Getting Your Business “Hacked” From You

BY May. 03, 2010 37 Comments


As some of you may have noticed Ben-Lang.com had been hacked on May 1st. It took a day to take care of, but with help, I finally succeeded in getting rid of the hack. Let me tell you it was not fun, and I’d like to share with you what I learned from it. But before getting into the details, I want to apologize if anyone has been affected by the malicious link that appeared on the site during the hacking.

By the way, it took this unfortunate experience for me to really invest in securing my site. I think it is like backing up your computer, you have to at least get throught the experience of losing a drive until you start taking backup of your data seriously.

Here is an overview of the experience:

Initial Reaction

1. Panic: When I first realized what was going on, I panicked. A fellow blogger had emailed me to say that there was a virus on my site that was redirecting it to a dangerous site. I was away from home and every second meant putting readers at risk.

2. Denial: How could it happen to me now? I am using the latest update of WordPress. That’s all that went through my head. It must be a problem with his browser, cache or computer.

3. Search: I got to a computer as quickly as I could and starting researching the issue. As expected, I was not the first one to be hit. After reading a few posts on the subject, I confirmed that it was the Ninoplas Base 64 hack.

4. Problem Solving: I analyzed the different options to get rid of the hack. The most reliable and simple solution was to restore the site from before I was hacked.

5. Success: I contacted Godaddy, which helped me go through the process of restoring the site, and magically everything was back to normal. (Thank you so much, Godaddy, for your help and patience.)

6. Prevention: I immediately implemented addtional security measures to increase the security of my blog.

Countermeasures

1. Update: No matter what platform you use, it’s crucial that you update your site with the latest versions.

2. Longer Passwords: Quite an obvious tip, but don’t be lazy; use strong and different passwords as often as possible.

3. Install Security Plugins: After this incident I realized how valuable it would be to install more security plugins. Here’s a great list by Makeuseof what plugins to install to make your blog more secure.

4. Do not allow user to Register: The specific hacking of my blog was because I allowed users to register on their own as authors. There’s a loophole in WordPress that allows authors to hack your blog, so be careful!

Again, my sincerest apologies for letting this happen to Ben-Lang.com. I hope that you can learn from my unfortunate experience.

Entrepreneurship, Online Business
, ,
  • http://www.guidegoods.blogspot.com Ed

    Wow dude that sucks. Glad you fixed everything
    .-= Ed´s last blog post: Four Awesome Reasons Why The Cool Kids Love Tech =-.

    • http://ben-lang.com Ben Lang

      Yeah it was such a pain, make sure it doesn’t happen to you!

  • http://www.theresabloginmysoup.com Social Media Strategy by Patrick Curl

    Hey Ben,
    This happened to me too – actually twice in one week.. I also installed all the wp security measures at least 3 or 4 different plugins. I made sure the Security keys were in my wp-config files.

    Everyone I’ve talked with has agreed that this isn’t a WordPress or Password vulnerability issue – someone hacked google, or one their techs – which means there’s nothing we could do to prevent this from happening. Even changing all my passwords it still happened — someone didn’t gain access to my account but gained access to everyone’s account on the same servers that my sites are on.

    It was definitely a headache, but I’m hesitant to think that it won’t happen again. If it does I’m definitely searching for a new host.
    .-= Social Media Strategy by Patrick Curl´s last blog post: 9 Steps to building a Killer Social Media Strategy! =-.

    • http://ben-lang.com Ben Lang

      Hey,

      So sorry Patrick. I would be so annoyed if it happened to me again.

      Yeah I’ve heard it’s the hosting, mainly Godaddy that’s had the vulnerability. Let me know who you decide to switch to for hosting. Thanks for sharing.

  • http://www.cashwithatrueconscience.com/rbblog/how-to-develop-your-intuition/ Ryan

    Thanks for sharing your story Ben; no doubt these actionable tips will prevent many future hacks. I’m glad that the site is back up and running.
    .-= Ryan ´s last blog post: How To Perform Cash Gifting Due Diligence =-.

    • http://ben-lang.com Ben Lang

      So am I believe me! Make sure you secure yours also :)

  • http://webmaster-success.com Kharim

    Wow, glad you got back on ur feet :)

    • http://ben-lang.com Ben Lang

      Thanks, so am I!

  • Sebin

    Must have been a scary experience for you ! But could you elaborate on the countermeasures taken ? Like the file permissions you have set and all ?
    .-= Sebin´s last blog post: 3 Ways to Crowdfund your project =-.

    • http://ben-lang.com Ben Lang

      Honestly the best advice I could give you would be to check out http://www.wpsecuritylock.com/blog/

      They’re covering this issue very well, as it’s a recent mass spread virus. Please take a look, it will really provide you with all the information you need to know.

  • Nile Flores

    You can do this by hardening your security through your htaccess. I covered this months ago at WPAddict. (I will be a speaker at WordCamp Chicago in June)

    http://wpaddict.net/how-to-secure-your-wordpress-blog/
    .-= Nile Flores´s last blog post: Tutorial: CSS Rounded Corners =-.

    • http://ben-lang.com Ben Lang

      That’s a good point. I’ll check that out as soon as possible, definitely would have saved me a lot of time.

