How Can This Be Possible?


(Gerhardt Ostertag) #1

I am working on a Christian website. After I published some changes I saw my side on the browser with the results I have wanted. But suddenly there was a little window seen on my website with some statements from the perspective of Islam. The little window disappeared after I clicked somewhere. How can they following my site or put another message on top of my site? Thank you for an answer.


(Rob D) #2

You need to secure your site.

First, get a free SSL/TLS certificate from Let’s Encrypt. This will change your site from http to https. Change all links in your site accordingly. Then, test your site on the Observatory site. You will see all strengths and weaknesses of your security. You will also be shown some suggestions on how to further strengthen your security.

Also, it would be probably a good idea to change your FTP credentials on your host’s server.


(David) #3

Can you post a link to that page on your site?


(Jürgen Schulze) #4

In addition to @Rovertek:
Questions:

  1. Where is it hosted?
  2. Are you using CMS on top of RW? Anything that requires extra credentials? Databases?
  3. Shared webspace (i.e. Shared hosting)?
  4. Security settings of management software (log in counter etc)

I’d do the following addidional things:

  1. Check your Mac for Malware (no joke) before you change ftp-credentials.
  2. Use a different browser for accessing management console.
  3. Check for files in your webspace that you did not put there. Would not really make sense to adjust ftp credentials if a backdoor has been installed…

J


(David) #5

Do you have any Google ads or other stuff coming from sources other than your RW files?


(Greg Schneck) #6

Yes… this can happen. It happened to me when I used a script on my site that had “vulnerabilities.” Hackers will select popular scripts to “hack” so if they can penetrate the script they have access to all websites that use that script. Your web server is no different than your computer. Protection is only as good as what your host provides. That usually isn’t much.


(Gerhardt Ostertag) #7

Thank you for your respond. The answer is no.


(Gerhardt Ostertag) #8

Thx for your quick respond.


(Gerhardt Ostertag) #9

Thx. I will do it, if possible. Thx for your respond


(Gerhardt Ostertag) #10

Thx for your respond. Not done yet.


(Gerhardt Ostertag) #11

Thank you for your respond. I will do it as soon as possible.


(Rob D) #12

@jsc – Yes, Jürgen, I completely agree with your additional suggestions. Security of a website is a multifaceted and quite complicated matter, but of the utmost importance – and getting more important every day.

@1611mac – You should go even further than your host provides in a way of security. For my site, I created several security rules within my .htaccess file and I am constantly trying to update and improve those rules.