I Was Hacked

Upon realising that I was completely shut out of my control panel, I contacted my webhost to ask them to reset my main level password.

While I waited for them to do that, I made a list of everything under the main level account that had a password, including subdomains, FTP accounts, and email accounts. I spent some time coming up for each with a cryptic and strong password that I still had a hope of remembering. My previous passwords had been okay, but I made the new ones even stronger, making sure to mix up letters and numbers, not use dictionary words, and use a smattering of special characters.

My webhost was surprisingly quick to respond with a new password as well as a list of files and folders that were recently accessed. I changed all my passwords, then went through the accessed folders to delete everything the hackers had added.

The hacker added pages and coding to my server that made it send out spam and phish for information. Both are illegal activities.

The phishing was in the form of pages made to look like those of big banks. I think the hackers were trying to get people's banking information. I am not sure what sort of spam they were sending.

So not only was my own information compromised, but I looked like a deadbeat spammer and phisher, and I was certainly a threat to anyone who came near my account. Needless to say, fixing this couldn't wait!

My webhost thinks that the hackers got in through an older version of Wordpress. I use Wordpress as a content manager for my sites and blog. It gets updated frequently on the sites that get updated, but I often forget to do it for the static sites, such as uskeba.ca.

Once I'd taken care of passwords and bad files, I set to work updating all of my Wordpress accounts. Oh, boy, did I get a Wordpress education! I learned how to use PHP My Admin to access the Wordpress SQL databases and even how to write some code to enter through a backdoor so I could force a password change for a site that just wouldn't let me in (probably because it was running an ancient version of Wordpress).

I only got evidence that one of the Wordpress installations had been compromised by the hackers, the one for uskeba.ca, since my user name was changed. That motivated me to get back to password generation and change all my Wordpress passwords, too.

I woke up on December 5th, 2011, to discover that my webhost account had been suspended. It couldn't be a coincidence. I must have missed a bad file.

They had been very quick at getting back to me for the hacking support ticket, so I figured I wouldn't have to wait long to get help. It took 13 hours and four emails before they got back to me!

It turns out that I had, indeed, missed a file that was sending out spam. The webhost reinstated my account and told me to find the file in question, but was unable to help me locate it. They apologized for the inconvenience, which pushed me over the edge. I replied, "Inconvenience? You guys knew from correspondence this weekend that I had been hacked and was working on clean up. An appropriate response to this issue would have been to contact me immediately and tell me I still had some clean up to do. Disabling my account for 13 hours and ignoring my emails for that time was inexcusable."

At this point, I was more angry with my webhost than with the hackers. My livelihood and reputation were at stake and spending a full day with THIS ACCOUNT HAS BEEN SUSPENDED coming up did nothing to make me look professional.

It took some sleuthing, but I managed to find the offending file that was sending spam. All I could do was wait and see if things were going to return to normal.

As soon as I discovered my account had been suspended, I used my blog's Twitter account and Facebook page to get the word out that I was having problems and was working towards a resolution. I knew these messages wouldn't reach all my readers, but it was better than doing nothing.

I then used my backup email address to contact the friends and clients I deal with daily.

As the long day wore on, I was surprised to see how many people were concerned about the blog being down and seeking out creative ways to reach me, including using my Squidoo profile! When my account was reinstated and I regained access to email, I found several messages from concerned readers. It was gratifying to know that I wasn't waiting alone on those tenterhooks!

It was only after my account was suspended that I realised that the only one of my sites for which I had a backup was my blog. And I only had the blog one because it was threatened by the hackers!

So as soon as my account was instated and I was sure I'd gotten the last of the beasties, I made a backup of everything and scheduled reminders to make backups more frequently.

I also set up a professional-sounding backup Gmail address. I loathe Gmail with a passion, but there aren't really many other alternatives. I was pretty embarrassed to have to email clients with my non-professional-sounding Gmail address that morning and realised that I needed a better alternative.

But email wasn't as huge a disaster as it could have been because I download all my email using Apple Mail. So if worse came to worse and my account was terminated without my being allowed access to anything, I would have only lost a few days' worth of mail while I transferred things over to another account.