php hack
A friend of mine recently was a victim of something that I have never been a real witness to. He was the victim of an internet attack. I don't mean simply having some credit information stolen or having your name put on a telemarketing list without you signing up yourself. He actually had some major problems arise as a result of someone else preying on him while he ran his own website. Now, his business is suffering and his website is nonexistent. For now he is trying to figure out if he can still afford to run the business or if he should just call it quits for now.
My friend currently runs a painting business in town that employs students, like myself once, for local homeowners to use at cheaper prices than professional painters. He has been doing this for about seven years now and actually started the business out of his savings when he was a sophomore in college. Up until about three months ago he was doing quite well and had built up quite a large base of customers. A recent PHP hack in to his website really just changed the whole situation. Having once been my boss and a current friend, he came to me very quickly after he found out about the problems and I told him straight what the problem was. At the time his customers would log on to his site and when they would log in to their personal information the site would redirect them elsewhere while scanning their information for the hacker. This little web application vulnerability turned in to something of a huge mess for him.
His apparent knowledge of web security seemed to be quite extensive until this happened. Even though he himself had taken courses on how to protect himself, things like this happen even to the biggest websites out there sometimes. Now his big question is how to build back a base when all of his customers had information stolen and how he can afford to pay for better security while running a seasonal painting business. It is quite a sticky situation and I think that if he had thought more about his web security issues before, this could have been avoided fairly easily.