(Reading time: 6 – 10 minutes)
Back in the day, website hacks were either pranks, where the hacker would simply leave a calling card, or outright criminal activity targeting large corporations. We should have it so good. Nowadays, hacking seems to be just vandalism, plain and simple. Boring. And frustrating when it hits close to home. For example, Heather and I have been cooking up some web magic on the back channel over the last couple months. So when Heather Got Hacked, it messed with our collaboration timeline. And that’s… annoying.
Let’s hear what Heather has to say about it.
An unwelcome visitor
-by Heather Craik
My blog isn’t a big one. I’m not a ‘Problogger’ and I don’t have hundreds and hundreds of followers. My traffic isn’t even terribly great at the moment. One thing I do have, though, is a hacker.
As far as “perks,” having a hacker is one I could do without!
When I noticed what had happened the first thing I did was nudge Dave, who (after helping me out a little) asked if I’d come and share my story with you. Morals of the story can come later, but there’s one thing I’d like you to keep in mind as you read through. This could happen to you too.
Without further ado lets travel back a bit to the morning before I discovered my unwanted visitor… (Grab yourself a coffee or something, this is going to be a long one)
It began with a feeling…
The day started a little later than normal but not in any particularly remarkable way (unless sleeping late is considered remarkable?), and I went through normal morning routine stuff. Won’t bore you with the details there, we all have our own methods. Sat down and did some work offline; writing with actual pen and paper followed by planning my day. Checked emails, checked blogs, commented a few times.
That’s when I saw the first sign. In fact no, if I’m being totally honest, I’d wondered about this ‘first sign’ the day before as well but hadn’t had the time to check into it. CommentLuv was showing ‘No last posts to return’. To my shame, I didn’t instantly check in on my blog. I went around CommentLuv’s site first, got to the troubleshooter part, and arrived at my own blog in a very circular fashion. Now it’s worth pointing out that I’d known it was showing blank the day before since someone else had pointed it out to me. I’d dutifully gone and checked, had a look in cPanel at the files, and concluded that it was probably the server (I was very distracted at the time).
Already the dread was creeping in. I could feel there was something wrong.
Doubt had curled its insidious fingers around my brain, doubt which was only compounded when I tried to access my WordPress Dashboard and was met with the same blank page.
I looked further into my file system with my heart hammering, checked the main page (it was still working) and tried my blog again in a desperate attempt to deny what was happening to me. No dice – apparently circumstances don’t change if you deny them long enough and wish for it all to be ok. Drilled further down and was met with a very empty contents folder.
Now imagine this for a second: your blog is down, you’ve exhausted all the ‘Oh, its just the server’ excuses you could. You have even visited your host’s website to see if they were also having problems. You’ve checked further into it, and suddenly, everything you’ve been working on since the very start of your online blog life has simply disappeared.
“Sickening” doesn’t even begin to describe the feeling.
Some anonymous piece of [well, you get the idea] has come in while you weren’t looking and brutally murdered your brainchild.
Still not quite giving up hope, imagine you looked at the code in the index.php file (I’m not very code-y by the way, I just know that it’s the main file and for the purposes of this example you do too) and were met with this:
Silence is Golden hack
“Silence is Golden”
Wouldn’t you feel like someone had punched you in the gut?
I know I did. Or stabbed, or slapped, or whatever violent unpleasant reaction you want to add here. Not only did they kill off my poor, innocent little baby blog but they left a calling card stating that it wasn’t any good in the first place.
Upset? Yes. Angry? Oh you bet. Confused and Stunned? I’m sure it was in there somewhere under the angry.
And continued in confidence…
My first reaction was to pace around my room threatening random inanimate objects. My next? To play video games.
Thankfully I’d at least backed up this month; though it was 20 days ago now. However, as you just read, that didn’t occur to me at the time.
Getting hacked was the last thing I needed to be doing. This particular disaster happened to come right in the middle of a frenzy of college work. I had a full day ahead of me filled with 3D project work and editing. Discovering something like this really shouldn’t have put my whole day on hold, and it was most definitely something that would have been better happening a week or two later (or not at all for that matter). What can I say? It’s easy to get to me apparently, and I shamelessly wasted a few hours on some random fast-paced game that didn’t require me to think.
