Another Site Hacked: Prevent This from Happening to You
It seems, lately, that hackers are out in full force. Several of my friends have been targeted in the past year and it's really getting quite ridiculous.
While I can't name names at this time, I will be getting permission from some of my friends who this has happened to lately to share their tips.
For now, I would like to share a guest post from my friend, Kim Roach, who, unfortunately, suffered a hacking 6 days ago.
She sent an update to her mailing list, which I am happy to be on, so I asked if I could republish it here to help you guys. She graciously and generously agreed.
Please read this awesome piece (I love her perspective) and leave a comment at the end. Kim could use some love after all she's been through.
BuzzBlogger.com Hacked
Guest Post by Kim Roach
Today is a sad day for BuzzBlogger.com.
You may have noticed that our site has been down for a bit.
6 days ago a hacker got into our registrar (NameCheap.com)
and transferred BuzzBlogger.com to a different registrar.
Essentially stealing our domain name.
Fortunately, we caught it VERY early and notified Namecheap.
We're currently in the middle of a transfer dispute. Which
essentially means it's just a matter of time before we're
able to get it back.
Unfortunately – it's created some downtime for our site.
So we've created a *temporary* solution and you can now access
the full site at http://www.buzzblogger.org.
This will be our temporary housing until we get
the domain name back 🙂
Being hit by a hacker is no fun. However, it also reminds you
how strong you are. An essential characteristic for ALL
entrepreneurs.
Most people online give up at the first sign of trouble.
Others fight to the death. Work late. Get up early. And that
is why they succeed.
Although some of the ‘gurus' would like you to think you
can just hit a few buttons and out pops a successful
business.
You and I both know it takes hard work and determination.
And once you've built a successful business – there are a few
steps you need to take to protect that business.
Here are the changes we've made to make sure this never
happens again…
1. Change your passwords regularly. VERY important. Also make
sure that you're using different passwords for every account.
Include capitals, numbers and symbols.
2. If you're using Gmail, enable 2-step verification. This adds
a very important extra layer of security to your account.
3. Backup your website on a regular basis. One of the easiest
ways to do this is using BackupBuddy.
4. Keep WordPress updated. Make sure that your blog's version
is up-to-date. WordPress is constantly releasing updates to
fix any security holes.
5. Improve the security of your WordPress blog using a free
plugin like ‘Better WP Security‘. This plugin adds a number
of additional layers of security for your blog.
6. Add whatever security steps that are available at your registrar.
(i.e. Registrar Lock, 2-Step Verification, and WhoIs protection)
7. You can also use wildcard emails so that your real email
is never revealed in public at any point.
It's easy to get laxed about passwords and protecting your
site so I would strongly encourage you to put this on your
to-do list.
Obviously you don't want to be paranoid but you do want to
take every step possible to protect the hard work you've
put into your business.
Fortunately, entrepreneurs are tough ol' birds and we always
come back stronger 🙂
I'll keep you updated and let you know as soon as BuzzBlogger.com
is back up. In the meantime, our temporary home is at
BuzzBlogger.org.
Cheers,
Kim
To support Kim in recovering from this, I will ask her to be on my podcast and/or be mailing about her in the coming weeks – as she's a smart cookie. 🙂
Please comment below if you have questions or concerns – or if you would just like to send Kim some love.
Thanks!
Warmly,
Nicole Dean
Susan, Real Family Travel
February 19, 2013 at 3:53 pmI had one of my “set it and forget it” sites hacked and then a bunch of crud code put on my other sites, including one that sent out EMAILS to people claiming they owed us money using a phishing scheme that looked like a bill from Citibank. We had people calling us and leaving nasty messages, or just plain confused messages, and had SO many phone calls to return and help people realize we were victims, too, not just them! One person even threatened to call the FBI on us. Lovely.
I now have my VA update all our wordpress sites on a regular basis and installed WordFence (free security plugin) that sends an email when something fishy shows up. The hard part of some of the plugins is they’re pretty demanding on your hosting resources and can cause problems outside of the security issues. Also having a hosting company that does regular backups (along with WordPress backups) is great and saved my tush many times. 🙂
Hope Kim’s site is back up ASAP.
Angela Wills
February 19, 2013 at 3:57 pmGood advice! As the victim of a major hacking attack on my sites about five months ago I know how EASY it is to do think you’ll just worry about protecting your site LATER but later can really end up being too late.
I also like Backup Buddy for backups, but I do find Backup Creator to be easier to use to actually restore a website with.
Take this advice here and protect your websites, please! 🙂
Paul B. Taubman, II
February 19, 2013 at 4:31 pmSorry to hear that, Kim!
