Recently, while traveling

Many bad scenarios are directly related to the security of your connection (user name, password or emails caught along the way you and your connection).

Anyway the sad thing is each content management system has its own pros and cons on security even as they are updated with regularity. So every CMS would have its own issues and recommendations.

So far, in general, take care from where you connect to your system, change usernames and passwords with regularity (and use safe passwords), also keep your cms up to date, to the last version and check the vulnerabilities of each version. Check your site very often, some hacking actually happen on shared servers.

Hi exporador,
Thank you for your prompt acknowledgment of my post. According to my web hosts, if the hacker had got hold of my password, he (I am assuming it is a "he" since I cannot females being that insensitive!), he could have done a lot worse than simply injecting malware-related code on to my website. Furthermore, I have the latest version of the website builder I use. That is the bit that bothers me. I get the feeling I took the required precautions and yet, the hacker was able to work around my protective mechanisms.

So let's assume, I cannot prevent this. Any thoughts on what I can do to minimize the downtime when the damage occurs? Any thoughts would be highly appreciated. Thank you one again for your prompt response.

Regards,

Pranav

I have the latest version of the website builder I use

I'm not familiar with the app you are using, but is not an isolated issue. Take per example Wordpress, they encourage people to update and there been times where the community says "don't upgrade to ver xx.22.x" as a security flaw was discovered and only updated versions are being affected. So on a the version side we are never 100% sure we are safe.

Sometimes the problems are related to the templates or themes or even the widgets you insert on your page (third party).

So let's assume, I cannot prevent this. Any thoughts on what I can do to minimize the downtime when the damage occurs?

Backups are an option so you can restore your info anytime, the key is to keep constant backups. Perhaps your app has this option, if not, check your hosting panel which usually has "account level" backups or contact your hosting provider. Static sites are easier, but sites using databases involve backing up the database too.

Very often the support does little to solve the mystery of where and how was the attack. Check for server antivirus on your admin panel too, it helps to detect trojans and code injections, and check your server files with regularity.

Unfortunately there is no easy way to keep files safe. Many here advice avoiding shared hosting but each case is different.

pranavc, when traveling, did you access your site via a public wi-fi system? Or were you updating your site via 3G or some other form of connection?

Backups are of course mandatory, you should back up your database and your home directory on a regular basis. The problem I see is how you are accessing your site to replace an infected site with a backup. You should always be updating your site via a secure connection.

Hi explorador,
Thank you so much for your suggestions. I do need to be more disciplined when it comes to capturing backups. I have to confess not doing this nearly as often as I should. I will also check for server antivirus.

Hey travelin cat,
I actually never accessed my site via a public wi-fi system. The only time I accessed it via wi-fi was at a house in Croatia. It was a secure wireless network (at least I think it was!). Interestingly enough, my site got reported as an attack site a few days later. I was not updating via 3G. I will definitely avoid updating the site via an unsecure connection.

Thank you so much!

Regards,

Pranav

Hi pranavc, I'm not familiar with Soholaunch, but I've had the experience of a code injection attack with another cms. For that cms, there were .htaccess recommendations and additional extensions that helped prevent attacks.