My site has been jacked for a couple weeks now and it's driving me nuts. The main thing is I can't access my ftp to update pages and strips. This is the second time my password on my ftp has somehow changed. Anyone got any clues?
Could be you are getting hacked (hacked not to change your web site, but for the hackers to send out scam e-mails.... happens all the time). I'm just guessing here, but by chance did you eventually reset your password the same as before? If so, that makes it just as easy to lock you out again.
Lots of bots out there that are designed to just guess at passwords. If you use "regular" words, names, and/or a date as a password, you can almost expect that your account will get hacked.
An easy way is to create (and remember) a strong password is to use the first letter of all the words in a phrase or sentence (a sentence you can easily remember and know, but not one that the public would use) For instance, the phrase:
"Charlie is the inventor of lunchkins towel bags and Sam's number one good friend."
translates to a password of : "citioltbasn1gf"
(try not to use "1" though .. everyone does that ... and try not to place a number as the last character .. everyone does that too ;-)
Hope you can get (and keep!) control of your FTP site :-)
If you can get in touch with your host provider, they should be able to reset your password and all that jazz. Then follow Dan's advice for password awesomeness.
It also might be a good idea to upgrade whatever backend cms you're using unless you code everything yourself (Which is totally fucking badass!).
I'm with Jamie on this one. It's possible your FTP / SFTP needs resetting on their end as well. It's your provider's JOB to fix this stuff. Make them earn it.
L33tsp34k is good for passwords; make sure you mix in capital letters, and punctuation too (square brackets are a pretty good bet). That way, even if someone guesses the word, they don't know how you typed it.
If there's interactivity in your site (people posting comments with forms, editing backend stuff via the web browser), check all your permissions. chmod 777 for anything that needs to be writable (everything ticked, in most ftp programs, rwxrwxrwx). Keep 777 things to a minimum. chmod 744 for most other things (rwxr--r--, or the owner can do everything, everyone else can only read). Make a note of what you change, in case anything either stops working afterwards, or something important was 777'd.
Thanks all. I worked with my provider when it happened before, just curious if there may have been some sort of external influence. Maybe the spam-bots are crawling at my door. (birds eye view with shaking fist) SPAM-BOOOOOOTS! I did change the password and it's relatively obscure. I'll just hassle them again. On the other hand I've been considering completely redoing the site so it doesn't require so much updating.
Asking for advice? hoo boy... ;-)
ReplyDeleteWell, here goes:
Could be you are getting hacked (hacked not to change your web site, but for the hackers to send out scam e-mails.... happens all the time). I'm just guessing here, but by chance did you eventually reset your password the same as before? If so, that makes it just as easy to lock you out again.
Lots of bots out there that are designed to just guess at passwords. If you use "regular" words, names, and/or a date as a password, you can almost expect that your account will get hacked.
An easy way is to create (and remember) a strong password is to use the first letter of all the words in a phrase or sentence (a sentence you can easily remember and know, but not one that the public would use) For instance, the phrase:
"Charlie is the inventor of lunchkins towel bags and Sam's number one good friend."
translates to a password of :
"citioltbasn1gf"
(try not to use "1" though .. everyone does that ... and try not to place a number as the last character .. everyone does that too ;-)
Hope you can get (and keep!) control of your FTP site :-)
Cheers
Hey, Tak. Not cyber stalking or anything.
ReplyDeleteIf you can get in touch with your host provider, they should be able to reset your password and all that jazz. Then follow Dan's advice for password awesomeness.
It also might be a good idea to upgrade whatever backend cms you're using unless you code everything yourself (Which is totally fucking badass!).
I'm with Jamie on this one. It's possible your FTP / SFTP needs resetting on their end as well. It's your provider's JOB to fix this stuff. Make them earn it.
ReplyDeleteL33tsp34k is good for passwords; make sure you mix in capital letters, and punctuation too (square brackets are a pretty good bet). That way, even if someone guesses the word, they don't know how you typed it.
ReplyDeleteIf there's interactivity in your site (people posting comments with forms, editing backend stuff via the web browser), check all your permissions.
chmod 777 for anything that needs to be writable (everything ticked, in most ftp programs, rwxrwxrwx).
Keep 777 things to a minimum.
chmod 744 for most other things (rwxr--r--, or the owner can do everything, everyone else can only read).
Make a note of what you change, in case anything either stops working afterwards, or something important was 777'd.
Thanks all. I worked with my provider when it happened before, just curious if there may have been some sort of external influence. Maybe the spam-bots are crawling at my door. (birds eye view with shaking fist) SPAM-BOOOOOOTS! I did change the password and it's relatively obscure. I'll just hassle them again. On the other hand I've been considering completely redoing the site so it doesn't require so much updating.
ReplyDelete