Likes Likes:  0
Needs Pictures Needs Pictures:  0
Picture(s) thanks Picture(s) thanks:  0
Results 1 to 3 of 3
  1. #1
    Join Date
    Apr 2001
    Location
    Perth
    Posts
    10,803

    Default Protecting a website

    I am looking for advice on protecting my website, inthewoodshop.com

    The server I use is Readyhosting in the USA. They were chosen early on (about 10 years ago now) as they were (a) cheap, (b) easy to set up, and (c) I did not have a clue at the time. Over time there have been a few ups-and-downs but overall they have remained cheap and reliable. They offer good support, which is important.

    Some months ago, reading reports on the Internet, I began to be concerned about the possibility of the website being "attached" and contaminated by malware. I contacted a company - SiteLock - that offered a service scanning for malware, and took out a contract for a year. Very shortly after this Google contacted me to say that there was malware on the site. This was not picked up by SiteLock. ReadyHosting confirmed its presence, and I dealt with it by deleting the offending files and restoring fresh from my MacBook Pro. All my files are now checked on my computer by ClamXav. I used to also run Windows via Parallels, and it is possible that some malware could have got in that way on some files a few years ago. I do not use Windows anymore.

    About 10 days ago I had two separate alerts from cyber friends on a woodworking forum that their antivirus program warned of malware on one particular index on my site. SiteLock did not pick this up. I deleted the files, and restored fresh files. My friends confirmed that there were no warnings any longer. A few days after this Sitelock sent me a notice that my site had malware. My friends disagreed, as did ReadyHosting when I alerted them to this. I checked via Securi Sitecheck, who also passed the site as clean.

    SiteLock suggested that I contact them:

    We have detected a critical malware vulnerability at your site inthewoodshop.com. This must be corrected within 72 hours in order to maintain your certification and continue to display the SiteLock security badge. Please access your SiteLock dashboard for more details.

    From your dashboard, you can also take advantage of our Expert Services team to help you correct this issue.

    Should you have any questions, please give us a call anytime at 415-390-2500. Our website security experts are here 24/7.

    Thank you,
    The SiteLock Team


    This was their follow up email ...


    Dear SiteLock customer,
    Your site needs a manual clean. We can clean this for you, at a one time investment of 300 USD. Or you can , upgrade your service, to our Enterprise plus plan, which would include unlimited cleans, for 74.99 per month, and we can clean this for you. Keep in mind, if you upgrade, you will need to keep that solution, if you cancel, you cancel all service. Please advise of how you wish to proceed. Thank you
    Sincerely,
    Sitelock Support

    This is now sounding like a scam. Googling for reviews brings out similar complaints from others.

    I would like to add a firewall to my website, but do not know (a) whether it is necessary, or (b) who to have do this (certainly will not be SiteLock). Possibly Securi ...? One of their claims is that they look after WordPress. Cost is $99 p.a. for malware checks and cleanup when needed, and another $99 p.m. for a firewall.

    I have since changed my password again to the website. Information is uploaded via FileZilla on my computer. In my understanding, the only way malware can get onto the website is if I upload it there since no interactions take place on the site, per se. I have to control this from my computer. If so, does one actually need a firewall? Or are there hackers who deliberately can and will still find a way in to plant the malicious files?

    Note that I do not have adverts on my website. I pay all expenses in running it. It is not intended as a financial venture. It is a gift I give to my woodworking friends.

    Advice please.

    Regards from Perth

    Derek
    Visit www.inthewoodshop.com for tutorials on constructing handtools, handtool reviews, and my trials and tribulations with furniture builds.

  2. # ADS
    Google Adsense Advertisement
    Join Date
    Always
    Location
    Advertising world
    Posts
    Many





     
  3. #2
    Join Date
    Apr 2011
    Location
    Dandenong, Vic
    Posts
    2,029

    Default

    Your hosting site "should" be stopping people coming in around the back.
    But after 20 years on several websites keeping up with stopping the hacks is a dedicated job.

    When it comes to sitelock, They are adding the new ones and now trying to get more from you.
    Start with this one and then search "sitelock scam" in google and watch them come thick and fast.
    http://www.ripoffreport.com/r/Sitelo...-work-I-842001.

    All of your pages (quick look) seem to be plain html pages, no ads, no apps to download.

    That shouldn't give you much trouble.

    Get rid of sitelock, remove all their access and change all passwords. Make sure they have not created other new accounts on the site hoster to your site when they had access or they will more than likely log in and play around again.

    Ask the host mob to check the IP's of who is logging in.
    If it gets sick again log in with your ftp, check the date and time a html page is changed and then check who logged in just before that.

  4. #3
    Join Date
    Dec 2005
    Location
    Canberra
    Posts
    3,260

    Default

    Also change any passwords to good, high strength passwords (JH@J#hBg90w7c&ET]>6M5Q$_c43Oz), and check to see if the site allows/does updates via https rather than plain http.

Similar Threads

  1. Protecting Jarrah
    By Helen T in forum FINISHING
    Replies: 7
    Last Post: 15th October 2014, 01:17 PM
  2. Protecting the bikes
    By heffa in forum THE SHED
    Replies: 3
    Last Post: 27th January 2013, 09:55 PM
  3. Protecting stumps
    By LotteBum in forum FLOORING, DECKING, STUMPS, etc.
    Replies: 2
    Last Post: 20th September 2007, 09:21 AM
  4. Protecting Deck
    By digg in forum DECKING
    Replies: 0
    Last Post: 27th August 2007, 02:42 PM
  5. Protecting work
    By norm671 in forum METALWORK FORUM
    Replies: 8
    Last Post: 15th June 2006, 02:33 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •