Securing a website

[poynton]

My son runs a radio station online as a hobby.

We think that someone has accessed the website without authority.

The website is currently unsecured.

How can we secure the website.


Andy


.

 

[lcsaszar]

This is a separate discipline in itself, more than one can summarize in a few sentences. Using https certificates, do regular backups, have a not vulnerable code, ...

 

[MAAC0]

I believe You should ask this question to a web admin, since there are many variables implied. Start with strong passwords like 8489kjHGa;ª({-) with 10 chars minimum. 1234 & the like are cracked in seconds.

 

[wintermute]

I guess the first thing is what is the underlying platform the website runs on? I've done a cleanup on a wordpress site that was hacked to use for pharmacy spam. It's quite the learning curve to get rid of the stuff, make sure you have a backup (even of the compromised site) before you do anything.

Tony.

 

[wintermute]

Also once they have gained access, they will most likely have installed back doors, so even if you think you have secured the server you may not have. Below are screen shots of the backdoor I discovered on the site that I fixed up. It didn't even need a password to get into so anyone knowing what to look for could have taken advantage of it.

Tony.