After, that is, trying to reach a few different people (Dave included) for help and finding that everyone was offline, asleep, or busy.
Video games seemed like a great idea at that point.
Eventually, I calmed down and went out to college for part of the evening to do some work. Got back home not long after since I can’t really work on much in college itself at the moment and took another look at it. Backups were downloading when Dave showed up, and between us we figured out they’d gained access through a tiny permission I had set to allow people to register with my site. Aside from not doing that again, all that remained to do was restore the backup and re-post everything since that time.
To the wrong conclusion
From here on out it looked like there would be one simple solution, after which I could spend some time re-posting a few different articles and it’d all return to normal pretty quickly. The backup was loaded; after five attempts. Thinking that was it fixed, I double checked my blog – just to see that it was there before I started restoring everything else.
Nothing. The backups I’d done through cPanel that had been labelled as ‘Full Site Backups’ were, in fact, nowhere near complete. I would have needed another, more specific, backup of my database itself. This wouldn’t have been a problem if the plug-ins I’d been using for that had worked however they’d gone on the fritz a few days ago and I hadn’t fixed it yet. Further, I still couldn’t even get into my dashboard.
In short, I had no backup.
By this point you could be forgiven for assuming I lost it completely, ran around destroying things like a crazy person, or at the very least shed a tear (earlier in the day had caused a few after all). On the contrary…
…I felt distinctly apathetic.
Sure, I had all my posts in their original form minus formatting. There was always the option to reinstall WordPress itself and build it again from the ground up.
What was the point though? All the comments and discussions we’d shared before were history, even if I were to post the same things again there wouldn’t be that level of engagement; it’s now old news. I decided to sleep on it, do something unrelated for a while.
Admit defeat for the night.
[To be continued...
Meantime, have you had the "Silence is golden" attack? Or something worse?]
Heather writes The 3D Student providing
video tutorials, reviews, and advice for 3D students.
She loves working with light and texture for
animation and modeling,
writing, drawing, film and playing video games.
Visit Heather at The 3D Student.
Ooo… I got a ‘to be continued’? I feel special now.
Thanks again for posting this Dave. :)
.-= Heather´s last blog ..Childrens Literature Lesson: Why Do We Feel Important? =-.
Heather, of course you’re special!
.-= Dave Doolin´s last blog ..Blog Better with a Virtual Assistant: Tip #1 =-.
And that just made my day. =)
.-= Heather´s last blog ..Childrens Literature Lesson: Why Do We Feel Important? =-.
That would just make me sick to lose everything I had been working on. Last Friday I copied everything in my wordpress directory to my hard drive via ftp and then to DVD. I have been using wpbackup and the backups on my cpanel so I hope I would be protected but I don’t know for sure. Can’t wait for part 2
.-= Justin Matthews´s last blog ..Memorial Day! =-.
You should be ok with that to be honest – just keep doing it every now and then ;)
Definitely not something I want to repeat though I’ll tell you that much!
.-= Heather´s last blog ..Childrens Literature Lesson: Why Do We Feel Important? =-.
If you keep up with both the database and the files, you should be fine.
.-= Dave Doolin´s last blog ..Blogging from a Tropical Island Paradise… with Wireless! (Bert Padilla drops in from Cebu) =-.
Oh, Heather! I’m right there with you. Not sure why some people think it’s fun to wreak havoc on people for no reason other than because they can, but I like to think there is a special place in hell just for them.
So glad to see your site is back up and running and everything has worked out in the end. I wish I had thought to restore instead of rebuild. Live and learn.
.-= Anne Bender´s last blog ..It’s Story Time: What Can You Say in Six Words? =-.
You’ll probably find what happens in part two really funny Anne (well, the weird sort of funny). Still lets hope that doesn’t happen to either of us again!
