Getting hacked was not one of the new experiences I planned for my website in 2016. True, when I went to Rome’s Porta Portese flea market, I carried a spare wallet just so I could say I’d been pickpocketed but that was an experience I was planning for.
I’ve already written my 2016 plan. I changed my theme, although admittedly the differences are slight unless you see my front page. I also planned to bring some advertising to my site. I still don’t have enough traffic to make advertising worthwhile but it’s part of the blogging experience. I also wanted to do more to highlight the stories I’ve written. No question about it, getting hacked was not part of the 2016 plan.
I’ve been very careful. I do a weekly backup just in case. I use Wordfence to protect my site. I’m the only user and my password is not subject to a simple guess. I watch my logs carefully for signs that someone is trying to hack my site. Despite all that, on March 11, I discovered I had been hacked.
The amazing thing is that I almost did not realize it had happened. WordFence failed to notify me I had a problem. Google failed to notify me I had a problem. None of my subscribers noticed a problem. I only discovered it by accident while I was attempting to improve my security.
I found it when I modified my .htaccess file to block some suspicious visitor. When I saved the file my website quit responding and I got an error telling me that the server was incorrectly configured. I was fairly sure that my modification had not caused the problem, so I gave it a few hours just in case GoDaddy was having problems.
When I finally gave up and called GoDaddy for some help, they informed me I had been hacked. If you tried to go to my website through Google, Yahoo, Bing and a few others, you were redirected to another site. If you directly to Opinionbypen, as would happen if I were checking my site, you went right to the page you expected.
GoDaddy had a solution for me. For only $84 a year, they would scan my site daily for malware and vulnerabilities. They found and neutralized six files that weren’t supposed to be there but found no vulnerabilities.
Bottom line, I was extremely lucky. I stumbled on the infection less than a week after it happened, none of my files were deleted, Opinionbypen wasn’t flagged by Google for malware and it took less than six hours to restore my site. Yeah, I still don’t know how I was infected. It certainly wasn’t a lucky guess of my password. I’ll admit I’d become lax in deleting all the plugins that were no longer being updated and that’s always a possibility.
Examining what happened. The hacker was very careful not to trigger any alerts from Wordfence. With the exception of .htaccess, none of my files were changed. The added files had random names, in several cases taken from pictures on my site. In other words, they had done this before.
I could feel bitter about this but there will always be people trying to get ahead by destroying the work of others. Consider this, how many other websites has this happened to where the operator has no idea all his or her traffic is being diverted?
If you see something odd about a website, maybe a strange popup or you get redirected, don’t hesitate to notify them. Almost every website has an Admin email address, it’s my case it’s firstname.lastname@example.org. We want to know, it’s our reputation on line.
Now I have a dilemma. I’ve already paid GoDaddy for their tool but since it found no vulnerabilities, I have to consider my site still at risk. I’m not about to give up Wordfence because it provides a lot of protection that GoDaddy’s tool doesn’t but Godaddy’s protection comes at a price and next year I have to renew my hosting with GoDaddy at full price. The price of my blogging hobby is about to triple.
No, I’m not asking for donations, or contributions or warning you that I’m about to stop blogging if I don’t become a success. That decision is strictly between me, my ego and my wife. I do want you to think about all the small websites you visit for recipes, gossip and helpful facts. Take the time to tell them thank you sometime. Keeping you safe isn’t cheap.
© 2016 – 2019, Byron Seastrunk. All rights reserved.