Site HackedA word of warning to bloggers who are contemplating moving their blog from Google’s Blogger to self-hosted WordPress. Security is 101!

A few weeks ago my WordPress blog was apparently attacked by hackers or spammers, or something nasty, and it took me sometime to even know that it had happened. The first hint I had was a sudden increase in traffic. Normally a pleasant surprise, but in this case it wasn’t. The next hint was that it became difficult to access my site and my admin panel.

After repeated efforts I finally connected with my site and saw a huge list of spam comments; trapped in my spam box fortunately. Then I knew it was time to send an email to my ISP. By the next morning I had received a reply and they confirmed that my website had overloaded their server due to an attack of some description. They then added a small piece of code to my site to protect both my site and themselves. The site was then back to operating normally, except for a little loss of functionality in a couple of minor areas, which after a lot of work are all running once again.

The first lesson here is that when deciding where to host your own site, always choose a reliable and full service ISP. Luckily for me mine is one of these. Not cheap, but worth every cent. I shudder to think what would have happened if I was on a ‘cheapo’ hosting provider with no technical back up.

Secondly, although it’s bad luck to get hacked or spammed, I had taken a number of precautions that kept my site up and running throughout this nasty time. Spam protection plugins and Captcha security at least stopped all of what was hitting the site being published. Secondly, good caching meant that even though my server was being overloaded, the site was still more or less accessible. Just a little slower than normal.

Lastly. I had regular and recent back ups.

No matter what you do on your computer, always, always have back ups. Not just once in a while, but a regular routined back up schedule that I promise will save your ‘bacon’ one day.

It would be nice to think that the world and the Internet are full of nice people, which is 99% true. But there will always be that 1% who think destroying someone else’s hard work is a fun way to occupy themselves. So be warned. Protect your site as best you can and take the necessary precautions to prevent, protect and recover from the work of these idiots.

Hacked!
Tagged on:                         

14 thoughts on “Hacked!

  • 03/10/2011 at 4:22 pm
    Permalink

    What possible reason could they have to do something like that?
    OK, I know there doesn’t have to be a logical reason – they just get a thrill out of imposing themselves on other people’s lives – but it drives me nuts.

    If not for jerks like that, I could have my entire web footprint (for writing anyway) under a single password. Instead I have everything compartmentalized to prevent a complete takeover.

    My twitter account was hacked recently so I’m feeling your pain.

    • 03/10/2011 at 9:47 pm
      Permalink

      It’s the state of the Internet Andrew. A reflection of the world. 99.9% nice people and 0.01% damn idiots, fools and just plain creeps.

      The only way is to try to protect yourself. I just wish Twitter was more vigilant. It really is poor form that they allow so much crap and blatant spammers and hackers. For a social network its size, it really is plain irresponsible.

  • 03/10/2011 at 4:51 pm
    Permalink

    Thank goodness my blog on blogspot hasn’t been hacked so far Derek. The mindless cretins who derive pleasure from doing this, quite frankly, should be found out, exposed, and prosecuted! The are bastards all!

  • 03/10/2011 at 5:22 pm
    Permalink

    So I’m commenting on this from my wordpress website that I just set up rather than my usual writer blog, because now you have me worried! I just set it up using the word press hosting service, right? So what’s an ISP? I figured word press was as secure as Blogger if not more so.

  • 03/10/2011 at 5:29 pm
    Permalink

    Hi Karen. It depends if you are on wordpress.com or using WordPress on your own ISP (Internet Service Provider).

    If you have a self-hosted WordPress blog, you would’ve had to download the software and install it on your own ISP’s server. In this case you do need to take precautions.

    If you are using wordpress.com. it is a web based blogging service (not dissimilar to Googles Blogger) where you simply register and start setting up your blog. This blog is relatively secure, but you should still follow the site’s help section regarding security.

    I hope that is as clear as mud! lol

  • 03/10/2011 at 5:36 pm
    Permalink

    For all the hoopla about how every writer should have their own website, I’ve seen people complaining of more problems than I’ve had in years of using wordpress.com. I have: Total support. As many blogs as I can keep going. A domain name for my book blog. Very rare downtime. No programming hassles. Free (yearly fee for the domain name).

    • 03/10/2011 at 5:51 pm
      Permalink

      Yes Catana, wordpress.com is a great solution for many bloggers. I used it for quite some time. In fact the site is still up and now feeding from my new blog on WordPress.

      While a self hosted blog suits me because of the added tools that are available, it is certainly not for everyone. You do need to have pretty good technical skills and a lot of patience to get it all working.

  • 03/10/2011 at 8:42 pm
    Permalink

    There is an excellent plug in that helps ensure that you are not hacked and I’ve run it for two years without having a single attack. Funny thing, I let it expire three days ago, and yesterday was instantly blown up by false comments on my blog. My solution was simple. This was an old blog that I no longer needed to support my business, so I just deleted it. But I highly recommend running the plug-in and paying the annual fee to keep it current.

    The plug in is ASKIMET and you can find it at http://akismet.com/

    Best wished,
    JT

    • 03/10/2011 at 9:13 pm
      Permalink

      100% correct Jon. Askimet is the very first plugin I install on any site. Second is Login Lockdown to protect from malicious registrations.

  • 03/10/2011 at 9:39 pm
    Permalink

    I use wordpress. (I upgraded to my own domain name but it’s still wordpress.com)

    Askimet came with the blog set up. I’ve had blog 5 months and it’s removed over a hundred spam comments. I look them over once in a while and none of them were wrongly identified as spam.

    I’m happy with wordpress for the most part. It was highly recommended and free while I was figuring out how to get a blog up and running.

    (domain name cost about $20 a year)

  • 03/10/2011 at 9:43 pm
    Permalink

    It is very Good Karen. I’ve had almost the same result. I do check though, and on average it captures 100’s of spams per day. But I’ve had just one or two that were not spam. All in all though, its the best protection around.

  • 04/10/2011 at 12:52 am
    Permalink

    Really good article. I’ve had my email hacked, facebook 3 or 4 times, and ebay. It’s getting old. I have blogger and I have wix and wordpress. Only blogger is active.
    I own my dot com for it. Such a snoozer to figure out how to change from blogger to my own dot com. This article was a big help to me. Thanks

  • 04/10/2011 at 11:24 am
    Permalink

    We were recently ‘defaced’ by some ‘brats’. I found it because I was showing our website to someone. Pull up the home page to our website and our blog and viola it had been ‘defaced’. They gain access to the website via the server and replace the index.php or home. php file with their own. My hosting service is 3 hours behind me, and was up and running before notification to the affected sites was sent out. There are what is called mirror sites where these hackers post the websites they have hacked and are able revel in all their glory. I was able to get our site up and running prior to the mirror site confirming the defacement. So when I clicked on our link for the screen shot from the mirror site – it showed our site was up and running like normal and did not display the defacement. Ours was one of 1000s done in a few short hours and it really rattled my cage. Through my research to figure out what the heck had happened to our site I found an ‘interview’ with the little no good so and so and such and such … it is either some kid that does not get out much or some immature adult that finds messing with other people’s hard work amusing. Neither of which I found funny or entertaining.
    Kortney

  • 05/10/2011 at 5:10 am
    Permalink

    I am so sorry about this, I did get hacked too…so it was a year ago. So thanks for the update.

Comments are closed.