Apparently my blog was hacked this weekend by religious extremests that write and spell at a 7th grade level (screenshot from another blog victim)
I sat down Sunday morning to attempt to bust out another week’s worth of posts (I blog like a college kid drinks- in binge quantities.) As I tried to access the control panel of my blog I was instead faced with a surprise:
ISLamIc OF HaMaDa ScoOoRPioN
Hamada Scorpio was here. Sorry for the inconvenience.
Crap my blog has been hacked, and the perpetrators don’t know how to spell. At least they tried to be polite about it. Of course that was before they left a rather derogatory message against Israel.
I checked my root domain and found out the same thing, it appears that sometime on Friday or Saturday my site got hit- and it was now time to get to work to clean up the mess.
My blog usually isn’t the target of attacks like this- I guess I should be honored that my blog was chosen to be the vehicle of hateful messages. I didn’t know what to do at first but after some quick thinking and research I took the following steps:
- Contact your webhost: I submitted an urgent support ticket to my longtime web-host SimpleHost. I figured they should know about the security issue as I quickly worked on item 2. They got back to me rather quickly to offer up a restore from their daily backups, which would be a quick and easy fix if the restore didn’t cost $50. SimpleHost got points for quickly responding but their growing fees are the main reason I’ll be shopping for another host when my contract is up.
- Take your blog offline: I didn’t really know how to “turn off” my blog. I found out the quickest way was to FTP into my site and rename/delete the index.php file in the root directory. I later uploaded a new index.html file with my favorite error message: “The System Is Down.”
- Clean your files/Restore from a backup: Now it’s time to clean up the mess that was made, since I am cheap didn’t want to pay the $50 to restore my site from a back-up I decide to hunt down the cause of the problem and as Keenan Burton would say, “fix it!” I noticed that that perpetrators changed only one of my WordPress files to cause this mess, but since hackers often leave backdoors and other malware I decided to do a clean re-install of WordPress. I also checked my plugins and themes to see if any of those files were modified. I ended up re-isntalling my WP theme as well just to be safe.
- Change your passwords: Now that my site was back up and running I wanted to lock things down and figure out how this mess occurred. I changed my WP login, Host login, SQL datbase login, and FTP login. John P. of iFusion Labs has a really cool article on cracking passwords and why you should have a strong one.
- Lock down your site & check your computer: I checked FTP and Access logs and it doesn’t appear that the hacker entered through there and I think my site got hacked thanks to some file permissions I left public. I went back and checked all the file permissions on my blog. It could also be possible my login was stolen through some malware on my laptop. So I ran a quick Spybot scan to see if anything was lurking.
- Prevent future attacks: After I think the coast was cleared I took some additional measures to lock down my blog. I installed the WP Security Scan plugin and it helped identify other places where my blog was vulnerable. I also suggest regularly backing up your WordPress database just in case something goes awry. Luckily I already do that thanks to a plugin I use called WordPress Database Backup.
Some additional links I found helpful during this ordeal:
- Did your WordPress site get hacked?
- 8 Things Not To Do When Your Blog Is Hacked
- WP FAQ: My site was hacked
- E-How: How to Protect a WordPress Blog from Hackers
Related posts:
