When Your Website Gets Hacked, What Do You Do? I am Back in the Networking and Server Administration Books!

Sorry that I have not posted in a while. I have been studying to run an Internet Service Provider (ISP). If you aren’t sure what that is, it is usually your local telephone company that provides your internet. In this post I will catch you up on what has been going on and what is going on with my website Pictures With Passion. I will give you some pointers that I have learn and tell you the secrets to speed your internet up if you are running and internet DNS server in the next post. Enjoy the read!

First I will start with that website I started for my niece that I can’t seem to keep up and running. I am using a reseller hosting program that I get a discount for using my own services. I call my Hosting service In The Cloud Company Hosting. I have not been advertising it as I want to make sure that the service I provide will have all my attention. I offer web hosting packages for the Website Developers who host and manage their websites. Please do note that the problems I am having with the Pictures With Passion website are not because of the hosting service, they are my not knowing how and just learning to host WordPress websites.

Here is what happened to the Pictures With Passion Website this time. I really and truly got hacked this time and all the pictures of car rims I designed in Autodesk Fusion 360 were erased. I do to things wrong this time and learn from my mistakes. First, I didn’t take the time to figure out how to back up my database that run the website. Point here is backup your website and database both to offsite storage. Second, I wasn’t keeping track of my website attacks and blocking the IP addresses.

As you can see in the posted screen shot above is the In the Cloud Company hosting panel. Look under account usage at the first line in the bottom left. That CPU usage is way to high for a site that only about four people are accessing at the moment. At 3.56% I should be having 50 people visiting a week and uploading or downloading at that! I am going to show you where to monitor your attacks and where to go to block them. First, lets look at the attacks on the website under the Advanced tab in the black bar from the picture above.

In the drop down menu above you can see ModSecurity grayed out. That was because my mouse was on it when I took the screen shot. When you click it, as I will show you below, you get a link to take you to a list of IP addresses that have been attacking your website. Some are crawler bots that index the site I would say and others are not.

Here is the list of IP addresses and the next screen shot is the description of them robots or IP addresses.

Now that you know what is attacking your website and what the IP address is, lets block those hackers! In the following screen shot I will show you where to go to block IP addresses if you are using my hosting company, In the Cloud Company hosting.

In the above screen shot, I have one IP address blocked. The purple button labeled Block an IP address is what you have to use to inter the hackers IP address.

I hope this post was informative and helps you in managing your website to keep it going. Again, I am sorry that I have not been posting regularly. I have been in between reading about five books including; ‘Mastering Ubuntu Server’, The CompTIA A+, Network +, and Security + certification books. I have also been reading a book on DNS servers and one on getting certified to run a ISP.

In my next post I will explain what I learn from studying DNS servers and how you can speed up your Intranet web searches by creating the correct DNS BIND setup. You will be pleased if you use this technique and that is a promise. I have seen websites, upon the second load within the time the website is cached load in 1 msec! Think of how much work the crew can get done then!?!

Leave a Reply

Your email address will not be published. Required fields are marked *