[Hidden-tech] One page of my site has been hacked and I can't figure out how

Rob Laporte rob at 2disc.com
Mon Apr 3 18:06:37 UTC 2023 

Such hacks are almost the rule not the exception now. My firm ended it once and for all years ago by engaging a great local tech firm (Nubbernaut, cc'd) that thus became an ongoing tech partner with my firm, and I recommend them highly. Their packages are perceived as a bargain by some, expensive by others, and alternatives are way more costly, damage usually being the most costly.  

Years ago I wrote this summary for clients, which Kevin of Nubbernaut said is essentially true if not 100% accurate:


The 7 Layers of a Website 

To understand why dedicated monthly website-tech management is vital, it helps to glimpse the connected layers beneath content managers’ typical interactions with a website. I’ll use WordPress (WP) as an example, but this synopsis applies variously to all website platforms. 


The top layer is where you add content. 


Beneath that is a layer of plugins or other third-party apps and connections. This and the above layer often break when crucial WP upgrades are rolled out a few times per year. 


Lower still is the database holding not only visible content in pages and posts, but also user profiles and passwords, client or customer logins, and variously secure connections to layers above and below. 


Supporting the above layers and connecting to the server foundation is a tech management layer often called cPanel. It is open source and often upgraded automatically, and such upgrades can damage other layers and break automatic back-up systems. This layer often has entrances left over from past webmasters’ work, via the likes of FTP. It also offers admin panels for most aspects of email management, domain name associations, and other vital functions of your website. 


Some web hosts offer access to yet a deeper layer, often called WHM (Web Host Management). My recent spelunking there shows a byzantine array of settings often pre-set and sometimes changed willy-nilly by cheap hosting plans at the likes of GoDaddy. Options in this setup, like caching and CDN services, can have major impact on security, SEO, site speed, and other functions. 


Finally, there’s the server itself, which is set-up by web hosts (or clients’ in-house IT people). I’ve never been inside there, and just peering over the misty edge into that abyss is terrifying. 


Another layer that wraps around all of the above is the human layer. People working in and on the site often unwittingly do damage, and, given the compounding complexity of websites, even excellent tech pros can make mistakes that impair function and SEO performance.  





Those layers change over time, and sometimes, like tectonic plates, they can rupture, causing lots of screaming and running for help. One among many consequences is declining site speed, and Google is constantly making speed more of a ranking factor, never mind the vital role of speed in conversion rate optimization (CRO).





Best Regards,



Rob Laporte

CEO  |  R&D Manager

DISC - Making Web Sites Make Money
mailto:Rob at 2disc.com, 413-584-6500

https://www.2disc.com



NOTE: Emails can be blocked by spam filters throughout the web. If you don’t get a reply within an expected span of time, please call.








---- On Mon, 03 Apr 2023 12:33:38 -0400 Rich at tnr via Hidden-discuss <hidden-discuss at lists.hidden-tech.net> wrote ---



care to share ? the link in question that is -- also what web
      page tool are you using ?
 Quick guess - look at .htaccess
Email link directly if you won't want to share on the list

On 4/3/2023 11:56 AM, Shel Horowitz via
      Hidden-discuss wrote:



-- 
Rich Roth
CEO TnR Global

Bio and personal blog: http://rizbang.com
Building the really big sites:      http://www.tnrglobal.com
Small/Soho business in the PV:        http://www.hidden-tech.net
Places to meet for business:        http://www.meetmewhere.com
And for Arts and relaxation:
http://TarotMuertos.com - Artistic Tarot Deck
   http://www.welovemuseums.com
   http://www.artonmytv.com/
Shakers: http://www.shakerpedia.com/
Helping move the world:             http://www.earththrives.com


_______________________________________________

Hidden-discuss mailing list - home page: http://www.hidden-tech.net 

Hidden-discuss at lists.hidden-tech.net 

 

You are receiving this because you are on the Hidden-Tech Discussion list. 

If you would like to change your list preferences, Go to the Members 

page on the Hidden Tech Web site. 

http://www.hidden-tech.net/members 

Oy! A key links page on one of my sites now loads a
        junk parked page. This happens whether I click to it from
        another link or type in the full URL.  



An hour chat with a human at tech support left me with
          nothing but frustration. They take zero responsibility for
          this security breach and say it was on my end and I should
          buy, install, and run sitelock. As I recall, I previously had
          sitelock installed and it was very annoying in the process
          required to do anything. 

 



I went into my Hostgator CPanel, changed the PW, and
            checked the file. It is the file I last updated in 2019
            (which is good, as this would have been a very difficult
            page to recreate). I searched both the entire file manager
            and the file that is redirecting for the URL of the page it
            loads and I also checked the file itself for the word
            "redirect." Whatever they are hacking does not seem to be
            the actual file.



How can I figure out what's jamming my site and get rid
            of it?



If Passover, Easter, or Ramadan is a holiday you
            celebrate, I hope yours is blessed and joyful.



Thanks, as always,

 



Shel Horowitz - "The Transformpreneur"

________________________________________________

Contact me to bake in profitability while
                            addressing hunger, 

poverty, war, and catastrophic climate
                            change

* First business ever to be Green America
                            Gold Certified

* Inducted into the National
                            Environmental Hall of Fame

* Certified speaker: International
                            Platform Association

https://goingbeyondsustainability.com 

mailto:mailto:shel at greenandprofitable.com 413-586-2388

Award-winning, best-selling author of 10
                            books. 

Latest: Guerrilla Marketing to Heal the
                            World 

(co-authored with Jay Conrad Levinson)



Watch my TEDx Talk,

"Impossible is a Dare: Business for a
                            Better World"

http://www.ted.com/tedx/events/11809 

(move your mouse to "event videos")

_________________________________________________















_______________________________________________
Hidden-discuss mailing list - home page: http://www.hidden-tech.net
mailto:Hidden-discuss at lists.hidden-tech.net

You are receiving this because you are on the Hidden-Tech Discussion list.
If you would like to change your list preferences, Go to the Members
page on the Hidden Tech Web site.
http://www.hidden-tech.net/members
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20230403/ea77f270/attachment-0001.html>

Google
More information about the Hidden-discuss mailing list