Sup /g/
so my girlfriends website got hacked by some indonesian retard shitkid who thinks he is liberating palaestine (my gf is very redpilled about palaestine, and her website gets very little traffic anyway). its obvious to me she was targeted because of her activity in some facebook groups.
already told her to make sure to use strong new passwords for every possible site/account and so far nothing else seems to have been compromised.
any idea how her website might have gotten hacked though? what should she do now? i know nothing about this shit
Install Gentoo
>>55534224
shit nigga it's too late for that
Change all passwords. Presume this person has access to everything with the same or similar password.
>>55534212
What is she using to host the site?
>>55534366
already dun diddit. how to recover the main site though? just talk to the domain registration providers?
>>55534212
You had better get a priest and perform an exorcism on your site, famalamadingdong.
>getting owned by a weeaboo faggot
Priceless.
>>55534434
I have no idea. This girl knows nothing. I think somebody did everything for her, sigh.
Anyway, I'll have her come over and do my voodoo. thanks anyway /g/
>>55534787
Could be anything. Although, since the faggot's promoting a shit agenda I'd bet he knows a guy who works there. Change passwords and switch hosts (and yada yada yada, you know the drill).
>>55534212
nice blog post faggot, /g/ is not your personal journal
>>55534212
>redpilled about palaestine
I don't understand? So she thinks it's all bullshit and she is a jew?
>>55534212
Post url. May pentest later.
>>55534787
Well, there isn't really any way we can help then.
Frequent entrances are reused credentials, shitty WordPress plugins and out-of-date software. Static site generators are way, way more secure (and faster) than any dynamic blog software.
Since her friend obviously isn't that good, or she fucked up by reusing a password or installing something easy but shit (by far the two most likely options), shed be better off hosting on something like Medium or WordPress. If she doesn't want to do that, or her blog wouldn't meet the terms of service (sounds a bit /pol/ for my tastes, but that's her free speech and if she wants to say whatever it is, I won't stop her): hosting her own site on a simple, cheap VPS using static blog software like Jekyll or Octopress or something would be a good idea. What to run on the VPS? Whatever's comfortable. Nginx on Debian or Ubuntu server isn't a bad choice, doesn't stick out and is popular enough for there to be lots of documentation and not be too high maintenance. Keep the OS up to date, especially with security patches. Don't use passwords to log in: SSH keys only. Then, put it behind CloudFlare and never let anyone onow the real IP. Use domain privacy if you can because attackers will try to dox you.
That puts you out of the reach of all but the truly most dedicated attackers.
Also - later not right now while the shock is still raw - maybe reconsider whether the speech is worth that price to her. If it's personally important, sure, continue. If not and it's just a hobby, finding a safer hobby would be one solution. Just putting that out there: specifically not victim blaming, simply neutrally suggesting things that statistically reduce the incidence of being successfully attacked.
Most importantly of all, give her cuddles. Snuggles are very important.
>>55534212
You aren't giving many details. Is it a static website? Has the hack affected all pages, or only one? Does the site's source code look intact? The change may not be permanent, depending on the methods used.
