My Website Was Hacked

I’m glad nobody reads my blog.

That was the first thing I thought of when I realized my website had been hacked. I’m glad nobody reads my blog so nobody will get their computer infected with a virus.

SIDE NOTE: My site is now safe. If you are reading this you are safe. This is my story about how I realized I was hacked and what I did to fix it.

It all started last weekend. I haven’t written a post in a while so I decided to put down some thoughts about some things I’ve been working on in the last few months and some things I have learned about recently. The first sign of trouble was when I hit my homepage. I noticed an abnormal amount of activity in my browser status bar. I thought it was odd but didn’t pay too much attention to it…especially since I didn’t get a warning from my anti-virus software.

I really knew something was wrong when I logged in to WordPress and couldn’t access my dashboard. Instead it flashed for a second and I was redirected to a blank page. The browser just stalled.

I wondered what the hell was going on so I called up FireBug to take a peek at the source code of the blank page (Inspect Element). I noticed that there was no on-page content, just some iframes with references to websites I’ve never heard of. I didn’t remember placing code like that on my site so I suspected that I was hacked.

Regardless, it was getting late and I was mad enough about the inconvenience that I was out of the mood to blog. I shut down and decided to investigate later.

The next day I accessed my site again from a different computer and this time I did get a warning from my anti-virus software. I now knew I had been hacked and knew that I had to do something about it. I called my hosting company for some guidance about what to do and was basically told, “Tough shit. It’s not our problem.”

I was, however, directed to a page on the company FAQ about identifying, removing and preventing malware on my virtual web server which I deemed the natural successor to the “Tough shit, not our problem.” response.

Although the “support person” was completely indifferent to my website helping spread garbage all over the Internet and infecting innocent people’s computers, he did make sure to try and upsell me on an expanded hosting plan before I hung up the phone. Seriously, I have a fucking virus on my website and you’re trying to sell me an expanded hosting plan? What the hell do you think I will say to that offer?

I was able to glean some helpful information from the article about malware in general but nothing that would specifically help me with my problem. I spent the next few days searching the Internet and was finally able to diagnose the problem and apply a fix.

My next few posts will be specifically about (1) what I did to fix the problem and (2) the lessons I learned from this experience.

I guess in some ways this hack was a blessing in disguise. You see, like I said earlier, nobody reads this site so I doubt anyone really got screwed. However, I also run four other WordPress sites and those have a significant readership (including friends, family and customers). I would feel absolutely terrible about having one of my sites harm or infect anybody but especially friends, family and customers. You can be sure I’ve already applied my “lessons learned” to the other sites.

So in a way I’m glad my personal site was infected because now I’m smarter and more prepared to defend against and respond to this type of situation in the future. Be sure to keep reading and come back for the next two parts (1) Fixing the Hack and (2) Learning from the Hack.

How about you? Do you have any stories like this? Please share.

Tags: , , , , ,

No comments yet.

Leave a Reply