On Hacking and Pirates

So as many of you know this site and several other SEO sites were the target of hacker using a wordpress exploit, to gain access to my site. Plain and simple the problem rests on my shoulders for not keeping my wordpress install up to date. I was at least one or two versions behind. While updating wordpress isn’t hard, it does become a bit of a bother if you run multiple sites, but being lazy is no excuse for lax security. So to you mr hacker you won and enjoy your moment in the sun. For those of you who want the complete drama read on …

pirates-of-the-caribbean-2-dead-man-s-chest-0Last night was the monthly meeting of Internet Marketers of New York (im-ny.org) which I’m a member of. Todd aka Stuntdubl asked me if I was free and could catch an early train into the city early for a bite to eat. After dinner on the way to the meeting Todd pulls out his blackberry/pda and say “two emails with the subject line HACKED, that can’t be good”. We meet some of the folks and Chris for 10e20 shows me the text from the hacked page, tells me it’s all over threadwatch and digg. He also tells me people are thinking it’s linkbait. We get little more intel on other people getting hacked and it becomes obvious it’s really a hack and not a ploy for attention.

At this point I had the option of choosing to stay and have a good night drinking and talking shop with some friends, or jumping on the train for the 1 hour ride back to fix it. Since I wasn’t running any commerce on the box and don’t have any other sites hosted with this company I decided to stay out and have good time hacking pirates be dammed. I’d like to thank all the people who took time to send me an email letting me know there was a problem, I appreciate it. I’d also like to thank Rae and John Scott who went to the extra trouble and picked up a phone and left me a voice message, you rock! For those of you who’s first thought was ‘this is linkbait’ I totally understand that, a healthy bit of cynicism is good thing. However in the future I’d just ask that you wait for a few more of the facts to come out before sending someone to the gallows … thanks.

I got home did a little research and decided the best plan was to wipe everything out and do a complete re-install. A payload of spyware could have been deposited and I wasn’t willing to take the chance. I had to manually log into the MySQL database, hand edit some values, delete any extraneous user accounts and change the passwords on the remaining ones. Kind of a bummer and not a lot of fun from midnight until 3am, but you gotta do what you gotta do. I’d also like to say thank you to the folks who offered technical support if I needed it.

Being hacked sucks! There’s no way to mince words about it, you have that icky violated feeling, that I hope any of you never have to endure. So learn from my bad example and keep your wordpress software up to date. I’d also recommend using this wordpress database backup which lets you schedule a nightly job to email backup to your offsite gmail account.

Update:
Be sure to look at a post from Reuben Yau on Protecting the WordPress wp-admin folder with htaccess. You are putting that file in the WP-Admin folder not the root folder.

GraywolfSEO.com runs on the Genesis Framework

Genesis Framework

Genesis lets you to quickly and easily build amazing websites with WordPress. Whether you're a novice or advanced developer, Genesis provides the secure and search-engine-optimized foundation that takes WordPress to places you never thought it could go.
It's that simple - start using Genesis now!


Take advantage of the 6 default layout options, comprehensive SEO settings, rock-solid security, flexible theme options, cool custom widgets, custom design hooks, and a huge selection of child themes ("skins") that make your site look the way you want it to. With automatic theme updates and world-class support included, Genesis is the smart choice for your WordPress website or blog.


tla starter kit

Advertisers:

  1. Text Link Ads - New customers can get $100 in free text links.
  2. BOTW.org - Get a premier listing in the internet's oldest directory.
  3. Need an SEO Audit for your website, look at my SEO Consulting Services
  4. TigerTech - Great Web Hosting service at a great price.
Read previous post:
Why is Everyone Connected With Google So Creepy

Anne Wojcicki wife of Sergey Brin who is in charge of 23andMe.com (sorry no link love for you) is set...

A Picture Creates a 1000 words

Not exactly sure how I managed to use video to make an issue more complicated, but my post on how...

Make WordPress Search Engine Friendly

Here are some tips for setting up wordpress and making it more search engine friendly, please feel free to rate...

Close