website got hacked, help

KL is right to point out that SSL does not help prevent your site from being hacked per se since it's meant as an added layer of?ÿencryption, making data exchanges a bit more secure from hacking attempts.

I just thought it would be a necessity since there are online transactions involved? Hopefully no data was compromised.

*PS - I'm a noob so can't advise further...gotta learn from the pros here.

 

Hi MG

Just to highlight that SSL does NOT help to prevent your site from being hacked... SSL is used to prevent things like eavesdropping?ÿby providing an encrypted link to transmit data... If what you said about the site being replaced with rubbish wordings etc, it may be that they have gained access to your admin account for administering the website, or at least infected them (e.g. if you place infected files on your web server). There are quite a few possibilities.

And just to repeat, SSL does not help, and worse case scenario is if you store your private key there, it may even be compromised. So please do look up a bit more before deciding how to protect.

 

@KevinP ?ÿ: Unfortunately no SSL cert is used, think he want to save cost but i guess it came at a high price for that. ?ÿwhich SSL is recommended?

@KennethLee : the entire site was taken down, it was scary. when i see it myself, it's all filled with rub

More info will be good to get suggestions from others. I assume that you are looking at defacement only? Or do you suspect that data has been stolen? Did you check if there are other unauthorised transactions or have the log files (if any) been reviewed to assess the actual damage?

Edited to add: I think before you look at the price of a solution, you may need to know what you need first. IMHO, you need to look at value (and ROI) rather than just the actual cost. For example, is $10,000 expensive? If it is meant to protect a $100 asset, definitely yes. But if it can help protect a $10 million asset....

So that's why I am asking for more info, I am always very against the idea of just buying a product/solution and hoping that it can protect you without really knowing what you need and the threats you are facing. If need be, get some companies or experts to help assess what you need first, before spending on the actual protection. You may think it is a waste of money to spend on consultancy and assessment, but I think it is a necessary first step. As an example, spending on antivirus is not going to help you with DDOS attacks. So you need to know what to spend on wisely rather than looking at products and solutions blindly, otherwise you may end up spending more in the long term without enjoying any protection.

@merlion guy - does ur friend's site incorporate the use of SSL security certs?

 

is it exp?