My website requires a username and a password to open.

+3 votes
I called in to your call centre this morning when my domain asked me to type in a username and a password. I spoke to a guy who told me that my website was compromised. Does that mean my personal details on your server are compromised as well as my banking details? Isn't your server set to protect me from such? Why did this even happen? I understand that my site was taken down to protect me and every one else on the server im an. Please assist.
asked Jan 15, 2015 in Shared Hosting by Matthew.B

2 Answers

0 votes
We sometimes password protect sites when they have been compromised. This means that a hacker has possession of your back end username and password, and is able to login to your site or hosting space to conduct malicious activity.

This does not mean that your information with Afrihost has necessarily been compromised as your hosting information is stored seperately to your account information. However, it would be strongly advised that you reset any passwords (including your ClientZone password) as whatever means were used to retrieve your hosting password could have been used to obtain other personal information .e.g. using spyware or phishing. The most common way to obtain a password is to ask for it, so make sure you never give out your passwords and never click on links from untrusted sources.

It is also advisable to scan your PC and local network thoroughly for any malicious software that may have been used, though there are many other ways to hack sites including brute force attacks or using commonly used passwords (so please try to use the most secure passwords possible avoid easy to guess combinations like pass, password, 123, etc).
answered Jan 15, 2015 by AfriMan (14,660 points)
+1 vote

Afrihost seems to like adding password protection to your site if it is hacked.  The banner that they set usually says "Access to this site is restricted.  Contact support or login."

You usually get hacked if ...

  • you used a dumb password (e.g. admin123) (that's a poor password)
  • your desktop is hacked (and someone is running about with your FTP credentials)
  • you installed some amazing software which has gaping holes in it (pretty much any software, actually)
  • you installed a plugin or theme with gaping holes
  • you got hacked somewhere else and you copied the hack

Hackers like to ...

  • leave a backdoor shell so they can return (a php snippet that does whatever they ask it to...)
  • leave another 5312 backdoor shells called things like "index.php" and "includes.php"
  • leave another 1 different kind of backdoor shell
  • rewrite every single php file on your account to include "give away access to the evil man"
  • add their own admin user
  • add a few directories to host evil content (e.g. phishing)
  • add links to your themes and things that make your site advertise ... various things
  • send people using specific browsers away from your site to somewhere that they will get hacked - by putting redirects in your .htaccess file
  • deface your site entirely so it says "hacked by awsum" (but not very often by awsum, and not very often, because it gives the game away)
  • send spam
  • send more spam
  • wait a long time after hacking your site, and then strike...
  • send more spam

Once your site has been hacked, security purists will tell you you cannot trust it.  They're mostly right.  (Actually, security purists are scared of talking to you, in case they get a virus from you, so just believe me.)

This means you should save what you can and start again from reliable sources:

  • Log in to the using the user name and password (if your site is really evil now, you might get your desktop hacked).  If you don't have a password, set one using cpanel
  • Make a backup of your database
  • Make a backup of your images on your local computer
  • Delete everything on your site (maybe move it to a directory called t2ht429hddjfaodskaosig2hg if you're nervous)
  • Reinstall your software from up to date and reliable sources (i.e. not "DOWNLAODS THEMES FOR UR CMS HERE")
  • Restore your images and databases (you did back them up, didn't you)  (If you didn't make a backup, go back to that step ... oh wait ... um, that's not going to work)
  • Set proper passwords (no really, don't skip this step)

That's what you *should* do.  What most people actually do is that they delete a few recently modified files that they believe represent the whole of the hack, and then wonder why their ISP keeps on stomping on their account.  It does help, of course, to make sure that whatever the hacker did to get in the first time can't be done again.

answered Jan 15, 2015 by Bananaman (5,390 points)
edited Jan 15, 2015 by Bananaman