Home › Forums › Announcements › Site hacked
- This topic has 0 replies, 1 voice, and was last updated 7 years, 12 months ago by Phidippides.
-
AuthorPosts
-
PhidippidesKeymaster
On or around November 1, I had about a dozen of my sites hacked, including this one. The hacker was able to place files into a site of mine covertly and it was done so that even if I deleted the file, it would automatically reinstall itself a few seconds later. Other files were infected with malicious code. The funny thing is that the timestamp on the infected files was not changed to a recent date; not sure how they were able to bypass the date modification, but they did.
I eventually found out that the code caused my sites to publish a bunch of pages which advertised various academic papers/essays. I believe that those were phishing pages or directed visitors to phishing sites. Anyway, the malicious code caused a huge drain on my web hosting company’s servers, and they ended up suspending my account several times because of it. I finally told them to leave the suspension in place while I fixed the problem. I had a lot of sites located in subdomains under one primary domain, and I believe every single one of my subdomains was infected.
Needless to say, this was a big deal and a huge headache. I had to move my sites away from the primary domain into “child” accounts so they are now separate from one another. In the future, if one of my sites gets hacked, it will not infect the rest of them.
I had to look back and find the last remaining clean copy of my site that I had backed up, which I think was dated October 30. This means that my post-election conversation with Aetheling was not saved.
Now that things here are back up and running, I intend to be even more vigilant about security and also to make more regular backups. I am still in the process of cleaning the other sites of mine that were infected, but one-by-one I hope to get this accomplished.
-
AuthorPosts