Howdy mes amis, woooooooo what a crazy couple of days I’ve had and not in a good way. Actually, that’s not true. Things are better now and we’re on a canal somewhere in Alsace. More to come on that soon.
This post needs a strong beverage though, so I’ll be right back after I pour myself a nice glass of wine….. ok back. Just kidding, it’s 7am and I try not to pop any bottles before noon.
So what’s this all about?
You may have visited my site at the tail end of last week and noticed it was loading really slowly or not at all. Sorry about that! That’s because someone got access to my server and did things they had no right to do. Yup, I was hacked. DOH! Luckily they didn’t wreak too much havoc and I got it taken care of right away. Let me explain what happened.
Read on!
When your site gets hacked
For over 4 years, I’ve been really lucky and had never been hacked. So I guess in a way, it was about time. Everyone thinks it can’t happen to them or that they’re too small of a blogger for anyone to care. Or that a strong password is enough. It’s not.
Some background: I own several domains all hosted by the same company on the same server. A few are expired and 4 are active sites. One of those sites is Oui In France.
So here’s what happened.
A few weeks ago I started getting error messages when I’d be in my WordPress dashboard. Just little things that were easy to overlook as a error like the comment section not loading or a database error. A simple refresh or two would clear that up and I’d thought nothing of it.
Then my hosting provider sent me a few autogenerated emails to tell me malicious files were found on the server and that they were removed. These emails are what confirmed my suspicions and clued me in to the fact I was hacked. The provider was no help at all in telling me which site(s) was compromised, how this person got in (so I could fix it) and what I should do. ZERO HELP. Since then, I’ve switched to Siteground and they are AMAZING. I recommend them to everyone.
So for a day, I was confident that the files were gone and hoped I’d be OK. I waited for 24 hours to see if anything looked weird. Then my site started going down intermittently. When it did come back, it took a whopping 30 seconds to load on a desktop. Not good.
At this point, I knew that my site was compromised and that fixing it was beyond my tech abilities.
I immediately contacted Michael of Expats Paris because I’d read an article on his site about his hacking situation a couple of months back. He responded right away, totally understood, and pointed me in the direction of a tech friend of his. (Michael is awesome and could have just ignored my message, but he didn’t.) This was 11 at night and his friend replied and then pointed me to his friend who had more experience in WordPress. This friend took a look for free and spent time trying to help me figure out what was going on. I appreciate Michael and his friends’ help so incredibly much.
Once I learned what I was dealing with, I then contacted the wonderful Chris of RTW Labs after reading about how he helped Alex in Wanderland back in 2012. And wow. He not only responded right away, but figured out what was going on in about 10 minutes and was confident he could clean it up. And he did. For a reasonable price. I wholeheartedly recommend Chris if you get hacked. This is what he does not to mention he answered all my dumb tech questions. And he’s nice. 😉
So how did this hack happen?
The hacker found his/her way in through an outdated Joomla install on one of my other sites that was created back in 2012. It was a static site, not a blog, and because I didn’t use it anymore I more or less forgot about it. Completely my fault.
Due to an outdated version of Joomla, the hacker found his/her way in through that site and gained access to my server. I’m actually surprised it took them this long to hack me. They installed files and programs on every single domain I own and went for maximum impact so that if you removed one section it could re-infect itself in another way. Chris said they “essentially built themselves a web of back doors into my site to make it hard to get rid of them.”
Luckily we stopped the hack before my sites were compromised further. I was lucky in that regard.
Getting hacked was supremely frustrating or a couple of reasons.
The first reason is the stress of it all. When you have other things on your plate, it can be very overwhelming to have to deal with a hack and you feel violated. Some jackass breaks their way into something you created and it’s a real mess to deal with — from figuring out where the issues are and then having the know-how to find someone competent enough to deal with it. You don’t just want to clean up the water from the leak but fix the pipe entirely, so to speak. I don’t like being stressed out by stupid tech stuff. My blog is really important to me and even having issues for only 2 days was really frustrating.
The second is the cost factor. My blog is my hobby and earns about $7/month in Amazon affiliate commissions. It costs me much more money to maintain including hosting fees (that are way more than $7/month), domain cost, Mailchimp fees, etc. etc. etc. To get a security expert to clean up a hack freaked me out in terms of what it could cost me. Chris linked above is reasonable though.
Do you need a security service like Sucuri or SiteLock if you’re a small blogger?
I can’t make that decision for you. Do you have money to spare? Is your blog a business and does it make money? Are you tech savvy? I will say that at the very least, make sure you have a strong password… something impossible to crack like f8Si^.00)3kgj#Fd&Wj! (I use LastPass to manage all my passwords so I have strong ones and don’t have to keep track). Another biggie is that you keep all your themes and plugins up to date. If you think a hack won’t happen to you, you’re wrong! Thousands upon thousands of sites are hacked every single day.
