Social Media, SEO
& Your Business

by Mitch Mitchell




Using Your Website
As A Marketing Tool

by Mitch Mitchell


Pages




Follow Me On Twitter;
Click The Bird!



Add me on Google Plus!


Embrace The Lead
by T. T. Mitchell




mailwasher


Free Download; right-click on book



Leadership Is/Isn't Easy
by T. T. Mitchell


«
»


Hacked, And How I Recovered From It

Posted by on Dec 1, 2014

In July 2013, on a Monday night, as I was getting ready to head to bed, I started having some trouble on one of my blogs. I didn’t think much of it, figuring all would be right the next morning.

SIGNAGE
Neal Fowler
via Compfight

Next morning I woke, came to the computer and tried to access that blog; access denied. I then tried accessing other blogs; some I could see, others said access denied. I then tried to look at my websites; some I could see portions, others access was denied; yeah, that’s a big problem.

I called my friend Kelvin, with whom I share the space, and asked him to look into it, as I had to get to work. He wrote me with the bad news; per the host, I’d been hacked through two of my blogs. Luckily, the host caught the attack and froze access, which was why I couldn’t access anything. He forwarded me the email which explained part of the problem, and what I had to do to fix it.

When I got back to the hotel (as I’m out of town right now) I went to work on the problem. I’m telling you what I did so and what you should do if it happens to you you’ll be able to fix it quicker than I did.

First, the email mentioned that I’d been hacked through the footer of themes on two different blogs that I wasn’t using. Truthfully, when I saw the names I didn’t even remember having those themes on those sites. It didn’t matter; they had to go. The email recommended certain files to remove through a FTP (file transfer protocol) program. I mainly use WS-FTP, but I’m going to recommend Filezilla for those times when you have to delete lots of stuff. WS-FTP lets you delete things, but it won’t delete any folders that have files in them, which can be a pain as I’ll bring up; Filezilla will take care of the entire thing for you.

I went in & deleted the files recommended, and while I was at it I decided to delete the entire theme as well off both blogs. However, all my sites were still closed down afterwards.

The next thing it recommended was for me to go in and update all the software on my blogs. Here’s where, if I’d known something I’ll mention in a little bit, I’d have bypassed. The reason I’d have bypassed it is because I had already updated all the blogging software; all I ended up doing later on was delete and re-add what I already had. If I hadn’t updated it would be a different story; I wasted a lot of time on this step, one I could have skipped if I’d had Filezilla already on my laptop, as I have it on my main computer at home.

Hacked
Nina Helmer
via Compfight

Here’s the problem. My assumption was that the hack, which wasn’t major but still problematic, had infiltrated all my sites. What happened instead is that once my host, 1&1, locked everything down, it shut down all my sites, not just the two blogs that were hacked. If I’d thought of what I’m about to tell you now I’d have saved at least 3 1/2 hours, as I spent 4 1/2 hours on the problem.

The other thing I want to tell you about is using free themes from other people. Most people who create free themes add things into the footer and hide them with some type of scrambling program. I learned that a long time ago when one of my blogs was being found for certain terms that I’d never written about. I obtained some software so I could see what was in there, stripped it out, and never had another problem with those terms after a month or so.

However, the blogs hacked are my oldest blogs, and I had downloaded a bunch of other themes that I never used, thus I never thought about those footers. I got away with it a long time, but in retrospect I should have deleted themes I was never going to use, other than those that WordPress gives you; take that as a major hint and recommendation.

Anyway, I spent hours deleting files and folders, first with WS-FTP, which took a very long time on the one blog I used it for, then with Filezilla, which went way faster but I’m on a hotel’s internet connection, not the speedy 30 MBPS I have at home, so it still took awhile. Truthfully, it’s possible that if I hadn’t reloaded that software I might not have been able to get into my dashboards and would have still had to go through the process, but I should have done this other thing first, which would have been a snap and maybe might have saved a lot more time.

ms_pwned
Ondra  Soukup via Compfight

When the host locked down my sites, what they did was change the file permissions to 644, which basically shuts everything down; at least it did for me, as I couldn’t see any of my files online, though I could get in through the FTP. To make sure everyone else can see what you want them to see, you need to change the file permissions to 755.

You can do this a number of ways, but the fastest and easiest way to do it is to use a FTP program that can do it for you. WS-FTP can’t do it, but Filezilla can. I went online and downloaded it, as it’s free, loaded it up, then used the username & password that accesses all my sites at once so I could work on multiple accounts at the same time. What you do is right click on the file or folder you want to be accessible, see what the permission is, and change it by typing in 755 over the 644 or, possibly, xxx if that’s what you see. Then you hit okay and it releases those files and your stuff can be seen once more. When I was done, all my sites were back up, looking like they were supposed to; whew!

