Hacked websites can be disastrous for your search engine rankings - not to mention your clients and business.
I offer the following services:
Restore hacked and compromised files on your web server where possible (sometimes this can even be done if all files have been deleted - although this is not always possible).
Secure your database and website so that the chances of another hack are minimal.
Analyse where the attack may have come from internally (e.g. a virus on a computer in your company, a compromised email or social network account) and work with you to bolster up any weak areas I find so the chances of these compromises happening again are reduced to a minimum.
I also offer the above services where a site has not been hacked i.e. if you'd simply like to reduce the risks of this happening.
For sites that have already been hacked, I analyze the damage on your site and let you know if I believe I could restore it and approximately how long this would take. This analysis is done at an extremely competitive rate.
From there you can decide if you'd like the full service described above or only part of it.
For sites that have not been compromised, but for which you'd like to have a security audit on, the service is the same i.e. an initial analysis, a quote and then onto strengthening the site against possible attacks.
All projects are charged by the hour. Please see the FAQ below for more information on this.
Do you fix up our search engine listings as well once the site hack has been fixed?
I work with you to inform search engines that the site hack and any malicious software has been removed from your site using their official reporting forms but I can't guarantee the speed with which they will respond to these reports as I don't have any direct line to any search engines (nor do any other companies in this business).
In my experience, however, these reports generally get acted on rather quickly.
Do you require our passwords to secure our website?
Some of them. All passwords provided will be kept in the strictest of confidence, strongly encrypted and stored in a very secure manner.
Please note that I'll never ask you for your password via email.
Once I'm finished with my work you are encouraged (in fact, I insist on it) to change any and all of your passwords.
We deal with sensitive client information. Can you be trusted?
All information you share with me will be kept in the strictest of confidence and never shared with third-parties. I can't, however, guarantee that the information has not already been previously disclosed as a result of any compromises of your website or internal systems.
Do you guarantee that our site will never be hacked again?
No, as many aspects of this are, to a large degree, far beyond my control. For example, your IT department could change your passwords to weaker ones one day by mistake. Also, new, previously unknown vulnerabilities in software and the web are always being discovered. I have no control over these.
I do, however, do my best to ensure that you and, if you wish, your staff are fully informed as to how to best protect company-sensitive information as well as ensure that all possible avenues of attack for your site have been minimised.
If you'd like, you could also call us once a month or so to review your site's security so as to reduce any future attacks even further.
What about DDoS attacks? Can you protect us from those?
Yes and no. Unfortunately, the success of a Denial-of-Service attack is largely dependent on the type and setup of your site's server - as well as how well it is maintained. I don't offer hosting services but, if DDoS attacks are common to your organisation I can suggest some companies to host with that offer this as one of their features.
There also other ways to minimise the chances of these kinds of attacks. I can guide you in implementing these if you wish.
How do websites get hacked?
In many different ways. Most of the attacks visible on the web today are actually not very advanced and come from commonly known and easily exploited flaws in different systems.
There are many such possible flaws and to list them all would take a book (in fact, it has).
Then there are more advanced attacks. These are rarer as they require more advanced knowledge of web servers to execute.