Twice in the last few weeks, my site’s been hacked. Whoever did it used it to send spam out, which resulted in my website being suspended. Talk about a rude awakening…It stinks to go to your website only to find a big banner going across it reading something to the effect of “This account has been suspended…” with instructions to contact the host company.
This all happened on Wednesday, August 6. I remember it well because I found out about it right before I had to leave for my pre-admissions testing at the hospital. What timing, I tell ya.
At that time, the tech told me it might have been because I didn’t have the most recent version of WordPress installed. WordPress fixed some vulnerabilities in a later version I didn’t even realize was out there. I had trusted Fantastico to have the most current version, but they didn’t. Simple Scripts is much better about keeping scripts updated, I later learned. There were some other glaring issues which left my site vulnerable, too.
Did I figure all this out on my own? Heck no! I am accomplished in many areas, but web design and coding is not one of them. I’m a very proficient end user, but don’t ask me to dig in and do stuff in a site’s back end. I am one of the huddled masses who rely on others to help them with this stuff.
All I can say is thank God for William. He met me at the coffee shop near Howie’s office that afternoon and spent a couple of hours updating our WordPress installations and checking on other things. His wife Rebecca had a thick novel with her and spent the time reading and sipping on a decaf.
As soon as I called and spoke to them, Hostmonster e-mailed me a list of things to do in order to secure my site. From what William said, it is stuff most web hosts suggest, but some of the things aren’t really necessary anymore.
Flash forward to yesterday. I found myself with my site suspended again. Fortunately, by then I had transferred our e-mail service to Google Apps, so it was only the website affected…Only this site, actually. The hackers didn’t do anything to our other sites on our shared space.
Once again it was William to the rescue. I reached him on Google Chat yesterday afternoon and he took it from there. I don’t know what all he did, but he must have spoken to someone at my host because my site was back up a few hours later.
Still, neither he nor I knew whether the hacker had left some kind of back door access to my site. William suggested I backup my SQL databases and my entire website, then have my host wipe it out so I could reinstall everything cleanly. It is the only way we’d know there weren’t any lingering issues.
So, with some gentle prodding from my friend, I exported my SQL databases last night and downloaded our entire webspace. Today, I asked tech support to wipe it clean.
Well, they wiped out everything. I went back and logged into the control panel only to find everything was cleared back to the point where nothing was left but my admin name and password. I knew the MX entries, subdomains, user accounts and such would have to be recreated, and that wasn’t so big a deal because I knew how to do those things.
My biggest problem was getting the SQL databases back up to my site. I tried importing them using phpMyAdmin, but I kept getting errors. I knew I had to get them back online before installing WordPress again, but only because I had gone to Simple Scripts and tried to install WordPress, only to have it ask me what database to associate with the installation.
Is this boring? I went through it and even I think it’s boring. Sigh.
To make a long story short, William helped me yet again by having me e-mail him my SQL files then doing some crazy magic in phpMyAdmin and getting them where they needed to be. He also reinstalled WordPress.
The only plugin we are using for now is the Akismet comment spam filter. Since we really don’t know how the hacker gained access to the site, it’s best to start with a pretty clean slate and then add other plugins back in slowly and monitor what happens.
I tell ya, this stuff about gives me panic attacks. It is such an awful feeling of violation when someone messes with your site. Yuck. And to be someone who doesn’t know about all this php stuff and how to even find where the stuff on that list is, let alone fix it…Well, it sucks. I just hope this stuff is shored up and we’re good to go.
I really need to learn about this stuff, but I know it’s will have to be in the form of a class I attend. I know myself well enough to see that self-study or even an online class won’t work for me. I need the structure that a classroom setting provides, with the ability to as questions and learn by example. I should check into auditing some classes at the local technical college.
Okay, kids, I’m exhausted and sore. My shoulder’s not up to this much computer time and I’ve been working on website-related stuff since about 8pm. I’m going to bed!