Getting hacked like that is never fun! Fortunately, a lot more damage could have happened! You were ‘lucky’ that only your domain name was stolen and not your content – or worse – have all sorts of malware installed on your site.
I agree – people should change their passwords on a REGULAR basis! And make them strong (what I call, “ugly”) passwords – things like ‘jM5VH3p6p8Y5’ or ‘AgC27l#gHyx3′. THese types of passwords are a lot more difficult to guess than something like, “KittyCat’ or ‘Pass123’
I am sure you will get this all sorted out – but again, sorry to hear it happened!
Be Well.
Paul.
Ronald Headley
February 19, 2013 at 5:09 pmSorry to hear your site got hacked – and yes this is becoming more and more common
For WordPress sites here is a laundry list:
Do NOT use “one” step WordPress Installers such as Fantastico – learn to install WordPress manually by setting up a database with my SQL – change the WPConf file manually and be certain to add a new “Salt Key” – change the database name in WPConfig and make certain you DO NOT use Admin as your user name.
If you think a site has been hacked go to the WPConfig file and immediately change the “SALT” keys – this will block all users that are logged in and log them out. The cookies they used to get in will no longer work –
Back up Buddy is the very best back up and restore software that there is – set it to back up the full website at least once a month and the data at least once a week. Store site backups on Amazon S3 or the new Stash storage free from iThemes with Backup Buddy. You can restore a hacked site quickly. Or move a site from one domain to another even from one hosting company to another quickly and easily
Lock down and protect your site on your hosing company – various hosts have various ways.
I use – WordPress FireWall2 – Secure WordPress – Bullet Proof Security and Login Lock Down on all WP sites.
Of course use a strong password that is unique to your site and do change it often – strong passwords have small and capital letter, numbers and punctuation marks.
There will be lot more on security coming up soon in the next Word Press Developer Course from WebDesign dot Com
Regina Smola
February 19, 2013 at 6:02 pmHi Kim,
Sorry to hear that your domain was stolen and site was hacked. I’ve seen this happen to others where they “steal” a domain. The best plan of action is to notify your current registrar via a ticket to let them know it has happened and then call the registrar company directly where it got transferred too. The new registrar company is the source of getting it back to you. They are required to contact the new fake “owner” and get proof of purchase or transfer from you to them.
If the registrar doesn’t act quickly, you can sick the domain police on them:
http://www.internic.net/problem_reports/p11.html
Thanks for sharing these great tips on protecting your website and domain.
Alice Seba
February 19, 2013 at 7:19 pmSorry to hear about this Kim and hope you’re up and running soon.
While it may not have helped in this situation where a domain is stolen, I’d like to add a suggestion for security in general and that’s to avoid shared hosting. Shared hosting means you are at the mercy of security issues (including hacking, DDOS attacks) of others on your server.
From my experience, shared hosting providers aren’t really invested in finding security solutions for their own customers’ security issues. In fact, a friend of mine appears to have been booted from a well-known host for excessive resource usage…and it wasn’t because her site was busy, but rather likely because of port scanning attempts by hackers.
I have been working with the same VPS (Virtual Private Server) provider for about 11 years (I also have used shared hosting from quite a few companies in that time too) and although there was a recent small blip in my satisfaction with them several months ago, I am very thankful to them as they’ve carried us through some threatening times. They are on top of security already, but work toward new solutions when new threats arise…plus they back up all their VPS’s each evening. Now, I don’t know if they’re the norm for VPS providers, but for anyone who has their core business online, look for a company who is serious about security and choose hosting that provides sufficient resources to not go down easily in an attack.
Sharyn Sheldon
February 19, 2013 at 7:20 pmWell, I was going to say you should just sic Regina on them, but it looks like Regina has her own police force ;).
So sorry to hear this happened. It’s tough enough running an online business, especially if you’re not very techy, without having to worry about hackers. I wouldn’t know a Salt Key from a salt mill if you put a gun to my head.
Now I think I’ll just run off and change a few passwords!
Good luck with getting your name back.
– Sharyn
Christine Cobb
February 19, 2013 at 7:21 pmSeems that hackers have gotten more active lately! 🙁
Another plugin I like is WordFence. It shows you who is trying to break into your WordPress dashboard and lets you block them permanently. It also scans your files for malware and updates.
Kater
February 19, 2013 at 8:08 pmKim,
I am so sorry. The good part is you love what you do and will get through this drama. Awhile back I had a WSO for a plr pack and was hacked about the same time the WSO kicked off. Everyone was getting that hideous “malware detected” or similar BIG RED WARNING. Lordy. Thank goodness another PLRer let me know so I could follow up with people. Took a day to get things back in order, but I decided to delete everything and start fresh. The site was small.
Now I use a backup tool to back up every weekend to AS3 AND have successfully tested a restore. I even read Nicole’s review on Roboform and use that tool now. Lots of scrambled passwords on everything.
We’re all looking forward to seeing the Buzz back online.
Kater
Elizabeth Cottrell
February 19, 2013 at 8:13 pmI’m impressed with your Can-Do attitude in the face of this debilitating attack, Kim. Thanks to both you and Nicole for sharing and to all the commenters who have added valuable information. With the credentials of some of the commenters, this is almost a mini-course in WordPress site security.
I’ll definitely be sharing it with my clients and readers.
Tracie
February 19, 2013 at 9:04 pmThe hackers have definitely been ramping up this past year, and in the past month or two, hardly a day goes by that I’m not getting email notification that some idiot is repeatedly trying to hack one of my sites. Knock on wood, none of them have had any success.
I purchased the total continuous back-up plan from my hosting provider back when I first signed up for hosting with HostMonster. I love HostMonster, they are truly the best!
I use the Login Security Solution plugin with the settings tweaked (it repels the attacks & emails me the IP of who is doing it so I can block them, and how many attempts they’ve made), very strong passwords and ID, the Remove WP Version from Everywhere plugin, and after I’m done doing whatever tweaks or changes to my site with plugins, uploading files, etc., I go into the file manager for the site and change the .htaccess perm to 0444, just for an extra layer of protection.
So far, so good for me. But given how the attacks have really picked up lately, I think I’ll look into another layer or two of security just to be even more on the safe side.
Thanks to everyone else commenting here for more new ideas for security!
Anita Hampl
February 19, 2013 at 10:21 pmKim,
I am sorry that you have to deal with this. Thank you for your upbeat attitude and warnings. I appreciate the above commenters’ advice, also.
When Twitter was hacked recently, my reaction was, “So what? I don’t have any financial interests there, so it’s no more than an annoyance.”
Then someone (Regina maybe?) pointed out that the hackers could use our Twitter passwords to learn passwords patterns for our other sites. And yes, my passwords tend to follow patterns (dogNAME1, dogNAME2, etc.). Not anymore, of course!
Best wishes as you restore your website and prosper,
Anita
Donna Blevins
February 20, 2013 at 8:55 amNicole, thanks for sharing Kim with us.
Kim, what a great attitude! You would be a heck of a good poker player, ’cause it’s about the mindset rather than the cards.
I didn’t have such a great mindset when all my sites were hacked at the end of 2011, and the culprits got into my computers at the same time… that chicken or egg thing.
Anyway, after I thought everything was “fixed” with the aid of paid fixers, I get an email the my primary site was black listed by Google. Now, if you’ve never seen that, it’s an ugly site. I mean really UGLY.
When my site showed up in Google it had a banner that looks like a pirates banner. Hit me right in the pit of my stomach.
At the very same time I was launching a LIVE course. Fortunately it was in beta (which is code for no paid members) and I was able to set it aside while the sites were cleaned.
The great news is that because of this I discovered the security service for WordPress called Sucuri. They had my main site cleaned and back up in 36 hours. They even worked directly with big daddy Google to get my sites back in good graces.
I now have an annual subscription from them with their plugin monitoring all my sites 24/7. They scan my sites every couple of hours, as I recall, and periodically they send an email about a threat. Usually, before I can respond, I get a followup email telling me it is fixed. They also nudge me to take certain actions from time to time to shore up security.
Oh, Nicole, it was great meeting you at NAMS in Atlanta two weeks ago!
Donna Blevins
Poker MindSet Coach
Susanne Myers
February 20, 2013 at 12:06 pmNicole, thanks for sharing and Kim, what an awesome attitude. I’m very sorry this is happening to you. I’ve had two of my sites hacked recently as well and it is no fun to deal with.
You’ve mentioned some great tips and there is a bunch of good information in the comments below already. The only thing I’d like to add is to look at any and all scripts and plugins you have on your website. If you’re running WordPress make sure you keep both it and all plugins up to date. If you are running other software (like a helpdesk, self hosted shopping cart, membership site software etc.) on your site, update those regularly as well.
Shawn Dunner
February 20, 2013 at 2:32 pmHi Kim and Nicole,
I so wondered what happened to BuzzBlogger. One minute it was there and the next it was gone and all we could access was a chached version. Now you can only see a site that sells ebooks. All I can say is sorry that this has happened and it is great that you have been able to set up a temp site in the mean time. I hope it all works out for you and I will certainly be following all of your security check settings listed in your article. Because if it can happen to somebody as tech savy as you, then it can happen to anybody, and I sure can go through this drama. Thanks Nicole for getting the word out, about what happened. Shawn
Tina landa
February 20, 2013 at 11:19 pmHi Nicole thanks for sharing Kim’s story with us! Hope all is fixed real soon! I also wanted to thank everyone for adding so many tips to help avoid the hacking problems that are so rampant!
~Tina
Be Blessed!
Mad Guy
February 21, 2013 at 11:33 amHaving a website hacked can not be any fun at all. I’m sorry you have to go through this and truth be told, 1 out of every 5 wordpress sites is hacked simply because admin is used as the login. The hacking software out there is very powerful and using admin as your login just solved 50% of the puzzle. Hopefully this will help:
First, never ever use admin as your login. Don’t use your first or last name as your login. That’s half of your password access.
Second, always use a minimum of 8 characters in your password and use not just a combination of letters and numbers but make half those letters uppercase and the other half lower case and mix them together.
Third, always use at least one character like this # or this * in your password.
So a very strong password might look like this (I3l0B8Mp#a)
Finally, always manage your own domain names and don’t count on someone else to do it for you. If you were able to hack into my domain management account, unlock my domain names for transfer, I’m still going to get an email asking me to ok that transfer. If you even try to change my notification email, I’m going to get an email telling me that my email is being changed and I promise you I’ll catch you before the 72 hour propagation period expires because if I never made a request to change my notification email, that’s a big red flag right there.
If you follow the simple rules above, your chances of being hacked or your domain name stolen rises to 1 out of 10,000 vrs. 1 out of 5 with weak passwords or admin as your login.
That’s your defense strategy. Offensively, always back up your WordPress blog and store it offsite (ie: Amazon S3) and constantly change your passwords to your domain registrar company. No one should be able to hack into your domain management.
All the best,
Mad Guy
Des
February 22, 2013 at 10:34 pmHi Nicole and Kim
This WP hacking issue has been escalating over the months and years. It has caught so many people in its trap. That’s one of the reasons why I’ve shied away from WP. And it’s a good reason why I’m sticking with my Mac app Sandvox.
I’m also on a couple of Facebook groups where there are a lot of unsuspecting WP users. So, concerned for their site security, I wrote a post in early December. Here’s the link if anyone’s interested. There are some ideas there that could be of use.
http://newtimeshomebiz.com/nthb-blog/all-things-technical/wordpress-vulnerabilites.html
You’ll see that my blog layout is quite different to WP. I use the Sandvox blog module that’s integrated with the overall site design. And it’s secure. No hassles at all with plugins, updates, and all the other stuff that’s necessary to secure a site. I’m not saying it’s 100% secure, nothing is, but I’m happy to stay with Sandvox.
Hope this helps, and I wish you the best in getting back into operation.
Des
Hythe
March 1, 2013 at 11:37 amThe more popular a CMS becomes the more likely it will become a target for hackers. I’ve noticed (as will many others) many repeated login attempts using ‘admin’. I use ‘login logger’ plugin to monitor what’s happening and then a number of plugins including ‘limit login attempts’ to try to slow the hacking scripts down. And change my (strong) password of course…
Donny
March 7, 2013 at 9:54 amMy primary site got hacked a few months back. I think it was primarily due to not updating my WordPress install as often as I should. Now I use the OSE Firewall plugin for WordPress, which blocks a lot of basic attacks. I haven’t seen any successful attacks since.
Philip
March 8, 2013 at 10:29 amHi Nicole,
Wow that’s some scary stuff Kim wrote in her email. I also use Better Wp Security plugin for my website and have a strong password which I regularly change.
I’m definitely going to check out the 2 step verification for every service I use because hacking is a real threat that no blogger or online publisher can ignore.
Thanks for sharing this information, it’s really helpful for me.
Enjoy your weekend Nicole.Cheers.
~Philip
Pawel Reszka
April 10, 2013 at 9:09 amI have found out about this just now. That sucks! How in the hell did they manage to hack into your Namecheap account? I know that hackers try to get to my blog from time to time. I monitor my server stats regularly and sometimes I can spot the bot searching for the login page and once it finds it, it starts hitting it like every few seconds. I then just blacklist their ip instantly and they are gone. But it’s scary to know that they got into your domain name registrar. I need to double check my settings asap.
Robert
June 26, 2013 at 11:18 amWow! This is quite a story. This is the first I had heard of this. I stumbled on to this story doing some other research and felt compelled to leave a comment. I’m curious: did the hackers use some type of social engineering or pretext to get access at your registrar information? During a domain transfer there are usually notification emails sent out, so this is quite a disturbing story.
It’s good to see that you’re back on track though. = )