Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trial
Angela Miller
3,536 PointsFraudulent phish website? So confused.
Hi! I'm still really new at this, but in the first course I took, "How to build a website" I was able to follow along and get a basic site online via namecheap/Webhostingforstudents. I mostly used the same code Nick taught us, and only tweaked a few things like color etc. Today I received the following email:
"Hello,
It has come to our attention that you are hosting a fraudulent βphishβ web-site at the following URLs:
hXXp://theglitteredsoul.com/houseview/googledrive/index.php hXXp://theglitteredsoul.com/houseview/googledrive/
You are required to remove the site within next 24 hours in order to prevent any service interruption for theglitteredsoul.com domain. If the site is not removed within next 24 hours we may be forced to suspend access to this domain.
Regards, Julia L. Legal & Abuse Department Namecheap.com"
First of all, the links shown are not anything I recognize as being part of my code.
Is it possible I've already been hacked?
Now, where do I go to fix this? I'm thinking I need to get in to Webhostingforstudents, but I'm only seeing a place to sign up and not a place to sign in.
Can anyone guide or point me in the direction here?
Thank you.
4 Answers
Ted Sumner
Courses Plus Student 17,967 PointsThe early code is not intended for live sites as they have not added the safety code that prevents common attacks for forms and other elements. I am interested if you could post the code as it is now here to see what was done.
Nick Pettit
Treehouse TeacherHi Angela Miller,
I would email your hosting company. This could be a variety of issues; someone might be trying to phish for your information, or perhaps your site was somehow hacked. In the case of HTML and CSS, there are generally no security features to enable; it's simply a declarative document with some information inside of it. The security vectors for a static website typically all reside with the web host, so if (and that is if) your site did indeed get hacked, that's probably where it happened.
Ted Sumner
Courses Plus Student 17,967 PointsWhat if there is form content? I thought there was an issue with inserting code into forms that would cause some serious problems.
Nick Pettit
Treehouse TeacherTheodore Sumner - Forms can be a potential security vector, but only if the form is actually submitting somewhere that data is being processed (like a PHP/Ruby/Python/.NET script). If you're just writing HTML/CSS without a backend or a database, there's generally no harm that can be done.
Ted Sumner
Courses Plus Student 17,967 PointsThank you. I learned about the problem in the PHP course. I assumed it was an issue with forms as a whole.
Angela Miller
3,536 PointsThank you for getting back to me. Getting an email from a legal department is a scary thing and I panicked. After I got your response, I went to my confirmation email from the hosting company and got my info to log in to the cpanel of my domain. I saw a few files that I did not recognize which had a modification date of yesterday, and I hadnt touched anything since launching it several days ago. Because Im still trying to get a basic grasp on what im doing here, and was in a panic, I started deleting them, and in doing that I accidentally killed my entire site somehow. Awesome lol. On one hand, its probably a good thing that im having issues early on, so I may learn to fix them, but on the other hand I feel extremely lost now. Is there a course that you recommend that might help me address/fix whatever I just did?
Angela Miller
3,536 PointsUPDATE- Webhostingforstudents got back to me and said that it DID appear I had been hacked, and that they recommended that they wipe my account and provide me with new login credentials. They asked if I had a backup of my files to upload, but I told them it honestly didnt matter because id rather start from scratch now that I had a few more courses under my belt anyhow. Whew, im in legal compliance again. Thanks for directing me to the host!