How to handle attempt to hack into website
A friend of mine has a website and email service provided by GoDaddy. He suspected that somebody was trying to hack into his website, and contacted GoDaddy tech support. They logged many thousands of failed attempts to log into the website over the past few days. My friend responded by purchasing GoDaddy's optional Security package.
1. My friend believes he knows the person who is trying to hack in, and has the hacker's name, address and his employer's name. If he has a listing of the TCP/IP addresses that were trying to log in, What can and should my friend do in response to the break-in attempt? Report it to the police or FBI?
2. GoDaddy claims that the POP email account and company webpages are completely separate. If a hacker breaks into one, he doesn't automatically get into the other. Is this statement accurate?
3. GoDaddy claims that none of the attempts to log in were successful. Can my friend rely on this information?
1. My friend believes he knows the person who is trying to hack in, and has the hacker's name, address and his employer's name. If he has a listing of the TCP/IP addresses that were trying to log in, What can and should my friend do in response to the break-in attempt? Report it to the police or FBI?
2. GoDaddy claims that the POP email account and company webpages are completely separate. If a hacker breaks into one, he doesn't automatically get into the other. Is this statement accurate?
3. GoDaddy claims that none of the attempts to log in were successful. Can my friend rely on this information?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
John
If you are fairly sure, complete with IP, name and address, I suggest you go to local Police force (not the FBI) with low expectation. They might pay attention to you and they might not. But I would start there.
ASKER
I advised my friend to change his passwords, which he did.
I also suggested that he contact the police with his evidence, and encourage them to "have a conversation" with the culprit. If my friend needs to establish a positive link between IP address and this person, I showed him how to look at the Internet Email Header in Outlook to capture an IP address.
Are there any other steps my friend could take to make his website and email more secure?
I also suggested that he contact the police with his evidence, and encourage them to "have a conversation" with the culprit. If my friend needs to establish a positive link between IP address and this person, I showed him how to look at the Internet Email Header in Outlook to capture an IP address.
Are there any other steps my friend could take to make his website and email more secure?
He should probably make all security updates to his website and server / windows system. Usually keeping servers and websites up to date will keep most hackers out.
ASKER
What does making security updates to his website and server/windows system mean? GoDaddy is hosting. Don't they have control over all that?
Well they should have, but you might ask the user to check. If the site is secure, how would they hack in?
ASKER
The hacking appears to be brute force password guessing, and is directed at the website only. Thousands of attempts originating from a limited number of IP addresses. GoDaddy says these attempts have been unsuccessful.
If the site is secure, then I would proceed with the idea of contacting the local police with the name and IP address information at hand to see if they are interested.
For what it's worth, if I tried to track down all the people that try to break into the sites I'm responsible for, I would not have time to do anything else.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
btan,
The website is being hosted, so doing things like bandwidth throttling through ISP traffic scrubbing would be outside my friend's control.
I looked at CloudFlare, and they seem to prioritize security. Akamai, not so much, though I may be looking at the wrong pages on their site.
Brad
The website is being hosted, so doing things like bandwidth throttling through ISP traffic scrubbing would be outside my friend's control.
I looked at CloudFlare, and they seem to prioritize security. Akamai, not so much, though I may be looking at the wrong pages on their site.
Brad
Both are looking at security. They have WAF embedded in the services.
https://www.cloudflare.com/ddos/
https://www.akamai.com/us/en/resources/protect-against-ddos-attacks.jsp
https://www.cloudflare.com/ddos/
https://www.akamai.com/us/en/resources/protect-against-ddos-attacks.jsp
Godaddy is the largest hosting company and domain registrar in the world. While they can't protect you from your own mistakes, they deal with these things everyday.
GoDaddy hosts more than 10 million websites around the worldhttps://aboutus.godaddy.net/newsroom/fact-sheet/default.aspx
Another is Silverline from F5 network which has similar ddos and waf capabilities. It is a newcomer but had been always very application delivery driven- meaning it understand application behaviours and such brute forcing detection is within their default baseline check like the other candidate.
https://f5.com/products/platforms/silverline/f5-silverline-cloud-based-ddos-protection
https://f5.com/products/platforms/silverline/f5-silverline-cloud-based-ddos-protection
ASKER
I told my friend that he was probably OK with what GoDaddy was doing, but that if he wanted more security there are other hosting services that put more emphasis on security & speed where GoDaddy emphasizes price.
Thanks for the advice!
Thanks for the advice!
Thanks for sharing
I find your comment interesting for two reasons. Number one is that Godaddy probably has more people working on security than other hosting companies have in total employees because they are both the largest hosting company and the largest target. Number two is that apparently nobody broke into you friend's site but changing hosting will not have any effect if someone is wanting to try to break in. You can't stop someone from making page requests to a web site. My ISP might complain if I used too much bandwidth doing it but there is nothing illegal about it. There are hosting companies that wouldn't complain at all because their business is hosting people with questionable practices.