You are here: Home » Blog » Miscellaneous » Business Systems » Russian Hacking Nightmare

Russian Hacking Nightmare

by Ed on 13th January 2012

Last week I received a very helpful but rather shocking message from one of my e-mail subscribers, informing me one of my websites had been hacked!

That was a tad embarrassing, and I probably should keep schtum about it!

However, what I learnt as a result of the incident is far too valuable for me to not share with you. If you’re able to use my experience to prevent the same happening to you then all’s well in the World!

MALWARE!

First of all, I don’t know how or why (the investigation continues!) but a malicious hacker somehow had managed to ‘inject’ my website’s key files with ‘malware’ … a small piece of code that randomly sent visitors off to a web site somewhere deep in Russia.

Luckily for me the malware didn’t work.

As far as I know, the worst anyone saw was a big red warning message. (I never found out what the Russian website was about… I dread to think!)

Although I never profess to be an expert at web site security, I had a good idea of what the problem involved, and where to go to fix it.

Today my site is now one hundred percent malware free.

How can I be so sure?

Well, since I discovered my sites had been hacked I signed up for a brilliant malware scanning service, called Sucuri.

Every day they automatically scan every file across my entire website, making sure it hasn’t been compromised.

When I first signed up for their service, they initially scanned all of my web sites, and here’s a screenshot of the rather unsettling results I got after one of their scans… (the handwritten annotation is mine)

Results of malware scanning service (click for larger image)

Results of malware scanning service (click to view)

Once their scan detected a problem, the Sucuri team then fixed every infected file, on every infected website. (Unfortunately I had a few — all injected with the same malware.)

This all happened over a weekend, and the cost of fixing the infected files was included as part of the same service… it didn’t cost me any extra. To say I’m impressed is an understatement.

PREVENTION BETTER THAN CURE

In future I will be the first to know of any security issues, before my valued subscribers ever become aware there’s a problem.

Of course, in hindsight this type of service is something I should have had in place a long time ago, but ain’t hindsight easy!

So, first takeaway — if you want to avoid a Russian hacking nightmare – check out Sucuri.

The other big thing I learnt from this experience is the important of taking incremental backups.

HOW TO BACKUP YOUR WORDPRESS WEBSITE AUTOMATICALLY, EVERY DAY.

Soon after I discovered I’d been hacked, I accidentally deleted an important file on my edrivis.com website — and broke the entire site. It literally disappeared. If you visited the site immediately after I did that you would have seen a picture of a Yeti in a snowstorm. (I.e. A blank white screen!)

Now anyone will tell you – backups are important. But in this case restoring a backup would not have done me any good, because the very last backup I took contained the Russian malware. In other words I would have reinfected the site that had just been fixed. Not good.

Thankfully some time ago I did have the foresight to register for a brilliant WordPress backup service – that not only automatically takes a backup every 6 hours… it keeps a history of those backups too.

To get an older copy of the file I accidentally deleted, before it was infected, I simply logged into my WordPress backup service, (called Blogvault) and downloaded a slightly older version of the file.

I copied it onto my server, and voila… I was completely up and running again.

Once all my sites were Malware free, the next step was to make sure the hackers couldn’t reinfect the files. My decision here was to move my websites to a more secure server, and once again it was BlogVault to the rescue.

Normally moving a large WordPress website can be about as much fun as watching paint dry, with lots of time-wasted downloading files to your computer and then slowly uploading them all to the new server.

Thanks to BlogVault I didn’t have to do any of that.

I just used the ‘Move Site’ feature and in literally just a few minutes my website (more than 1GB of files) was installed on a brand new server.

All I then had to do was change the nameservers of my domain name and voila… job done.

HOW TO AVOID MY RUSSIAN HACKING NIGHTMARE

If your business websites run on WordPress, take a look at Blogvault. Knowing that you have access to automatic incremental backups gives incredible peace of mind.

And definitely take a look at Sucuri — regardless of how your website works, because it seems to be compatible with any type of website – Windows, Unix/Linux, etc.

