I Got Hacked. Here’s What I Learned From It

This week one of my top sites was hacked. I did a case study about this on Wednesday before we had determined what the root cause of the hacking were. My go-to guy for fixing any of my sites that get hacked is Jesse from AdminDaily. My site is now back to normal and like any time something like this happens I like to understand how it happened so that it won’t happen again on any other sites.

In this case I was actually hacked in two different ways, the first was an out-of-date version of the TimThumb script which this site uses to get screenshots of websites for our directory. This is one of the most-well known security precautions you can take, make sure that every script on your site is always up-to-date. I’m usually very good about this but sometimes this can slip through the cracks and in this case hackers were able to essentially gain full FTP access and upload files wherever they wanted!

The next hack took place on the blog that we run on the site. Hackers used an exploit in the plugin Tweet Old Post to place spam links in the header of my site. They made it so that only Googlebot would see them, thus making it much harder to detect. These spam links were giving people warnings when they went to the blog which is how I was first alerted of the hacking myself.

So what are the lessons here?

  1. Keep all scripts on your site up-to-date. This is an oldie but a goodie. Hackers are always looking for exploits in scripts that are used on millions of sites. When they find an exploit it usually isn’t too long until the creator of the script puts-out an update closing the security hole. If you don’t keep all of your scripts and plugins (if you’re using WordPress) up-to-date you’re leaving yourself open to well known hacks, which hackers love!
  2. Be careful which WordPress Plugins you install. Make sure that all the plugins you use on your site are from trusted sources. Do a Google search and make sure there aren’t a ton of complaints about exploits or sites being hacked running this plugin.
  3. Hire an expert. Last, but certainly not least is a lesson I learned a long time ago but can’t stress enough. Don’t try to fix it yourself, hire a pro who knows what they are doing. AdminDaily is the company that I use and recommend.

Keeping your sites secure is a critical part of running an online business. Hackers are rarely specifically targeting your site, they are just looking for sites with out-of-date scripts or plugins with known exploits. They go for the low-hanging fruit so don’t give them a reason to target you!

I am very happy that one of my flagship sites is now back up and running. It is scary when something like this happens but having an expert who can fix it gives me incredible peace of mind. So if this happens to you, don’t panic, take a deep breath and solve the problem. Then learn from your mistakes so that you never make them again.

(Photo Credit)

{ 4 comments… add one }

  • DNFblog.com March 23, 2012, 12:12 pm

    Morgan, one of my sites was hacked as well through the TimThumb.php script two days back. Thankfully, my hosting provider was more than up to task and got the malware removed. This was one of my most valuable properties and I was a little panicked when I got the Google malware warning. 

    Lesson learned: keep everything updated on your site. And make sure that you have daily database backups!

    Reply
  • Stephen Stankiewicz March 23, 2012, 9:14 pm

    Thanks for the heads up on this – I also run that script on a few sites and going through updating now.

    Reply

Leave a Comment