Luckily things are back to normal around here and I’m grateful for Chris’s help. If you get hacked, email him (not a paid endorsement. Just super impressed with him and how he cleaned everything up for me. I was happy to hand over money at the end of this mess.). Then switch your hosting to Siteground. Like night and day.
Michael says
Hey Diane, I’m happy to see your lovely site back online. I know how it feels to be hacked and I’m happy you’ve shared what happened. This is a reminder to everyone with an online business or just any other blogger out there that security isn’t a thing to be taken for granted.
Diane says
Thank you again for everything! Really was a pain in the butt.
CatherineRose says
Oh no! This sounds like such a frustrating thing to deal with! I’m glad you were able to get it all sorted out. Thanks for explaining how it happened and giving us some resources, fingers crossed we’ll never need them!
Diane says
Yes, thank goodness I remembered Alex’s post from years ago and got it taken care of right away before any real damage could be done. Hope you’ll never need the advice either!
Jessica says
Ah, that sounds like such a tedious and awful thing to deal with- I’m so sorry! I’m glad you were able to get everything fixed and running properly again. It’s a huge violation. Thank you for sharing the experience, though. I’ve never imagined that happening, so now I feel like I’d be prepared!
Hope this week is less stressful! 🙂
Diane says
Thanks, it really was a pain. I’m really glad I noticed something was wrong and that the site actually went down for a bit. If that never happened (and it was subtle, behind the scenes stuff), I still wouldn’t have known anything was wrong! Hope you never have to deal w/a hack!
David Harris says
Yes unfortunately, we let down our shields when we do not keep software up to date.
WordPress is a major problem especially with plugins.
Also the lousy passwords people tend to use.
Vigilance is the key here.
Also it is important to have backups that you can revert back to.
Thank you for this blog as I have lived in France since 2003 and find it a breath of fresh air.
Just thought I would post on this one as it’s up my alley so to speak.
Backups and site vigilance are the answers here.
David
https://dediclub.com
Diane says
Yes, and I’m SO good about updating WordPress and researching plugins but that old Joomla site I had should have been deleted ages ago and I paid for it. Oh well, we live, we learn. 😉 And yes, backups are SO important!
So glad you enjoy the blog. What part of France are you in?
David Harris says
Midi Pyrenees here.
I like the mountains,
The village I live in is a challenge tho. Very special. I live with the mafia 🙂
Cross contamination can be a problem especially when certain files are vulnerable,
Make sure your server is not running Proftpd 1.3.5
If it is make sure the mod_copy module is commented out. it can allow a hack and cross contamination of CMS sites.
Best option is to have each site in it’s own container.
Server vulnerabilities do arise but are usually patched very quickly but the software CMS guys are a little slower but if we keep on the ball there is usually not a problem.
Never a dull moment eh!
David
fiona says
Yes I did notice you weren’t loading up but I’m so tech dumb I thought it was something to do with the internet at work! Glad to hear you knew someone who could sort it for you, it sounds like a complete pain in the arse.
Diane says
Yes, for a good day the site was acting nutty and 100% NOT your fault. Total pain in butt
Cynthia says
Hi Diane ! Honestly ! When are the people that do this going to get a real life? ! It’s pretty sad that people spend their time doing this kind of thing. What do they get out of it? Nothing ! But I’m glad that everything is back on track for you ! Yes, I was hacked as well. Someone hacked into my bank account and had a fake debit card made with my name and number. In one day charges were made in New York City and Oakland California. I have really good Identity theft protection and they got on it right away. But it was a major hassle and I had to pay cash and write checks for 1 month before issued a new debit card. Just awful !
Have a beautiful week !
Diane says
There are so many! Some just mess with sites for fun and some do it to make money. The guy Chris who fixed my site explained that they add malware that installs ads and links to other sites behind the scenes that kill the original site’s google ranking. The links may generate only 1 or 2 cents but if they do this to enough sites, it can add up. So they do get something out of it but it sucks any way you look at it.
Ugh, so sorry to hear about your banking hack. Happy to hear your bank took care of it. It happens all the time!
Jo-Anne says
My first thought was nope never been hacked, but then I remember many years ago I had a problem with my Hotmail account being hacked I stopped using the account for a few years because of it as you may notice I am using the email account again and no problems any more with being hacked
Diane says
Ugh sorry your email was hacked but glad you haven’t had problems since!
Jackie says
Ugh this is so scary and so awful this happened to you! But that’s good you were able to get help and get it fixed soon and for a reasonable price. So annoying that jerks are out there who spend their time hacking other people’s sites and making a huge pain for them.
Diane says
Yup, totally agree. People that hack for a living have no life. And yes, so happy I remembered Alex’s post w/the recommendation for a security expert to fix it all. And fast. UGH!
annette charlton says
Helpful post. A must read for bloggers. Thank you for the contacts also should I ever need them in France.