Also I know I’ve said it before, but I just wanted to say thanks again for your help. Kept me sane ;)
.-= Heather´s last blog ..Childrens Literature Lesson: Why Do We Feel Important? =-.
Heather, thanks again for writing this up.
I’m collecting a series of articles on this topic! Which will be good; I’ll refer people back to these articles in the future.
That’ll make for interesting reading! Lets see, there’s already Anne’s post and mine, no doubt there’ll be more…
Have you been hacked before? Curious now.
.-= Heather´s last blog ..Childrens Literature Lesson: Why Do We Feel Important? =-.
I have not been hacked so far as I know. I am pretty diligent about backups, so I’m not too worried about it. My only real concern is having it hit when I’m in the middle of something else.
For example, if I got hit this week, I’d be ok with it, don’t have any mega-deadlines pressing on me.
Some other week with huge deadline, that would suck.
.-= Dave Doolin´s last blog ..Blog Better with a Virtual Assistant: Tip #1 =-.
Agreed, I think anything like this is probably easier to handle if you’re prepared and aren’t too pressed for time.
According to the various laws people subscribe too though you’ll be hit in the middle of the biggest busy stretch of the year. If you are. =P Let’s hope not.
.-= Heather´s last blog ..Childrens Literature Lesson: Why Do We Feel Important? =-.
That is such the suck Heather. I’ve not been hacked but I’ve been broken into and had my things stolen. The sense of being violated is horrible. One of the worst feelings I’ve ever experienced. I imagine getting hacked is darn near identical.
I am in the same boat as Justin. I am using WPBackups but I’m not sure if that’s covering all I need. Hopefully you and Doolin will make that a bit more clear.
Actuslly, I guess I have been hacked on another domain that I had yet to do much with. I remember seeing “Silence Is Golden” when I looked up some file in the file manager…I suppose it was the same as what you did. I’m not sure offhand what the damage was though or which domain it was on. I didn’t realize I’d been hacked until I read that part on thos entry. Weird.
.-= Carlos Velez´s last blog ..Did The Law of Attraction Manifest a Computer Breakdown? Chaos vs. Design =-.
It’s also possible that the index file thing was a benign part of it or something WordPress added with an update, not certain myself. So long as your stuff didn’t go missing and you’ve no unexpected new users I think you’ll be fine.
Careful with the plugin though – I didn’t know at the time but it actually has a button for deleting your entire database.
.-= Heather´s last blog ..Childrens Literature Lesson: Why Do We Feel Important? =-.
Heather.
What an ordeal. I have backup, I think.I just added the plugin that Dave told me to do. Of course I don’t know what to do with it should I need it. I am hoping to learn something from your experience. Is
blog Post Maintenance going to save my bacon? I am still waiting to find out.
.-= Ralph´s last blog ..Let’s Remember Decoration Day =-.
I liked that plugin, but for the moment I’ve actually removed it. Reason being that it has a button on there to delete your entire database (comments, posts, everything).
It’s gone for now because I’m wondering if someone gained access and used that to wipe it all. Food for thought eh? That said it shouldn’t have made the dashboard unusable.
Backing up is good for you. Can’t recommend it highly enough! (Plus, I love B.P.M.)
.-= Heather´s last blog ..Childrens Literature Lesson: Why Do We Feel Important? =-.
Ralph, I know how I want to do the Blog Maintenance part of this now. I’ll definitely write up a tutorial on using WP DBManager and WP Backup from BTE.
I *will* be digging deeper than anything else I’ve read, and it will be helpful. Picsie will vouch for me on that.
.-= Dave Doolin´s last blog ..Hacked. I Feel So Violated, Again! =-.
Dave, I’ll be watching closely to see what you suggest here.
WordPress security is a high priority for me right now.
.-= John Soares´s last blog ..Join Third Tribe Marketing Now — Before the Price Increase =-.
John, I haven’t opened the Blog Maintenance Challenge yet, still working on the details. Ralph is part of the initial group from Pre-writing.
.-= Dave Doolin´s last blog ..Red Shoe Blogger Follows Yellow Brick Road And Finds: No Wizard. No Oz. No Magic. No Message. =-.