By the way, you might have an occasion to have files on your site which you don’t want anyone to know exists, hence you’ll want to be perspicacious in determine whether you want all your folders or files having their permissions changed.

Here are the major lessons to take away from here.

Preparing maize samples for molecular analysis, Kenya
International Maize
and Wheat Improvement Center

via Compfight

One, stay cool; by staying cool I didn’t do anything really stupid.

Two, if you don’t already have a preferential FTP program I’d recommend Filezilla. The program I use is pretty old, but I’m most comfortable with it for the most part, even if it can’t do everything Filezilla can.

Three, follow the initial instructions recommended by deleting bad stuff they tell you to get rid of.

Four, I should have tested the file permissions on one of my blogs first to see if I could regain access and if I could get into my dashboard before reloading everything; I could have always done it if I hadn’t gained access after the test.

Five, always keep your software up to date when recommendations for upgrading come your way for security reasons. At least I had that part covered.

And six… well, lucky for me I was hacked only to mess with me. They couldn’t get into my blogs or content because I have some plugins on it that protects the blogs, as well as passwords hard enough to figure out to make it more of a chore. That and quick thinking from my host saved me.

Lots to learn here; I hope it helps someone in the long run if this situation comes your way.
 

Digiprove sealCopyright secured by Digiprove © 2014 Mitch Mitchell
Share on Google+0Share on LinkedIn0Tweet about this on Twitter22Share on Facebook0

Tags: , ,

7 Comments »

Ugh! I am SO sorry this happened to you. The sucky thing is, say one does not know how to use Filezilla, then they have to learn that program, assuming they already have it. Like with me, I have it but use it so rarely I have to learn it all over again.
You wrote: “Most people who create free themes add things into the footer and hide them with some type of scrambling program. … I obtained some software so I could see what was in there…” Care to share that program name? Please and thank you.
Troy recently posted…#872 Bill Cosby has taught us a lot over the yearsMy Profile

December 1st, 2014 | 4:03 PM

Troy, I knew someone was going to ask, and I just don’t know. It was six years ago and I can’t even remember the search term I used to find it.

Yeah, it was ugly, but it was also a cautionary tale that I got to tell others about. For now I can live with that. 🙂

December 1st, 2014 | 5:33 PM

No worries Mitch. I am just glad you survived.
Yes, I have come to making sure all my updates are up to date on all my sites. Thanks for the reminder and spreading the word.
Troy recently posted…#874 A perfect high dive entry leaves a big splash, no wait…My Profile

December 1st, 2014 | 7:42 PM

I started reading this post earlier today but got side-tracked and am just now getting back to it. I’m glad you were able to fix the hack. But now I’m wondering – and quiet possibly getting paranoid – but, over the last few days, I’ve been getting comments from people on my blog with strange looking URLs. They look something like: ge2951u8nltf1n412rxi4816u05jys2ps DOT org. To me, the URL looks like a password string. Anyone else ever see commenters with URLs like that?
Derron recently posted…New Blog Post – WordPress Child Themes And CustomizationMy Profile

December 1st, 2014 | 10:12 PM

Actually I have Derron, along with some strange looking spam. I’ve just been blacklisting the domain names and deleting them all. If these guys just applied themselves to making an honest living some of them might be rich.

December 2nd, 2014 | 8:13 AM
Mike LaPorte:

Firstly, sad to hear what has happened to you, Mitch, it has happened to so many of us online. However, Kudos to you for the ‘keep cool’ quote, the invaluable information, and for passing it on. You have enough to do when you are in the road, so I, for one, appreciate your sharing.

December 3rd, 2014 | 11:45 AM

Thanks Mike. Getting upset wouldn’t have fixed a thing and luckily I had a friend who could at least get me some information I could work with. Still, isn’t it amazing how sneaky these guys who know how to break into things are?

December 3rd, 2014 | 1:27 PM
Before you leave a reply; please see the comment policy if this is your first visit. This blog doesn't accept keyword names. I need a real first name or a legitimate nickname that you're known for. If your name has more than 3 words or the email address begins with "info" or "admin", the comment automatically goes to the spam filter; same if there are any links in the comment or if you don't have a gravatar. If your comment goes to spam for any of these reasons, or any other reason listed in this post, it may never show up on the blog (I do forgive the link issue if you've commented on the blog previously and I'll forgive the gravatar thing for first time visitors). If it goes there for any other reason (and I know some do), I'll pull it out as I don't intentionally moderate any comments on this blog.

One last thing; if your link is an affiliate link or goes back to a strange website or webpage I don't like, if I keep your comment I'll remove your link. That's why I have CommentLuv for blogs; if you have a legitimate business just leave that link & no sub-links. Trust me, it's best to read the comment policy if you don't get it, or never see your comments showing up here.

If you like this post, why not donate to the cause? :-)

Comment

CommentLuv badge