Have any of your websites ever been hacked?

[NerdSlayer]

A few years ago I was working on a forum project where people could talk about virtually anything. I spent a couple of weeks putting everything together and got right into advertising. I remember putting a posting on a popular hacking forum so I could get people with tech skills to join - and sure enough, someone from the site compromised my site and dared to brag about it in my original thread. Ha! What a wild experience. Not only were all my site files taken but he left a wonderful deface page for me to take in.

Needless to say, after that I was more determined than ever to figure out why my site was so easily breached. Turns out, there was just an unpatched 0day in the MyBB software at the time and probably only a handful of people knew about it and I happened to be an unlucky statistic. I never did let it get to me, as I went on to create several projects there-on and never had another incident.

Have any of you had a compromised website before? It can be scary!

 

[TopSilver]

I've never had my website compromised or hacked but this seems interesting to me that it happened to you. MyBB seems to be a lot more vulnerable than Xenforo but I also use Cpanel and WHM to protect my site. Which does a good job because I have an LFD firewall, mod security (mainly for stopping SQL injections among other things), and also Cloudflare to keep the site from being DDoS and also to protect the site from intruders. All combined seem to be a good way to keep the site healthy. I know the type of forum your using has a lot to do with it though. Paid software is usually much better in terms of reliability but a lot of people that get hacked aren't using cPanel which is a shame. I won't run any of my websites on anything but cPanel. To me it's either cPanel or go home as I've tried free panels and they all suck.

However, I have been DDoS before and it's not fun. Where someone uses a botnet to hold your website offline. This has happened to me in the past. So my recent host I chose has DDoS protection on their servers and now Cloudflare also offers free protection for any DDoS attack unmitigated (something new they just introduced). So it's likely I won't have to experience that again.

 

[David]

Yup. Was using wordpress and installed a buggy plugin or maybe it was a theme. Anywho, I migrated away from Wordpress and made my own script. Never been hacked after this.

 

[NerdSlayer]

Yup. Was using wordpress and installed a buggy plugin or maybe it was a theme. Anywho, I migrated away from Wordpress and made my own script. Never been hacked after this.

Dang, that's a real bummer. Sort of the same boat I was in with an unknown exploit! Anyways, it's a learning curve.

 

[Ash]

Yeah. It was a general discussion forum and unfortunately, my password from compromised from a database leak from 000webhost. This was back when I was using the same password for a lot of sites so they got access to the backend. Luckily, I got everything sorted out in the end and that's the day I started making sure everything has a different password and started using a password manager

 

[Nerdface]

Yes, sadly one of my websites have also been hacked in the past and I never did identify where the vulnerability was (although I have my suspicions). The attacker was able to inject their own files somehow and deface the main site and forum index. It was a pretty creepy defacement page and was political in nature, the image looked a bit ghostly..

I was running the latest version of vBulletin at the time and similar to now, I was using a large number of add-ons including some of my own code. I kept trying to restore the site, but the attacker kept coming back to take the website offline. I gave up and closed the project after activity had slowed to a crawl..

 

[Dan-Kode]

Nope. That's probably because I've never made a Website that's visible in Search-Engines but rather through Links which is probably why they haven't been hacked. The same goes for Forums. I've never had a Forum that has been hacked(But I have had Spam-Bots on one).