Heather, I also suffered through two hacks in May on all the blogs I had hosted at Godaddy.
I was able to roll back my sites to an earlier date, when the files were not infected.
I also switched from Godaddy to Hostgator.
.-= John Soares´s last blog ..Why I Left Godaddy Hosting =-.
Hey John =)
I’m not with Godaddy, but its interesting to note… maybe there was a security flaw with them that the hackers were exploiting. Lets hope its all over now though!
.-= Heather´s last blog ..Childrens Literature Lesson: Why Do We Feel Important? =-.
Heather, I also suspect Godaddy may have had a security flaw. A few other hosts were hit, but Godaddy had the biggest problem.
.-= John Soares´s last blog ..Why I Left Godaddy Hosting =-.
Pity for them. Any word on what they’re doing to rectify the situation?
.-= Heather´s last blog ..Childrens Literature Lesson: Why Do We Feel Important? =-.
Nope.
I actually still have my hosting account there, but with no hosted sites. If they have any new information, they certainly haven’t e-mailed me.
.-= John Soares´s last blog ..Pay-Per-Click Marketing: How Well Is It Working? =-.
Shining example of customer service right there.
.-= Heather´s last blog ..Practical 3D Tips #1: Save Incrementally =-.
I yet not face it, probably because I edited some core file to make hacking hard. Feel sorry for you. I hope, your experience teach you well and going to help you to extend your blog security.
.-= Arafat Hossain Piyada´s last blog ..Watch Megaupload hosted video without downloading it using Mustreamer =-.
I’ve definitely stepped up my security a bit more now (though aside from that one option it was never really bad). Good luck in keeping your blog hacker free :)
.-= Heather´s last blog ..Return of the Student =-.
We’ve had a lot of tales of hackerdom round here lately.
If I were you, Heather, I’d take this as a compliment, in a roundabout way. It means someone thinks your content is awesome.
And the technical smarts to hack are not easily acquired. Not to the everyman, anyway. So indirectly you’re um, helping someone with their personal development.
It’s times like this you wish you’d have thought some more about the content of your comment before hitting the Submit button. Dang!
Hehe thanks Dave. It’s ok, I got what you were talking about – kind of cool when looked at that way (though I’d still rather it hadn’t happened of course :) )
Opened my eyes to a few things though, so all in all this was probably one of the better times to have it happen to me.
.-= Heather´s last blog ..Childrens Literature Lesson: Why Do We Feel Important? =-.
Heather:
Oh no! I can’t wait to see the “to be continued” part.
I had a new client who came to me specifically because her blog had been hacked. Though, I wasn’t able to help her I did send her off to someone who could.
We did install a backup plugin into her site so I pray that should it ever happen to her again (or myself for that matter) that the restore function works properly.
Will be watching for your next post. :-)
.-= Michelle Mangen´s last blog ..Hate Paypal Fees? Check out the alternative =-.
Hey Michelle – thanks for the encouragement :)
Don’t worry, my particular story starts to look less bleak. Glad that your client was able to get help! It’s a really horrible feeling coming on one day and seeing it all gone… backing up definitely looks to be the answer though.
.-= Heather´s last blog ..Return of the Student =-.
It’s up now!
Ok, now I’m scared. We need to allow people to register on the site in order to continue to develop the community posts. I don’t want to stop that but I’m not keen on allowing us to be hacked either. Aside from this three weeks, I back up regularly. It’s just the yuckiness of it all. So now what do I do?
.-= Eleanor Edwards´s last blog ..Dreamers dream, winners follow through by @6aliens =-.
Continue but backup very regularly?
It’s only a theory that that was the reason, so long as your security privileges are well defined for people signing up you’ll probably be ok. Is there any way to make it so that in order to use their subscription you have to approve it? (Then again, that could get very wearing)
.-= Heather´s last blog ..GP: Website in a Weekend; Hacking and Stuff =-.
I add people manually. It’s not that big of chore.
I had a rash of automatic registrations once, so I’ve already cleaned out hundreds of bogus users.