Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 4 of 4
  1. #1
    Junior Member
    Join Date
    May 2015
    Posts
    2
    Member #
    49562

    Client's existing site hacked. Should I work on it?

    I'll start with a disclaimer: I'm a beginner WP designer. So please be patient :-)
    I'm supposed to build a new WP site for a client. They only jpg image in place now. After receiving WP login info and ftp access to client's existing site from his IT consultant, I used google webmaster tools and found out that it was hacked. Months ago! There was a folder with 5000 spamy files there. Apparently nobody knew about it. The IT guy did move the site from Windows to Unix yesterday, but he copied all old files as well.
    I read this whole article from google about all the steps required after a site is hacked, so it looked like a serious issue to me. I asked to switch to a host which would offer better security, but they declined. So I asked the IT consultant to reinstall WP, delete all old files and change password - basically take ANY steps to prevent hackers to get to the site again.
    He told me to just delete the spamy files through FTP and change my own password. Is this safe? Can there be malware left there as well. I don't even feel comfortable connecting through FTP. Am I paranoid? And if I build the site, and it will get hacked again - then it will be my problem... Should I even start the project.

  2.  

  3. #2
    Unpaid WDF Intern TheGAME1264's Avatar
    Join Date
    Dec 2002
    Location
    Not from USA
    Posts
    14,485
    Member #
    425
    Liked
    2783 times
    The IT guy is probably partly right. Delete the files. Whatever the hacker left is probably in there, and unless you need the files there's no point in leaving them on the server for the hacker to play with.

    That being said, the IT guy seems to be a little lax about the whole thing. He should be changing any and all server passwords, including your FTP password. Your web server is hacked, you change every password associated with the site and you apply every available patch, update, security fix, script adjustment, whatever there is pertaining to your site AND to the server. Yes, the IT guy switched the OS, but he bloody well should do the other work to go along with it.

    You possibly change any and all email passwords as well, depending on how closely your web and email server are tied together.

    Here's what you're probably looking for someone to tell you in a nutshell. Yes, you're paranoid, but yes, you should be paranoid. The site was hacked. The IT guy should be paying attention. If not, do it for him and make sure everyone else knows about it.
    If I've helped you out in any way, please pay it forward. My wife and I are walking for Autism Speaks. Please donate, and thanks.

    If someone helped you out, be sure to "Like" their post and/or help them in kind. The "Like" link is on the bottom right of each post, beside the "Share" link.

    My stuff (well, some of it): My bowling alley site | Canadian Postal Code Info (beta)

  4. #3
    Junior Member
    Join Date
    May 2015
    Posts
    2
    Member #
    49562
    I'm a freelancer, so I can't even do any of these changes. Well, they made their decision, I tried...
    I guess I'll just start working on the site and keep a backup at all times. And if the site is hacked again, I can ask the IT guy to fix it.
    Thanks for the advice, though!

  5. #4
    Senior Member Vapr_Arts's Avatar
    Join Date
    Oct 2013
    Location
    California
    Posts
    1,930
    Member #
    37412
    Liked
    544 times
    You can only do as much as the client allows. I personally haven't had the opportunity (i say that because although its not something i WANT to happen its a good learning experience) so i cant contribute anymore than the game has.

    What id do is keep doing all that they allow and when it gets worst or doesnt change let it be known that you did your part. I wouldn't call anyone out by name as it would be unprofessional but at the same time make sure they know that more could have been done and it was not your fault.


    Sent from my iPhone using Tapatalk


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 10:29 AM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com