Hi, I was infromaed Via Email from a random nice member of the public that mt site had been hacked and parts of it were being used to store and distribute child porn. Apparently the site traffic had gone up something like 1000%, unfortunately my Host Net Registrys only response to this was to ring me and tell me to pay them an extra $80 a month for the incresed usage.

I am not very smart or knowledgeable when it comes to websites and i am learning, when I chose my host i assumed there would be some degree of care there whenre if things like this happened they would alert me to it.

Net REgistry has said that this is all my fault and i should of been more observant and dilligent and this is akin to me leaving my mobile phone on a table at a party and whingeing when someone used it to ring columbia...

To me this is a serious and illegal offence that has been committed and I would expect that the kind of seriousness it would be dealth with would be on par.

Sadly enough, Net Registry belives they have got absoloutely no social, ethical and definately not contractual agreement to help me out with this and they wouldnt even sort it out, i had to change web servers and get another company to take over my website.

So my question is, How do I know if this happenes again? My WEb Host is wonderful now and will manage my website, but how does a person with limited knowledge of the working of the web avoid these things?

What would of been the consequences if this random person didnt see it. It may have taken me years to become that proficient that I would pick up on that kind of stuff.

And what kind of responsibility levels do Hosts have when they tak over your site.

Net Registry has infromed me that "when you run over 30000 websites, we cannot possibly pay any kind of singular attention to each one"

So How do I ensure this never happens again?

Or is just up to me to become a super computer whizz and never pay anyone to help me again?

Hi

Its sad that you were treated this way!

When a site is compromised there may be many many reasons for it.


Examples:

A flaw in the web server software the hosting provider was using may have been present due to them not keeping the server up-to-date.
Your site may have contained php or other code that was not well written and allowed a hacker to get in (quite common)
The hacker discovered your username and password.
There are many other ways but the above are the main ones.
myshophosting (the hosting company I own and run - and the hosting provider that On Technology reccommends) has had a few sites compromised and all of them were due to dodgy PHP scripts that were used on the site. These are easily replaced or removed and the offending hacked files can also be removed without to much hassle.

I have never, and would never charge a client for excessive bandwidth if the problem was caused by hackers - unless the customer knew about it and didnt bother to tell us. We are a small business thou and we are more easily able to identify problems as we have a much smaller client base and care about our clients and servers personally.

I'm glad you have now found more friendly hosting and hope it never happens again, but apart from ensuring your username and password is hard to guess and you don't upload any php scripts to the server unless they are guaranteed safe there isnt much you can do to prevent it except trust that your web hosting provider is keeping their servers and network as safe and up-to-date as possible. You should also make sure that your hosting provider has your current email address on record so that any usage warning emails get to you.

For example, our servers send out warning emails once traffic usage goes above 80% and then again at 90% and 100% - At least if you get these emails you are aware that somthing is going on and can either call or email to investigate!

Thankyou David, I agree something like your smaller web hosting service was probably what i needed. It is what I am using now, I have used the same guy who built my website and he keeps and eye on all that stuff.

Unfrontunately as you can see from some of my other questions, i struggle alot with trying to understand the "behind the scenes" stuff of running my website, I am going to become a more active member of this forum as although i am hugely dissapointed in my treatment and the resulting service, i would like to be able to pick these things up and learn more ways to avoid it happening again.

Your welcome.

Please note: I just discovered a JavaScript error occuring on your site. I think its due to missing script:

Scripts/AC_RunActiveContent.js

This was probably added by your theme/template developer and should be easy to fix - They will probably need to check that the above file exists on the webserver.

Thanks
David