Put "Site off-line" would this be safe for getting hacked?

tinem's picture

All my domains were earlier hacked which I describe in this post https://drupal.org/node/2153055.

I have now uploaded one OLD site but without hacked files and need to update this but not just now - maybe a stupid question but taken the site off-line will it then be impossible for hackers to attack this site because they can't see it's and old version and other info which hackers go for?

Edited 10:25: And is it also safe to use Devel module online when the site is put off-line?


If you don't know how the

ktmom's picture

If you don't know how the sites were breached, then there is no way to anticipate the current security of any site you upload. It is possible, for example, that another account on shared hosting is actually the source of the errant files and so any attempt at securing the actual site will be fruitless since, in this example, the site isn't the source of the security breech.

Have you ensured that the backups of your database are clean? Are you certain all users who can log into your site(s) have strong passwords? Even in the case of a site that's off-line, users can log in and if their permissions allow, have full access to the site. Do you know that there has not been a breech where an attacker has access to an administrative account?

I can't emphasize enough what you were already told in the previous thread, if your hosting provider is not helping you find the source, you need to change who is hosting your sites. This could be an example of "the cheap comes out expensive". Since you have to start out over anyway...

I personally would never have devel enabled on a public facing site. I use it exclusively on a local development machine.