My websites got HACKED! Here's the scoop…
A few days ago I get a call from a friend who has been working with me on a newer website. He says, “Chris, there’s something wrong with the site. There’s an error page showing to anyone who visits stating that your account has been suspended or something.” My first thought: exceeded bandwidth. That’s not necessarily a good thing when you exceed your bandwidth but at least it’s a good sign that you’re doing something right… because usually when you exceed bandwidth it’s because there was too MUCH traffic.
However, this was far from the case. I immediately called my host and got on the horn with a technical representative who told me my entire account, including all of my sites, was suspended because they detected “phishing” pages on my one of my sites.
Phishing pages? WHAT?!?!?!?
The rep went on to explain that someone had found a loophole that allowed them access to my server. Basically, they exploited a WordPress loophole that was present because one of my older sites had a blog which had not been updated in about 2 years.
Unbelievable.
My sites were all offline for about 3 days while I went back and forth with technical support trying to find all of the pages that the hackers had added to my server. The task was not easy and although it appeared they did it with some sort of malicious web script, I had to painstakingly go through everything one page at a time.
I decided to leave all of the sites offline while I did this to further protect my valued members, subscribers, customers, & friends from possibly being exposed to any of the garbage that the hackers added to my sites.
Now I have a programmer working around the clock to make sure every last web script is 100% updated to latest stable version.
Here’s the lesson I learned from all of this…
The more popular scripts such as WordPress, phpBB forums, or anything else that can usually be found in Fantastico (like CMS scripts such as Joomla, etc.) are all at extremely high risk of being hacked due to their popularity. The hackers are smart too, ya know? They build advanced scripts that scan the web looking for outdated versions of these popular scripts because A.) They know there’s a lot of people using them and B.) They know there’s a lot of people who don’t update them!
So here’s my advice, take it for what it’s worth…
Don’t use popular scripts like WordPress or phpBB forums unless you plan on keeping them regularly updated to the latest version.
Don’t let your site get too popular or else it may become a target regardless of what script version you’re running…
Ok, now let’s be realistic… people are going to continue using these most popular scripts because they have the most features and they kick butt. On top of that, the ENTIRE goal of having a site is to get as much traffic & exposure as possible so we’ll never “hold ourselves back” to prevent a hacking attempt.
So what can we do? Live in fear? Sleep with a shotgun? Call the FBI Computer Crimes Task Force?
Hmm, I guess all we can do for now is keep our scripts updated and hope for the best.
This was a fiasco I will never wish on another soul, not even my own worst enemy. Thanks for your patience while we got everything fixed back up and online again. I appreciate all of my loyal customers & subscribers who toughed it out with me for the 3 days all of the sites were offline from this successful hacking attempt I had to deal with!
Did you like this post? Share it!
Subscribe now to never miss a post!
Add the ProFromGo blog's RSS Feed to your favorite feed reader and never miss a post again.
No comments