For those of you who happened to visit my blog yesterday, I’m sorry to say that some mischievous hacker(s) had got the best of my WordPress database and wrecked this favorite blog of yours.
YES, I WAS HACKED….
I’m too tired to write anything now but I will update on my 15-hour journey through hell later in the day…..whatever it is,
PLEASE REMEMBER TO BACK UP YOUR BLOG NOW… it’s the best gift you owe it to yourself…
(to be continued…..)
What a way to celebrate the spectacular event of the 100th post of this blog with an article on how I recovered from “playing hide and seek” with the hacker(s). Well, as they say the worst happens when you least expect it and it did.
First of all, I’d like to express my gratitude to those who have supported me and left me an encouraging words comments of support, especially many thanks to Jay from SuiteJ.com, Aidi from IndoContest and Rajesh from TechBlissOnline who have helped and provided some possible solutions to me throughout the ordeal.
Getting hacked is pretty common nowadays and a quick search on Google that returns 31,600,000 results proves the point. I reckon WordPress is a victim of its own success or its vulnerability is probably still open to any mischievous hands of devils.
One of the regular readers here, Kouji had this to say….
It’s sad, the fact that a person with that much talent, directs it to something so unproductive, especially in light of the fact that the world has so many problems, and he could have instead been part of the solution.
Here’s another one from Rjani
….hackers don’t crack sites. Real hackers built the internet and they give away free programs to the community…..real hackers feel very uncomfortable when people mix them up with crackers
How Could It Happen…
To be frank, I wish someone in the know could shed some lights on the issue. I was clueless and I am still now. I remember 2 months ago, I wrote a post on 5 Essential WordPress Security Tips and I had taken all the necessary steps to protect my blog but alas, it wasn’t enough.
I woke up to discover that my blog was redirected to WordPress install mode
Who the hell did this to me?
and a check later – through my cPanel – showed that all my data within the database were deleted. How the hell the hacker(s) got into it and if they did, why didn’t they erase everything? I mean they could have deleted all my databases but thanks God, they choose to delete one of them only.
The only unusual thing happening on my blog prior to the attack is the unusual number of user registration spams on my blog and I’m not too sure, I could be wrong though but it could probably be one of the cause of the problem.
There is little or nothing to prevent user registration spam and it was only recently that I’ve discovered a plugin called SABRE which claims to prevent the spammy registration. Did it help? Well, nothing is ever perfect. The event that followed suit proved otherwise. However, it’s still one of those plugins I’d not hesitate to recommend to you.
Backup Your Blog Now…
However, nothing was more comforting to know that I had a backup of my database to put everything – well, almost everything – back to its original state. I’m a big advocate of using WP DB Backup to back up all my vulnerable data.
In all honesty, it’s a God-sent tool that does the magic of backing up your database. Speaking out of my personal experience, I’d suggest you do a daily (not weekly) backup and have it sent to your email for safekeeping. That way you are not going to lose a few days of your posts should it happen at the end of the week. I couldn’t imagine the worst if I have not had done so.
My point is irregardless of how new your blog is, please remember to backup your blog NOW if you haven’t done so.
If it could happen to me, it could happen to you too
How Did I Restore My Blog…
So in the spirit of giving back to my readers, I’d like to share the steps I have taken to restore my blog back to its original state prior the attack (though I lost some of the comments, visitors tracking data, my advertisers’ banners, just to name a few) for the benefit of others who might in the future face the same predicament as mine.
In any case should you be in the similar situation, you need not go into a panic mode knowing well that you have a backup of your database. After all, the rest of the restoring process is just a matter of following the checklist below.
Credit goes to Jay who had patiently – in a sleep mode – run down a list of the necessary steps. Thanks, buddy…
20 Post-Hack Restore Checklist
- First thing first, check that you have the latest backup file usually in the format .sql.zip and download into your desktop.
- If you are yet using FireFTP – a nifty tool that will allow you upload files from within the browser itself – I’d suggest you install the addon on your Firefox.
- Connect to your host with your FTP details
- Once successfuly connected, go to your /www and download the whole /wp-content to your desktop. See the screenshot.
- Download WordPress install package as we going to initiate a fresh install.
- Select and upload the whole package file and override the old WordPress files. See the screenshot.
- Create a new database and here’s how you could create one.
