One of our favorate and most popular sites was hacked and now we feel like we are held hostage. We are holding some good stuff that cannot be shared right now. I believe everyone reading this feels the same way about their sites. Even if you are the hacker who did the crime.
What did we do wrong? Was this evil act preventable? Ok, here are the details:
One evening, last week, while reviewing mail I saw a message from someone I did not know. We were both online during a teleseminar and she decided to check out some of our blogs. I will forever be grateful for her alerting me to this horrid fact, she told us that her security software gave her strong warnings NOT TO TRUST one of our sites.
I immediately called my husband and we went to the site in question. We actually could get into the dashboard on Safari because Internet Explorer and Firefox blocked us. We are thankful that we had more than one browser to use.
Well after getting to the dashboard we keyed in the word “noscript” into the search bar under MANAGE posts. Low and behold some funky script was there in the code view of the site. You did not have to be a code expert to see stuff was there that had nothing to do with making the fonts bold or inserting a picture. In other words it was rather obvious that something was wrong.
Now let me stop here and say we got help when we did some google searches. We came accross one site that shared their experiance being hacked and what they did.
The post is called “Has your blog ever been hacked?” at 1:00 in the morning we said “YES”
Then we followed the steps shared in his other post called “Malacious code found on your blog.”
I had just gotten helped from a wonderful virtual assistant named Chris Taylor. He gave me additional tips.
What is our status now?
Well we resubmitted Hornerartworkshop.com to Google for approval of the repair. We are waiting for them to unblock the site.
What warnings do we have for you?
1. Get rid of the admin admin passwords you automatically get with your wordpress blog. Change it. Actually, it won’t hurt to change it often.
2. Have someone, or ask your host to help you, change the htaccess to your site. You can read sites and forumns where webmasters post and you can learn a lot by listening. Check this one out.
3. Post often. We had slowed down on posting to this site. NOT GOOD
4. Get an email for each of your blogs like, support@yoursitename, or webmaster@, admin@ etc
Why? Because when we went to google’s Webmaster Tools they said that they send emails to addresses that are not like rosie@mysitename to let you know that there is a problem with your site. Anyway, go and spend some time in Google’s Webmaster Central.
5. Check to see if someone you don’t know has subscribed to your site. Just go to Users. We saw several names there and deleted them all.
6. Update your site if you are still hanging on to version 2.3. There have been more hacking opportunities.
7. Ask questions, seek help. Look now for things you can do to reduce the hacking of your site. Treat it like your home.
Finally, we prayed. Why? because we feel that hackers can be evil. Anyone who kidnaps your site just ain’t good.
We welcome any and all suggestions and comments. This has been and continues to be a learning experiance. And believe or not some good came out of it. We upgraded the site, activated a backup plug in and a few other tidbits.
Ray and Rosie