I just wanted to thank everyone who emailed me last week to let me know that one of my articles was hacked. Thanks to all of you, I discovered the problem article and was able to take action immediately.
While this wasn’t the first time that I’ve been hacked, this was the first time that the intrusion had nothing to do with my server at all.
What Happened Exactly?
Shortly, after publishing my last article on How Our Online Business Needs To Be Improved, I received a flood of emails letting me know that my article was flagged as malware by Google.
When I went to see the article myself, I was greeted by a sea of red with the words “This Is A Reported Phishing Website!!”.
At first I panicked, because I was worried that my online store had also been compromised. But luckily the intrusion was limited to only that single blog article.
Ultimately, I narrowed the problem down to a third party ad server that had been hacked and was serving bad advertisements to my blog.
In any case, instead of just telling you how I got hacked, I thought that I’d take the time to show you how I narrowed down the hack and how I protect my websites from excessive downtime due to malicious hackers.
Getting hacked is inevitable, so you need a plan on how to get your website back up quickly when it happens.
Backups Backups Backups
Effectively protecting yourself from hackers starts by backing up your site on a regular basis. It’s not good enough just to do manual backups of your site because sooner or later you’ll forget to do it.
Trust me! And due to Murphy’s Law, the day that you forget to backup your site is the day that you will get hacked. Just take my word for it.
The best way is to automatically back up your site using cron. I’ve already written an article on How To Automate Backups that you should definitely checkout. In addition to that article, I now also take one extra added precaution.
These days, I also email my backups to 3 separate email accounts as well. It’s not good enough to store your backups at home or strictly on your server.
After all, if there’s a fire or if your server dies, you could still lose everything. It’s better to store your information “in the cloud” if possible.
I also tend not to rely on my webhost for backups. Why? It’s because I don’t trust them to do as good of a job. I don’t trust them to be as anal as I am.
Also, a backup is no good unless you know it can be restored. If you rely on your webhost, you’ll never know that your backup is restorable until you need them to do something.
Detection Detection Detection!
The other crucial component is detecting when you’ve been hacked. I have several safeguards in place to detect an intrusion that is outlined in my article on How To Minimize Downtime When Getting Hacked.
These days, I’m also a bit more paranoid so I run a program called “LFD (Login Failure Daemon)” on my server as well. This daemon basically logs every single login to my server including all ftp attempts, ssh attempts etc…
That way, if anyone accesses my server outside of myself, I know immediately via email. In addition, LFD also automatically locks out any user that fails to login 3 times in a row and permanently blocks their IP.
Make Everything Automated
Once you have your backups and detection mechanisms in place, make sure that you can easily execute your recovery plan. Whenever I get hacked, I still panic even though I know I’m prepared.
As a result, I tend to forget how to do things on the fly because I’m not in a good state of mind. That is why I implement push button scripts that do everything for me.
- I have a script that automatically restores the latest database backup
- I have a script that tells me any file differences between what is live and my last backup
- I have a script that detects any changes at all to the website since my last update
What I Did That Day
So when I first discovered that one of my webpages had been compromised, the first thing that I did was to run my md5 checksum script to see if a hacker managed to change any website files.
Just in case, I also ran my “difference checking” script to see if any files were changed since my last backup. The answer was no.
Then I checked to see how my database had changed since my last backup (I do backups once a day) and didn’t see anything suspicious. I had only posted one new article and answered a few comments.
There were no malicious SQL related intrusions as far as I could tell. The database intrusion checking step is the only manual step of my process.
Because my database changes multiple times on any given day, it’s difficult to compare it to a backup automatically unless I do more frequent backups.
I use 4 different ad networks and all of them randomly serve ads on my site. After Googling about ad servers being compromised, I discovered that many other webmasters had been experiencing the same thing.
Even though I took an in depth look at the code, the malware code was no longer being served so I sent a note to Google to remove the article from the malware database.
As an added precaution I’ve removed the ads from my blog for now. Once the coast is clear, I’ll put them back. The moral of the story here is that getting hacked is just something you have to deal with as a webmaster.
It sucks and it will happen eventually. You just have to know how to deal with it and recover. Hope this article helps you defend yourself from future attacks.
- How To Automate Backups For Your Online Store And Why I’m An Idiot
- Your Website Just Get Hacked? – 3 Tips To Minimize The Downtime
- The Easiest Way To Start A Fully Featured Online Store Without The Headaches
- The Danger Of Hotlinking – Web Related Lessons I Learned This Week
Have you read these?
- When To Upgrade From Shared Hosting And Why Unlimited Bandwidth Is A Lie
- My Review Of Google Shopping, Amazon Product Ads, And Shopzilla Based On Data From My Shop
- 5 Painstaking Lessons Learned From Managing Inventory and Cash Flow The Wrong Way
- Product Sourcing: What To Expect When Dealing With Overseas Vendors
- Adwords And PPC – The Biggest Money Wasting Mistake That New Users Make