I have a small but somewhat popular space-history website. Very simple HTML that I typed into wordpad, but it has long pages full of photos. Since 2003, I've been using media3.net with their business-class Windows service.
A few weeks ago, mypages were hacked, and a one line script inserted that called an Adobe Flash file. Apparently this was a server-wise attack, not just my web pages. Media3.net cleaned this up, but now it has happened again.
This is bad, because Google blacklists my site, and folks on Wikipedia get upset because there are a lot of links to my site.
How are they breaking in to media3.net? I think I must change hosts, but I don't want to put my image-intensive site on overbooked hardware with limited bandwidth.
Well if it is a server wide attack and it happened for the second time, you should definitely consider moving on. Do you plan to go for another Windows provider?
What are your space and bandwidth requirements as well as your budget?
Honestly, attacks like these happen due to weak passwords, weak permissions or out of date scripts on your own site. Rather than moving hosts, take the time to make sure your file permissions are secure and update your scripts to the latest versions.
There are no scripts on my site, it is vanilla old HTML. I believe my FTP password was sufficiently unguessable. According to media3.net, this was not an attack on just my webpage, it was an attack on their servers and effected muliple customers.
From what you've told us, its probably best that you change your webhost if it isn't the first time that it has happened. Google also might be blacklisting it via IP (not sure how Google blacklisting works, so may be wrong).
I'd check out in the offers forum, then to look to see if you can find anything about that hoster on these forums and Google.
Are your requirements high at all for the site? Since you said it has a lot of photos on it.
From my own experience with several other site's i know that web hosting companies usually give blame to customer without inspecting how the site actually was hacked.
I think that is import to come behind how your site is hacked. Is it your fault or web host fault?
Take a look into logs of you can find suspicious activity. If you are sure that it is problem with hosting then change your hosting company for other one.
JLHC, to answer your questions: my site is relatively small (165 Mb of images and htm files). I do not know the total bandwidth used, as the report system doesn't seem to work. My concern is just that long picture-intensive pages will download promptly when people visit the site.
Today my host says the site is clean again, and I must contact Google to get it unblacklisted. They repeated that it was not just my website that was attacked.
Basically what you got to be clear is with the files permissions . Never give 777 or Read Write and Execute permissions to files unless really needed . Also if yiu are on a windows server . Ask them to move your site to a Linux Server . A Linux box cannot be hacked that easily . Still if same issue move to any other good provider .
Well mostly, the hack occurs using Weak Passwords, or you might be Keylogged.
Why always blame the Host ?? If you install a script will callbacks and it gets hacked, then is the host responsible or you ?
Urm.. you guys might want to actually read what the OP said before posting your replies.
DonPMitchell, $29.50 for the business class hosting is rather expensive going by today's standards. That's probably at the level of hosting that can withstand a moderate digg or slashdot effect (thousands of visitors per minute).
If you're serving only html and images with only 160mb usage, you should definitely consider switching to a cheaper host. Any reputable linux hosts under $5 should fit you nicely.
Thanks for all your responses. I just got off the phone with media3.net tech support.
The hack had nothing to do with my website or passwords. Their server was compromised via a hole in "cold fusion". I don't use that service, my site is totally vanilla html.
If you google like "sputnik 50 years ago" you can probably figure out what site I am talking about. It still says "This site may harm your computer", so now I have to negotiate with Google to get off their blacklist. Sigh...
It's nice that they were open about the fact that it's not your site's fault. Many hosts will first place the blame on the customer, and if the customer is knowledgeable enough to prove it wasn't, they might take that back.
The answer to the question you ask would depend, in my case, on how they explain it happened twice, and the measures they took to ensure this doesn't happen a third time. If none were given, I think I would try my luck someplace else. Your needs are not out of this world, and you should have plenty of valid options.
Yep, I just did that via their webmaster tools a few minutes ago. You have to first install a meta tag they generate, to prove you own the site. Then request a review.
And just to make sure, I am uploading my pages from my master copy on my home machine.
Don't expect a immediate result. Google does take time to revisit your website and review to make sure it has been removed. Yes, it is time for a new provider if this has happened twice now in a short period of time and it is a server wide attack.