I’m Clean, Really I am (or What I Did When I Found Out I Was Hacked)

Posted April 28, 2013 in Discussion / 14 Comments

Format: select

(updated 7:26am Monday – Man, was I asleep at the wheel when I wrote this post last night.  I added more information!)

divider-maroon

About 2 weeks ago I get an email from some person over in the U.K. telling me the grim and terrible news that my site has been hacked.  Weird, I hadn’t noticed.  But then, I hadn’t been posting all that much (okay, none at all but life has been getting in my way lately) so I hadn’t noticed anything.  But jeez, my site sure was running slow….

The very helpful Brit told me they were using the NoScript add-on to surf the web and they saw the hacks.  So I added NoScript to my Firefox browser and low and behold, my header had me selling viagra, among other things!

Hmmm, I seem to recall hearing about this somewhere.  Oh yeah, I retweeted a post about that some time back….

blogging-with-amy
click image to go to post

And this attack, although focused on weaknesses in WordPress, wasn’t focused on one host, it was a global attack and affected hosts such as HostGator (one of the largest) and my “beloved” GoDaddy…

bbc-news
click image to go to post

And, of course, there’s a ton of information about the attacks out there for you to read, some specifically about how fix your blog…

WP-codex-hack
click image to go to post

 

So after the freak out, the denial, and the ignore it and it might go away tactics didn’t work, here’s what I’ve done to make sure your visit to my site is safe and secure.  Please note: I am NO expert about computers or how any of this stuff works.  I piece it all together like most hobbyists using Google.  So please, take my advice with huge ass grain of salt!!!!

#1 – I went back to an old backup of my blog from before the “hack” and restored to that version.  But I still had some malware on my site (more on that in a moment).  Make sure you backup, backup, backup!!!  My host (at the time), GoDaddy, automatically backups all my files daily.  I will also back up my blog from time to time on my local computer.  The plug-in I use for my back-ups is WordPress Database Backup.

#2 Changed all my passwords – I highly suggest you utilize passwords with capital letters in odd spots and you use numbers and punctuation marks.  A total pain in the butt but soooo worth it.

#3 – I double checked to make sure I didn’t have an “Admin” administrator on my WordPress account.  Nope, it was only me on there.

#4 – Added the plug-in “Limit Login Attempts”

#5 – I “hired” Sucuri to clean my site.  I found this service during my Google-ing.  If you go to their page, you can type in your url and they will scan your site for malware in the code.  So even though I had restored my site back to old version, I knew there was going to still be malware on my site because the hackers put their code in my header and I was pretty sure there was code still hanging on the site.  The scan showed me where it was.  So I paid, they cleaned my site, and now they monitor it.  I also get updates on security news which is quite handy.

#6 – I’m in the process of moving from my current host to a new host.  I’ve been needing to do this for some time because my site is tangled up with another site I don’t own.  This hacking issue only kicked me in the behind to get it done sooner.  I’m still not officially moved yet so hopefully I don’t lose THIS post in the move 😀

#7 – Lastly, once I’m at my new host, I plan on checking out CloudFlare to see if turning on that service will slow down my site.  I don’t even want to mess my DNS before I move hosts 😉  But what they do is become your DNS host and weed out between your good visitors and your “bad” visitors.  Oh, I’m completely simplifying it so check out their website for more details.  It’s a free service.

divider-maroon

So while I still might not be posting everyday just yet, I’m well on my way.  Let’s just call this the ultimate kick-me-in-the-ass Spring Cleaning of the blog exercise….

MyParaHangover

 

Kristin

About Kristin

Kristin has to ensure she gets her minimal requirement of "happily ever after" books in between those books that contain cliffhangers and never-ending story arcs. It's for her family's sake. When not reading, she's homeshooling her 10-year old son, watching cartoons on TV, or taking a nap.

Tags:

Divider

Subscribe via Email

Get my posts delivered right to your mailbox!

14 responses to “I’m Clean, Really I am (or What I Did When I Found Out I Was Hacked)

    • K

      If you’re feeling charitable, you can plug those funky sites into the Sucuri site’s scanner and see if they have malware. Then you could always email the site’s owner… BUT NOT WHILE YOU’RE STILL SICK!!!! You could give me the list on the sly 😉

      • K

        NO, I wish it was then I could’ve blamed them and had them fix it but it was global. I added that little nugget of info to the post (DUH on me!). Thanks for asking that great question!!!!!!!!!!!!!

        Oh, and despite HostGator being a target, I picked them for my host. We’ll see. I learned a ton about email, DNS, and hosting thru this exercise so I may move again if HostGator doesn’t make me happy 😉

        BlueHost was a close second and so was TigerTech…

    • K

      I flip flop between 2 browsers, Firefox and Chrome. On Firefox, you can add-on “No Script” addon that will basically not allow any scripts on pages to run. So when you surfed to my page, you saw all these words on top of my header. I’ve since turned off the addon b/c, unfortunately, almost everything runs off javascript. Most page’s links weren’t working and I needed them to work. But it’s a great addon if you’re deathly afraid of scripts!!

  1. Just to clarify, this host had nothing to do with web hosts themselves. It’s all to do with how secure your password is. The bots were bruteforcing WordPress sites, which means they have a script up and running that tries thousands of different passwords on your site until they get one that works.

    So it doesn’t matter which host you’re on; all that matters is how strong your password is!

    Any kind of dictionary words are HORRIBLE because those are the first ones the bots try. They have entire dictionaries built into the bots and they go through all the words trying possibilities.

    And to be honest, at all the people saying that now they don’t want to move to WP or they want to stay with Blogger, the same thing can more or less be done with Blogger if they really wanted to! Someone could use the same methods to try to get into your Blogger account and then delete your site or do whatever they want to it!

    Basically the moral of the story here isn’t that “WordPress is bad”. The moral is that “weak passwords are bad”!
    Ashley recently posted…Parallel by Lauren Miller

    • Also I totally should have started out by saying:

      I’m really sorry you fell victim to this! And I’m really glad you managed to get your site cleaned up. 🙂 Outside of my blog and outside of WordPress, I work for a really high profile site in the gaming world and we’re a huge target for hackers.. so I know what it’s like to have to go through huge things like this! It sucks massively!

      *hugs*
      Ashley recently posted…Parallel by Lauren Miller

      • K

        Honestly, I see more Blogger sites with malware than I see WordPress sites!!! And if I were on Blogger, I’d have NO clue how to clean it b/c you don’t really own it or have access to it as well as you do a WordPress site.

        Personally, I think Blogger is great site if you don’t want to tinker with design and don’t need flexibility. I still love WP!

        Oh, and I prob. should have reiterated a little stronger that I have been wanting to leave GoDaddy for a long time b/c I’ve been needing to separate 2 websites I had packaged together there. I actually went to another big hosting site!

        Yeah, like I said at the top of my post, I totally slept thru this… But I totally learned SOOOO much!! And I even had a password that had nonsense words, numbers and a capital letter in the middle – go figure!!!