- Download
wp-config-sample.phpand fill in the details of the database you have just created. - Save it as
wp-config.phpand upload it where it was before. - Now point your browser to www.yourdomain/wp-register.php and follow the instructions.
- You are now done with the first step and you should see your blog with its default theme.
- Next, login to your cPanel (www.yourdomain.com/cpanel)
- Under the “database” section, click on phpMyAdmin.
- You should be able to see your database on the left section of your phpMyAdmin.
- Click on your database _[name of your database]
- On the top navigation tab, click on the Import button
- Browse your backup file, see #1 and click Go
- Grab a coffee while awaiting the import of your database.
- Once done, you should have successfully restored your blog.
- Lastly, go to your plugins repository and activate some of the plugins that aren’t activated during the restore.
That’s all you are required to do. Gosh, this is worthy of a separate post if you ask me. I hope you are following me well here and in any case, if anything goes wrong, don’t go to WordPress support forum. It’s the worst place to search for answers. Leverage on your relationship with other bloggers instead.
Shoot me an email. I’ll do my best to help. The whole episode has made me a better blogger and fact is I have gained a couple of lessons I wouldn’t have otherwise learned. I call it “A Blessing in Disguise”.
Final Words
In all fairness, I wouldn’t rule out the possibility that it could also be due to some issues with my host. Probably my blog wasn’t hacked, there is a good chance that my database was deleted unintentionally on their routine maintenance or upgrading or whatever they call it. The possibilities are endless and no one will ever come forward to admit their mistakes – if any.
Whosoever mistake it may be, the lesson learned is that prevention is always better than cure. It’s absolutely important to automate the backup daily of your blog irregardless of what. It’s one of those things you can’t afford to procrastinate.
DO IT NOW and don’t take it for granted. I’ve came back from hell alive and for God’s sake, I’m entitled to force you to do it.
And to those who have successful hacked my blog, it’s one hell of a hack and thank you for the experience. It’s the best of the worst experience.
Related posts
- Do-It-Yourself WordPress Installation Installing WordPress on your web server shouldn’t be too much of a task. It is relatively easy to perform...
- The Way I Transfer My WordPress Blog To Another Host OMG! I did it. I was very nervous in the beginning as this was the first time I attempted...
- Now It’s Time To Protect Your Blog What have you done lately to protect your blog? You probably never thought of it in the first place,...
- How to Transfer from Blogger to WordPress? The author of this post is Brian, the blogmaster of Domain Structure who has just moved from Blogger to...
- Post Install To-Do List – 10 Plugins You Ought To Install One of the primary reasons WordPress is the preferred choice of blogging platform is the limitless possibilities one can...
Sponsor of The Month
- Keyword AcademyIf you are struggling to make money online, this is where you'll get the method, the support, and the tools you need to build a sustainable low-maintenance income online.
- Is Your Brand Here? Advertise with Us!
{ 93 comments }
Yikes… *checks his database backups*
Just take it slow (nerve-destroying experience most probably).
Details on what hole was used coming later?
I wish someone will come forward and show me the hole….
God, the thought of getting hacked scares me. I will have to look up backing up my blog soon.
Oh yes, do it now while you can… glad to see here.
Glad to see that you managed to rebuild your blog quickly!
Thanks for your support, Jean…it wasn’t that quick anyway
When I first read the title I thought you refer to this
http://www.dailyblogtips.com/website-traffic-series-part-13-facking-a-hacker-attack/
but it’s for real oh my
I backup db weekly and backup files monthly (just the theme that I changed here and there, I host all media files at other places)
Yeah, it’s real….I recommend you do a daily backup instead of doing it on weekly basis…
I did notice that, and I’m pissed! That’s not cool man.. you have a community, and readers who look forward to your daily interactions.. and for someone to go and mess with that is unfortunate.
It’s good to have you back.
Thanks for your support and words of encouragement, E.
Hey Yan,
That sucks! But good to see you back up so soon.
It’s high time we understand how important backups are :mrgreen:
[WORDPRESS HASHCASH] The poster sent us ‘0 which is not a hashcash value.
Hey, thanks and good to see you back here and yes, it’s absolutely important to back up your blog, I would have been gone if I did not…
I have to do that. I am so strict about backing up everything else, and my blog should be no exception. Glad to see you’re back up and running despite the attack!
Thanks, Kristi. It’s been a while seeing you around here and thanks for the support..
Looks like your back, