Never could I have imagined that my little happy art blogs would be hacked by a sophisticated hacking ring of criminals, but this is exactly what has happened to FineArtTips.com and LoriMcNee.com.
In fact, the hacker took great pride in pointing my blogs to a page that proudly displayed, “Hacked by ViciOuS”.
Honestly, I am a bit reluctant to write about this topic because I do not want to give this malicious hacker any publicity, plus this is a topic that goes well beyond my expertise. That said, I feel it is important to pass along what I have learned from having my two WordPress blogs hacked and down for a full week.
But first of all, thank you to my readers and fans for your patience this past week, it has been a bit stressful and it is great to be back up and running! ~Lori
Why would someone want to hack my sites?
This is what I learned when my blog got hacked. Who and what is a hacker?
Before last week, I always thought ‘hackers’ were just some misfit computer nerds who enjoyed playing mean tricks on the rest of us! Boy was I wrong…believe it or not, website hacking is a modern enterprise of organized crime. These hacking organization rings have professional programmers that campaign to take control over thousands of the world’s computers. These hackers are very sophisticated with in-depth knowledge of operating system software, browser vulnerabilities, and programming. Their hack attacks are most always automated where bots crawl the web in search of chink in someone’s website armor.
Why do they do this and what do they want?
- Hackers want your money and they know just how to get it! They use your server to make their money.
- They are looking to find your confidential financial information including credit cards, Social Security numbers, FTP passwords, website logins, and any other private information.
- Once the thieves have your personal information, it is easy for them to steal your identity, sell your credit card number in bulk to brokers who will resell them, and use your information for car loans and home mortgages!
- This is what the hacker, ViciOuS did to my Webmaster! He hacked right into his bank accounts. We caught him before it happened to me!
How do they do this?
- Hackers like ViciOuS install malicious Trojans, keyloggers, and other spyware. Once on the PC’s, the malware will search for the data it wants. It also captures FTP passwords, PHP code, and other user IDs and passwords as users login to their various bank accounts and other important websites. These bots are done by web crawlers that send out malicious requests to thousands of websites a day in hopes of infecting a percentage.
- They also copy the victim’s database and install spyware or phishing pages in the hacked site to grab the data. This way, the hackers will also gain access to your email.
- ViciOus got into my webhost’s server and attacked the 60 other websites that shared the same server. The hacker took control over all the websites in hopes of gaining access to poorly protected PC’s.
- …and the list goes on. For more details, read the informative website here, http://25yearsofprogramming.com/blog/2008/20080311.htm
How do you prevent hackers? The best defense is a strong offense!
- Stay current on your website updates.
- Keeping your website updated will keep hackers from find any vulnerabilities to gain access to your blog.
Most importantly, use a good hosting site. I switched from GoDaddy to BlueHost and have never had a problem since!!! They answer the phone quickly, are knowledgable, speak English, are helpful and trouble shoot!
“As soon as an update comes out you’ll want to make sure you implement it. Keeping your WordPress updated is one of the simplest things you can do and will lessen the chance of your blog getting hacked.” ~Todd Ridge
- Backup your blog (This is the only reason why FineArtTips.com and LoriMcNee.com are back online again!)Make sure either you and/or your webhost backup your blog. It is best not to leave your backup to your webhost. Just like you backup your computer and laptop, you need to backup your blog or website.
- WordPress is easy to backup with this plugin http://wordpress.org/extend/plugins/wp-db-backup/
- (1) It allows for you to save a copy to your server that you can retrieve at a later date.
- (2) It also allows you to download a copy of your database to your computer via a link in your browser.
- (3) Finally and the best option is to have it email the backup to any email address you specify.
- Another great option is BackUpBuddy <http://pluginbuddy.com/purchase/backupbuddy/> . This plugin backups your entire WordPress install and will quickly restores your site on the same server or migrates to a new server with a different domain and database.
- But even better, BlueHost offers automatic backup.
Use Strong Passwords
- Avoid using any password that is easy to guess like 12345, your domain name or your first and last name.
- Change your password often and keep it in a safe place.
- Also, make sure to use different passwords for your blog and other important accounts. For example: do not use the same password for your blog, social networking sites and banking accounts.
Keep All Your Files on Your Computer
- This is something I did not do! Even if you are backing up your blog.
- It is a good idea to keep all your blog posts and images in a folder on your computer. This is an added layer of protection and you can easily restore things if your blog gets hacked.
What to do when your blog is hacked:
- Stay calm! Nerves only asseverate the problem.
- Call your Webhost or someone who is a website professional. You are going to need help.
- Run an antivirus scan on your computer – even if you are on a Mac, especially if you use a PC.
- For my Mac I used: iAntiVirus Free Edition <http://download.cnet.com/iAntiVirus-Free-Edition/3000-2239_4-10854561.html>
- For PC’s try: Free AVG <http://free.avg.com/us-en/free-antivirus-download> , or StopZilla <http://www.stopzilla.com/products/stopzilla/home.do>
- Artist and web designer, Joanie Springer suggest using a WordPress plugin <http://wordpress.org/extend/plugins/ultimate-security-checker/> that tells you everything that is vulnerable and then gives fixes. These are some other great plugins to check into: http://wordpress.org/extend/plugins/secure-wordpress/ http://wordpress.org/extend/plugins/wp-security-scan/
- Pick the right Webhost. Ask questions and make sure your server’s site is secure with a knowledgeable security team in place for just such occasions. Not all webhost companies are alike!
** I hope this blog post saves some of you from the hacking nightmare I experienced – I had to learn the hard way. Have you ever been hacked? Please share your story and/or tips in the comments…we all learn from each other! *** For more in-depth information on hacking and step-by-step site repair, please visit this very helpful website: http://25yearsofprogramming.com/