the site as clean.
SiteLock suggested that I contact them:
We have detected a critical malware vulnerability at your site inthewoodshop.com. This must be corrected within 72 hours in order to maintain your certification and continue to display the SiteLock security badge. Please access your SiteLock dashboard for more details.
From your dashboard, you can also take advantage of our Expert Services team to help you correct this issue.
Should you have any questions, please give us a call anytime at 415-390-2500. Our website security experts are here 24/7.
Thank you,
The SiteLock Team
This was their follow up email ...
Dear SiteLock customer, Your site needs a manual clean. We can clean this for you, at a one time investment of 300 USD. Or you can , upgrade your service, to our Enterprise plus plan, which would include unlimited cleans, for 74.99 per month, and we can clean this for you. Keep in mind, if you upgrade, you will need to keep that solution, if you cancel, you cancel all service. Please advise of how you wish to proceed. Thank you
Sincerely,
Sitelock Support
This is now sounding like a scam. Googling for reviews brings out similar complaints from others.
I would like to add a firewall to my website, but do not know (a) whether it is necessary, or (b) who to have do this (certainly will not be SiteLock). Possibly Securi ...? One of their claims is that they look after WordPress. Cost is $99 p.a. for malware checks and cleanup when needed, and another $99 p.m. for a firewall.
I have since changed my password again to the website. Information is uploaded via FileZilla on my computer. In my understanding, the only way malware can get onto the website is if I upload it there since no interactions take place on the site, per se. I have to control this from my computer. If so, does one actually need a firewall? Or are there hackers who deliberately can and will still find a way in to plant the malicious files?
Note that I do not have adverts on my website. I pay all expenses in running it. It is not intended as a financial venture. It is a gift I give to my woodworking friends.
Advice please.
Regards from Perth
DerekVisit www.inthewoodshop.com for tutorials on constructing handtools, handtool reviews, and my trials and tribulations with furniture builds.
-
6th December 2014 03:50 PM # ADSGoogle Adsense Advertisement
- Join Date
- Always
- Location
- Advertising world
- Posts
- Many
-
6th December 2014, 04:07 PM #2
Your hosting site "should" be stopping people coming in around the back.
But after 20 years on several websites keeping up with stopping the hacks is a dedicated job.
When it comes to sitelock, They are adding the new ones and now trying to get more from you.
Start with this one and then search "sitelock scam" in google and watch them come thick and fast.
http://www.ripoffreport.com/r/Sitelo...-work-I-842001.
All of your pages (quick look) seem to be plain html pages, no ads, no apps to download.
That shouldn't give you much trouble.
Get rid of sitelock, remove all their access and change all passwords. Make sure they have not created other new accounts on the site hoster to your site when they had access or they will more than likely log in and play around again.
Ask the host mob to check the IP's of who is logging in.
If it gets sick again log in with your ftp, check the date and time a html page is changed and then check who logged in just before that.
-
6th December 2014, 07:09 PM #3
Also change any passwords to good, high strength passwords (JH@J#hBg90w7c&ET]>6M5Q$_c43Oz), and check to see if the site allows/does updates via https rather than plain http.
Similar Threads
-
Protecting Jarrah
By Helen T in forum FINISHINGReplies: 7Last Post: 15th October 2014, 01:17 PM -
Protecting the bikes
By heffa in forum THE SHEDReplies: 3Last Post: 27th January 2013, 09:55 PM -
Protecting work
By norm671 in forum METALWORK FORUMReplies: 8Last Post: 15th June 2006, 02:33 PM