Tuesday July 13, 2010
On Saturday my website was hacked. It started with this email from some dude named "Info". The subject line was: “Are you OK?!?!”
The content read:
Hi, Im a hacker.
I dont have much time, but I saw that you remove the account that I created on your Cpanel, you know that I dont want to harm to your site.
I just want to have some space to park my domain.
But, if you annoy me, I annoy you too.
This is the first alarm.
If you dont pay attention to this alarm I will hack your site very terrible.
Well, besides having atrocious spelling and grammar skills, this guy just pissed me off! So I went to my site: www.LinkedIntoBusiness.com and sure enough, this lovely message came up:
(What happened - for those of you who understand what this means - is he went into my root file and deleted my CSS files, replacing them with this code - I think)
I freaked – and then got on Twitter.
With a little research, my friend @KurtScholle discovered the culprit’s email address was: [email protected] (feel free to retaliate if you like) and said culprit had parked several icky sites in my hosting account @HostGator Particularly nefarious was the fact that he had set himself up to receive all my backups - eeeeeewww (Thank goodness I never backed anything up!)
It was only a few hours after my site was hacked that people began letting me know that many of my links were broken. (Thanks @CourtneyEngle)
- So the first “blessing” was knowing people actually looked at my tweet stream and bio and were clicking onto my (now inoperable) site. They love me, they really love me!
- The third blessing were the hours my friends gave me to help me out. Every one of them free of charge. A huge special thanks to Kurt Scholle of www.webasylum.com, Richard Wright of www.WrightComputerSolutions.com and Chris Cree of www.SuccessCREEations.com (I must add here, that it only took Chris 45 minutes to decipher and fix what was a rather sophisticated hack!) BTW - these are not just friends who had nothing better to do on a Monday afternoon- these are consummate professionals - some of the best in their fields... just sayin'
- Blessing number four: This took place a few days BEFORE my web guy was going to do a major overhaul on my website – so we didn’t lose any work.
- Blessing number five: I hadn’t any merchant services or product active on the site . In fact, all my product had to go through another site and another host www.inboundmarketingproducts.com
- Blessing number six: I learned my lesson, and am here to share them with you!
- Even if someone else creates, manages and hosts your site, acquaint yourself with the CPanel. If I went into my CPanel more than once a semester, I would have caught the squatters earlier (like in May)
- Make sure you use a trusted host (I use, and Chris Cree recommends Hostgator)
- If you use a Wordpress based site, make sure you upload the latest version (3.0)
- DO NOT use the generic usernames (admin, etc)
- USE A SOPHISTICATED PASSWORD. This is what got me – I just used numbers and letters and the password was – well – kinda obvious. Use a unique password for all your sites and sign-ins. Use numbers, case sensitive letters, and special characters. Do not use a version of your name, your pet’s name, or the domain name. Better yet – use a password generator.
- Cultivate friends who can help in these situations – and reach out to them.
- BACK UP YOUR DATA – not just your computer data, but your website. Almost all hosting sites have backup options. Use them!
So my site isn't still up to snuff, but things could have been worse - a lot worse. What this showed me was I was being sloppy, relying too much on the knowledge of others, and not relying enough on my friends. Now I know better. I also know what an awesome resource we have in twitter!
If you've ever been hacked, and have some advice, please let us know!