For as long as I run my websites on WordPress I’m going to use these services. They’re an essential part of my web marketing infrastructure now.

Be Sociable, Share!

Article by Ed Rivis

I'm the Amazon 5-star rated author of three books about web marketing, and since 2008 have spoken to more than 4,000 business owners at conferences and seminars around the UK. I've also developed software that automatically generates lead pages and home-study programmes that help small business owners like you generate more sales-leads and win new customers and clients, online.

Ed has written 327 awesome articles.

  • http://twitter.com/PaulatPeakweb Paul Harrison

    Ed,

    My site was hacked a couple of years ago over the Christmas period. It was on shared hosting and its reckoned they got in via another site on the same server. However having said that there were a few things I could have done then but didn’t. So to stay “safe” at least do the following.
    a) When you use FTP use the secure version SFTP. This encrypts traffic better.
    b) When you create the site and get given the option to create the admin username and password – change “admin” to something else
    c) Also while creating you get given the chance to change the database prefix “wp_” to something else so do so eg “ab_”
    d) Having created the site and logged in – before you create any posts first create a new user with site management permissions (ie one/two levels down from superuser. Then when you write posts use this user and not the admin one. Most posts display the author name so if you are not using the superadmin it makes it a little harder to guess this critical one.
    e) Always use a strong password that you have not used anywhere else ie more than 8 characters, with at least one number, capital letter and symbol. An easy way to do this is to base it on a phrase such as “when I go on holiday I love to eat spaghetti bolognese” could become “w!g0hl2Esb” which is lower case w, exclamation, lower case g, zero, lower case h, upper case I, two, upper case E, lower case s, lower case b”. When you have done it a couple of times saying the phrase as you go it will be easy to remember.

    Hope this helps,

    Paul Harrison

    • http://edrivis.com ed rivis

      Great advice Paul, thank you!

    • http://www.desdrec.com/ DesDrec

      Thanks for the great advice Paul. I must admit, I really do need to change some of my user and passwords across my whole network!

  • http://www.desdrec.com/ DesDrec

    Sorry to hear of your troubles Ed.

    I’m glad you sorted it out. 

    It must be a total nightmare to get hacked and I dread the day it happens (if) it happens to me.

    Thanks for the great advice.

    Cheers,

    Des

    • http://edrivis.com ed rivis

      Hi Des, yes it was one of those ‘aaaaargh!!’ moments I can tell you!  :)

      As per the old adage ‘that which doesn’t break you makes you stronger’ the outcome of this experience is a rock solid malware scanning plus automated backup structure in place, so I can sleep easier now!

      Thanks for stopping by and commenting.

      All my best,
      Ed.

  • http://twitter.com/FashionAgent0 Fashionagent

    Ed,
    If your hosting company uses Cpanel interface, keep an eye out for some software called R1Soft, this takes backups of everything on your server, everyday.  So if you got hacked again, say tonight, you could just backup using yesterdays files.  You can also backup individual files/folders.

    Very useful especially if you accidentally delete the blog folder. ( Yes I did this) 

    • http://edrivis.com ed rivis

      >> Very useful especially if you accidentally delete the blog folder. ( Yes I did this) <<

      Glad to know it's not just me that does stuff like that then!  ;-)

      I didn't know about R1Soft so thanks for making me aware of that.

      Also mentioned in the blog post I've got BlogVault in place — which I have found to be an amazing service. (The people who run it gives top notch one to one support too, which for something like restoring backups is great news.)

      Anyway, thanks for your suggestion – I'll definitely take a look — always good to have options.

      All my best,
      Ed.

  • http://www.carefulcash.com/the-3-best-backup-solutions-for-a-wordpress-blog/ Dr Martin Russell

    Great to see BlogVault option worked out for you in a real world test (sorry it got to that stage though.) It’s amazing the options out there.

    As for R1Soft/cpanel backup, as I mention in my post, there is just the problem that if your hosting goes down that may take the backup with it. Need to have a backup elsewhere, just as you did Ed.

Previous post:

Next post: