Please help, how do I secure my sight from sabotage?

  • C_M_Livingston
  • Born
  • Born
  • C_M_Livingston
  • Posts: 3

Post 3+ Months Ago

I don't know much about web hosting/development but this seems to be the place for people who do!

If anyone can help, I would really appreciate it.

I need to change all passwords relating to my site, to "lock out" my current web designer. He tried to defraud me... long story but he has to go. The problem is I hardly know enough to even know what all has to be changed. The site/email/registration are all currently open to him currently.

What are all the things that I need to change?

I know that I need to change:

Domain Registration
Webhosting login
Control Panel
Appliance Admin Login

I need to be certain I have covered all bases, and make the switch all at once. Any other advice for such a situation would be welcome. Maybe one of you can check the site for backdoors (payed work) ?

Thanks in advance...
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23460
  • Loc: Woodbridge VA

Post 3+ Months Ago

If you have a hardware firewall/VPN change those too. I had to do similar last week and if you stop the key entry point/s you shouldn't need to do anything else. For example, I have a Cisco Pix. I nixed direct access, but the trick is the "old" company that screwed us had login names for all VPN users and passwords, including mine which is admin access to everything. That still leaves a backdoor. So obviously those need changed too.
  • C_M_Livingston
  • Born
  • Born
  • C_M_Livingston
  • Posts: 3

Post 3+ Months Ago

Thanks for the help (ATNO/TW). Most of what you said was over my head (I WAS paying someone else to know about these things), but I gather that I would know if I had a VPN. I don't think so, and this is being hosted elsewhere so I have no actual hardware. I'm just paying monthly for the hosting. I know that VPN = virtual private network, but that's all I know about it. I don't know the purpose or where to find one.

Please let me know if I misunderstood... but as far as you can tell, the things I listed would do it? I'd be quite surprised if I didn't miss anything.

This WILL get ugly, and I'm currently living off of the income from my site. So you can see why I am being so paranoid!
I don't want to make a move and then leave an opening.

Thanks again for helping me out
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23460
  • Loc: Woodbridge VA

Post 3+ Months Ago

The VPN is what allows users remote Access through a secure firewall. It can be separate, but in my case my VPN access is enabled/disabled through my Cisco Pix firewall. By having the VPN access, I can remote into work from anywhere. It's probably not much you need to worry about for your situation because your webdesigner was probably just updating things via ftp. It looks like you've covered all the primary things that would disable him from getting back in.

The only other suggestion is check the user accounts that have access to your administrative areas like Cpanel. Sometimes backdoors can be made to look like users that should be there. In otherwords, just make sure all the user accounts that are there are ones that should be there.
  • rDolay
  • Expert
  • Expert
  • rDolay
  • Posts: 541

Post 3+ Months Ago

If you have rights on the e-mail that used to register domain names , we may switch your whole of the service to the Newista.
Hostings are not a big problem to transfer if they were Cpanel or Ensim.

Again if you have the rights/owner of the e-mail that have been used to register the domain names, we will transfer you rdomains in the name of you reigsterar to our registerar service.

Thanks
  • jnacool
  • Graduate
  • Graduate
  • User avatar
  • Posts: 156
  • Loc: UK

Post 3+ Months Ago

I don't think he needs to transfer his whole hosting service across, plus thats gunna cost him a lot more than simply changing his passwords etc.. Fair enuff a change over would be more secure but a lot more expensive!
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Posts: 1098

Post 3+ Months Ago

I think I would just send an e-mail to all vendors associated with your services and tell them your problem and ask them to change all passwords and help-desk change management requestor lists (the list of people who are authorized to call in and request changes). You can usually find the support # or e-mails on the vendor's sites. Calling would be better.

Make sure you file a police report. seriously. If he's screwing with you, and you have evidence that he's broken the law, file a report. If it comes to litigation, you won't be able to do squat if you don't have a police report. Trust me on that one. (ok.. that assumes you're in the US, of course...)

.c

Post Information

  • Total Posts in this topic: 7 posts
  • Users browsing this forum: No registered users and 4 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.