Will ssl cert deter hackers

mygrowth · 05-16-2007, 02:01 AM

Hi '
hope I'm posting in the right place! - anyway I just had a hacker place a subdomain on an account of mine for phishing bank details - the host was alerted - by me - and they promptly deleted all files - nice one - my question is - could a ssl certificate help prevent this?

StupidScript · 05-16-2007, 02:22 PM

An SSL certificate, properly implemented, would encrypt traffic to and from your server, as long as that traffic flowed through the secured tunnel provided by SSL.

It sounds like your issue was not caused by someone "lurking" and "sniffing" your server traffic for authentication details, but rather was caused by someone who hacked the DNS records maintained by your hosting provider. That takes either a hackable, mis-configured server or someone with a password.

If an actual subdomain record was placed in their DNS records, AND there were corresponding files on your server, then it's probably an inside job. SSL would not have helped at all, if that's the case.

I remember an event a couple of years ago where the hosting company (then) used by my company had issues with someone who had one of their administrative credential sets, and who then proceeded to launch attacks against every server in their datacenters from the hosting company's own DNS servers. Like you, we notified the hosting company of the attacks, and they realized quite quickly that there were some very long nights ahead of them. Not fun. SSL would have been no protection at all in that situation.

Daniel-Z · 05-16-2007, 02:50 PM

I dont think having SSL willd eter a hacker. Hacker's can hack into anything if they are good.

Regardless of if you have an SSL cert installed if they gain access to the box that is hosting your site then they will have access to your site.

mygrowth · 05-16-2007, 04:30 PM

Thankyou for your replies - the learning curve grows ....