There are different levels of skills when you are dealing with webmasters.
Some webmasters are skilled in programming and front end development.
They can do an audit of their own code and can tell when something is wrong.
Other webmasters are front end specialist and they know how to make the web site look good but know very little about the programming in the back end.
The final category consist of the majority of webmasters.
These are people who run their sites but know very little about the internals of the site itself.
They hire people to do the programming and the design of the site.
Webmasters who know very little about the internals of their site are the most at risk of having security exploits that they will have to worry about.
Hackers And Script Kiddies
When a hacker or script kiddie is able to get into your web site and deface the homepage, this means that there are holes in your system that could lead to greater damage.
When someone is able to sneak their way onto your server and has the ability to deface your web site this means one of two things – either they were able to get in either through a technical problem on the site or they were able to bypass security through social engineering.
This is why I described the different types of webmaster earlier.
A very technical adept webmaster would be able to look at the code and determine if it was the problem.
If they are able to determine that there wasn’t a problem with the code itself they can then start looking into other means of how the site was penetrated.
If you are a webmaster and you are not able to do your own audit of the code, then pay someone to do it for you.
It must be an individual or company that you trust.
You do not want them to create their own back door to the server while looking for the old one.
If it’s determined that a hacker was able to guess or somehow con a username and password from an administrator of the site, then everything must be changed.
All of your accounts, even the ones that have nothing to do with your web site, should have a new password and username by the end of the day.
You do not know how much information they may have on you.
Until you find out where the leak has come from, you must be prepared.
Until you figure out how they got in, you must assume that all of your accounts have been compromised.
A defaced web site is just a symptom of a deeper problem in your web site’s security.
If it is determined that you can not find the cause of the problem, then you must assume everything digitally about you is compromised.
Set up a new password and username for all of your online accounts and that should help keep you safe.