Montana Webmaster

406-253-4045

We were recently hacked with a compromise that is common on sites hosted on Modwest. While a new site is being restored on SiteGround, you may be interested to read more about the hack on our Facebook Page!

FACEBOOK POST 5

AS THE HACKED SITE TURNS: GIVING THE BAD GUYS THE KEYS
A web soap opera ~ Episode 5

How did they get in? There are so many options:

  1. Did they exploit your website software?
  2. Did they figure out the password to get into your files?
  3. Do they have a backdoor into the server software?

On item #2, the Modwest hosting system has a security vulnerability just in their passwords. The user name and password that log you into your dashboard, is the same as the FTP user name and password, which is the same as the default database user name and password. If you have access to one, you have access to them all. And, with database access, you can get into WordPress and other CMS software.

Of course, some developers and site owners build this vulnerability right into their system by using the same user names and passwords for everything. That is not the web host's fault. It's easier to remember, but it's also easier to get into your office and car if you just don't bother to lock the doors.