Help, I Was Hacked!

Posted on by

I have been a bit quiet over the last week because this website got hacked and I’ve been spending the time researching and trying to fix the issue.

Thankfully, it’s all better now but man, what an ordeal.

In my research I read that having your website hacked triggers the same feelings as if your house was broken into.

This is something I can certainly attest to.

Just the knowledge that someone got into Corey Stewart Online and decided to muck things around a bit made me feel sick in the stomach however, getting hacked seems to be “just one of those things” that you have to deal with if you have an online presence.

I use WordPress and I’m very diligent in my version and security updates but it doesn’t seem to be enough. The hacking problem doesn’t seem to be a WordPress-centric issue because sites that run other content management systems (CMS) such as Drupal or Joomla are being hit as well.

The hack I was hit with was called an “eval base64_decode” hack which essentially puts malicious code into most of the php code of my website. The end result being that when you went to Corey Stewart Online it was then redirecting to another site.

To get rid of it I had to go through every PHP file manually and delete the malicious code or in some cases, delete whole files that were placed there by the hack in the first place.

That was about two whole days right there. What a pain in the arse!

I suppose the lessons that I learnt from this whole experience have been twofold.

First of all, I’m going to be even more mindful of my internet security and not get complacent just because I run a Mac and secondly, I’m able to roll my sleeves up and get my hands dirty with php code and fix a problem all by myself.

I do feel good about that.

I’ve also been able to get a good snapshot of the relationships between the domain names that I own and the websites that I run and realise that I could’ve tightened up my security there as well. That has also been rectified and I feel most relieved.

All in all it has been another action-packed week here at Corey Stewart Online. Just wondering when the fun starts.

Peace,

Corey :)

4 thoughts on “Help, I Was Hacked!

  1. Bummer!

    You had me worried, checked my site and all is good (I think) despite not having the very latest wordpress build.

    Maybe an IP Table or permissions issue?

    When I took the plunge I went with as much control as I could get for under $20 @ Month. That meant a virtual server with Rackspace cloud. So I got to choose the flavour of Unix (I went Ubuntu) which is built automatically. From there I set up an IP firewall and directory permissions and installed MySQL , NGinx web server (very light and fast) WordPress and associated plugins.

    I learnt this trickery from http://vpsbible.com/, which makes things easy and the control is nice to have.

    The good thing about Rackspace Cloud is the hook in to a CDN (Content Delivery Network) which basically distributes the heavy website components such as video, graphics and scripts to a point as close as possible to the end user.

    Without utilizing a CDN, all content from Rackspace and Dreamhost is served from the USA which is a long way aways in terms of ‘latency’. Latency is what causes the dreaded buffering message whilst watching video from some sites, because there is no local copy of the file close to where it is being viewed.

    Ideally we want the heavy files to be delivered from the ISP of the viewer, but this is not practical cost wise. So thats where the CDN comes in. A desirable CDN will have at least one ‘point of presence’ (POP) in Australia. This is why the Amazon CDN is not suitable for Australian sites, because they have no POP here.

    With Rackspace Cloud and a suitable WordPress plugin, it is possible to have all of the heavy WordPress content be automatically pushed on to the CDN and available for consumption via a local POP (Probably in Sydney)

    It is now possible with Rackspace Cloud to fully stream video, which means the end user does not need to wait for the whole video file to download before commencing play. They can click along the timeline and it will download only that current portion of the file. I need to get off my butt and implement this with my own site.

    If I get hacked like this, I think I’ll start from scratch and build upon the latest build of a UNIX server….which reminds me, with Rackspace Cloud you also can set up daily snapshots, so you can do a complete restore from a point before the hackers got to work.

    Cheers

  2. Hmmm, interesting… I’ll have a look at the link you provided and see what it says. As for the other stuff… I think I need to have a face to face conversation with you on this.

    Any advantages on using your own server for WordPress? Just a thought, if I’m going to go all geeky on my ass I might as well go all the way.

    Thanks for the encouragement Chris. Love ya work :)

    PS: Update WordPress

  3. “Any advantages on using your own server for WordPress? ”

    Choose the flavour of Unix
    Choose the Web Server
    Choose the CMS and plugins
    Use a SSH client like Tunnelier, for a very secure connection from your machine to the server.
    Use an FTP client like Filezilla for file uploads
    Update the above very easily
    Get automated snapshots of entire system for rollback
    Integrated ‘Content Delivery Network’ (CDN) for the fastest end user experience, no matter their location.

    Happy to discuss and demo my setup anytime, just mail or call.

    Cheers,

    Chris

  4. I would love to check out your system and pick your brains a bit, I’ll give you a buzz asap about it. Methinks setting up my own server is going to be the next stage of my geek evolution :)