I was HACKED and how I got control back again!
I should have recognised, I should have taken note of the signs. “It’ll never happen to me” all classic cliche lines but they are true. I was hacked, well my blog was, and although the repercussions weren’t felt instantly, they have sat in the background lurking until more recently when they raised their “multiple” heads. Thankfully I’m glad to announce I’ve managed to root out the issues and have my beloved blog back again all nice and clean.
Roll back to November last year (yes that long ago), I remember when I tried to get into my website but was greeted with a server 500 error. Typically this is a fatal error type, and normally only occurs after I’ve messed around with the wrong .php file in the root of the website. This time though they’d been no tinkering by me so I jumped onto the online chat of my hosting company to find out what was going on.
Turns out my hosting had done it, I was fuming, why had they not told me? Why had they done it? How long was it down for? Turns out only a day but the reason… they had detected multiple brute force attacks on my url and had taken it down in order to stop the attacks as well as to force me beef up my security. They told me they would unlock my site to me only until I’d beefed up the log on security and only when I’d confirmed this, would they release it back into the public domain. Obviously I got onto it right away, logged back in, added the necessary requirements and got my host provider to unlock my site within a matter of hours…. phew close call I thought to myself.
Nothing seemed different with my site, no issues accessing it, nothing, I was REALLY lucky… or so I thought. This week when publishing a new post, I instantly got a barrage of DMs and tweets on twitter telling me that my site was taking them to other websites, the dodgy kind (not that dodgy you filthy mind) but defo not the type I want associated with my site.
I instantly set to work, I was on the train to my day job at the time so resources were limited but the first thing I did was YouTube’d some key words from what I’d experienced and up came several really helpful videos. I find youtube is much more quicker and informative when looking for tutorials. Having checked a few out I set to work on trying to find what typically is some hidden coding in the core files of my site. Nothing.Nada. Zilch.
More videos and I came across some helped plugins I could use (which were free too). Installing a plugin called WordFence meant I was able to scan my entire site for anything malicious and I was shocked as to what I found. Nearly 20 of my older blog posts had rogue scripts and URL links in them but more worrying, there were no less than 3 backdoor exploits which had been loaded onto my site to allow such hackers to add coding when they wanted!!
I was gobsmacked, being an ex bank manager, I like to think I’m pretty damn receptive to all things phishing, scams and anything in-between but clearly my positive nature had played me when I previously had issues last year.
Having isolated all the issues, and either removed, deleted or repaired such files, I now have a clean website once again and having some really great blogging friends and readers has meant that all of them have confirmed no issues since my deep clean, which has pretty much taken all day to resolve.
I’ve also made a few more changes to my site like two factor authentication and upgrading to the premium version of the antivirus plugin so further occurrences won’t, well occur and OneDadOneBlog can be free to live and breath without issues again.
Damn you hackers but I won’t be beaten
Until next time