  • Phillip Dews

    Wow Ben, Glad to see you landed on your feet! I noticed something happening on the 1st when I was paying my daily visit to your blog while I was in my local pub.

    I suppose that I am lucky as my blog has not been hacked so will be implementing those security measuers you mention here. After all “Prevention is Better than Cure”

    Thanks for sharing Buddy and All The Best.

    -Phillip
    .-= Phillip Dews´s last blog post: Hey Blog Fans. I am Six Months Old this month! =-.

    • http://ben-lang.com Ben Lang

      Great to hear that you visit daily :)

      Great point, preventing this problem is much better than curing it. Good luck Philip!

  • Pingback: Tweets that mention Getting Your Business “Hacked” From You | Ben-Lang.com -- Topsy.com

  • http://www.youngprepro.com Onibalusi Bamidele

    Hi Ben,

    Glad you overcame the hack, I have learned a lesson from this.
    Many thanks for linking to me.

    -Onibalusi

    • http://ben-lang.com Ben Lang

      Hi,

      Thanks so much for your help. If not for you I never would have known about the virus.

  • http://www.drinkwhat.com Steve

    Thanks for the heads up! Sorry to hear what had happened to you and I’m glad that you got it fixed! I’m doing back up and installing security plug-ins right now for my blog. Thanks!

    • http://ben-lang.com Ben Lang

      No problem, get to it as soon as you can, you definitely don’t want this happening to you. Good luck Steve.

  • http://shirley.shirleyszone.com/ Shirley Osei-Mensah

    I’m so sorry to hear about what happened to your blog, Ben. I didn’t witness it.

    As you said, keeping a back-up of your blog’s data and also securing it through security means like a security plug-in is a really essential thing to do.
    .-= Shirley Osei-Mensah´s last blog post: Pictures Of Shirley Osei-Mensah And Others At TEDxYouthInspire =-.

    • http://ben-lang.com Ben Lang

      I appreciate your sympathy. I’m for sure going to focus on security more from now on…

  • Pingback: Tweets that mention Getting Your Business “Hacked” From You | Ben-Lang.com -- Topsy.com

  • http://www.dennisedell.com/about Dennis Edell | Direct Sales Marketing

    Ya know, as we speak I have wannabe guests asking me to set up contributor accounts….that would be a no?

    The links you provided are greatly appreciated, thanks man and very glad to see you up and running smoothly again.
    .-= Dennis Edell | Direct Sales Marketing´s last blog post: Updated: Do You USE Aweber? I Want Your Affiliate Link. Part 2 =-.

    • http://ben-lang.com Ben Lang

      It’s not a problem as long as you trust them. Just make sure bots don’t sign up, which is what happened to me. I’m so glad also, good luck Dennis!

      • http://www.dennisedell.com/about Dennis Edell | Direct Sales Marketing

        And there’s the rub…do I trust them NOW, absolutely! But, who can know…..
        .-= Dennis Edell | Direct Sales Marketing´s last blog post: I Need MORE Aweber USER Affiliates! =-.

  • http://o-copy.com/blog Kathleen O’Connor

    Wow, what nightmare! Glad you made it through, though. I recently bought an ebook called WP defender that teaches you how to protect your blog. I haven’t finished going through it all, but at least I now have regular back ups of my site being sent to me by email! I think I’m also going to sign up for a Password manager. Writing my password on random slips of paper hasn’t served me too well.
    .-= Kathleen O’Connor´s last blog post: Friday Link Lounge =-.

    • http://ben-lang.com Ben Lang

      It sure was :( I’m going to check out that eBook, this experience really spooked me out and I’m for sure going to pay attention to security now.

  • http://JasonWheeler.biz/stockmarket Jason Wheeler

    Ben I’ve just started checking your blog and you seem very successful. I’m curious where did you learn all this and what is it that is driving you at such a young age to be an entrepreneur? What kind of books and mentors have you been following? How old are you?

    Every kid should take a lesson from you.
    .-= Jason Wheeler´s last blog post: Stock Market Down Almost 1,000 Points At One Point Today | Repeat of October 2008 Drop Coming? =-.

    • http://ben-lang.com Ben Lang

      Hey, thanks so much for asking. I’m 16, my motivation is hard to explain and the books I read are by Seth Godin, Gary Vaynerchuck etc.

      I’d love to answer you more in detail so if you are interested shoot me an email at: b@langonline.com

  • http://JasonWheeler.biz/stockmarket Jason Wheeler

    Oh yeah. What plugin is the recommend button you have installed for Facebook? I can’t find it on WordPress. Thanks!
    .-= Jason Wheeler´s last blog post: Stock Market Down Almost 1,000 Points At One Point Today | Repeat of October 2008 Drop Coming? =-.

    • http://ben-lang.com Ben Lang

      Actually its not a plugin, I plugged in some code. Google this: “install facebook like button” there might be a plugin, or just paste the code directly into your theme.

  • http://www.liberateyourlifeproject.com liberateyourlifeproject

    Being hacked is a sign that you have “arrived” so to speak :)
    I wish I had the traffic volume and readership that warranted a hack!

    • http://ben-lang.com Ben Lang

      That’s very true, I guess that’s the bright side of it :)

  • Pingback: How to Create a Pro Website for around $60

  • Pingback: Why I was Almost Sued by The New York Times