Thursday, May 16, 2013

Good or Evuln?

A few weeks ago one of our websites was hacked. We didn't notice for almost a week due to browsers caching the pages. The consequence of the hack was that every page accessed returned a 404 error meaning that the page was not found. During that week Google's spiders visited with the result that almost the entire site was lost from the search engine.

I discovered the hack just in time to be able to restore from my web host's oldest backup. It was a real hassle as well as a stressful time and I wanted to find a way to alert me more quickly if it happened again.

My first thought was to use ChangeDetection.com, the site I use to alert me when a change occurs to the IBP Beacon Status page. That was no good as both sites contain dynamic content that changes frequently.

A couple of days ago I was visiting some ham sites and I came across one with a badge stating that the site was scanned and malware free. I clicked on the badge and it took me to evuln.com, a site containing a lot of information about how to secure a website and offering tools to detect an attack.

Tools include a malware scanner that will check your site to see if it contains something bad. You can have this check run daily for free if you display a badge on the site. This appeared to be just what I was looking for, so I registered with the site and added the badge to both G4ILO's Shack and ham-directory.com.

Evuln.com also offers a service to clean and fix websites. This is something I might well have used a few weeks ago if my web hosts's support hadn't been helpful in assisting me to identify the hacked files. But the cynic in me rang an alarm bell. It would be in evuln.com's interest to claim that my site was hacked and then offer to clean it up for a fee. What a good scam! In fact the owners of a couple of sites that had been told they had been hacked thought it was a scam and that their site had been hacked by evuln.com!

So is evuln.com good or evil? I did a lot of digging. I think that if it was a scam I would have found a lot more evidence of people who had been scammed. Evuln.com has been running for several years and contains good information. The owner replies quickly and promptly to enquiries. There is an address and contact information on the site. I believe that evuln.com is a genuine attempt to provide a useful service.

I have since found other similar services such as ScanMyServer which do not offer a site cleanup service. Come to your own conclusion.

No comments: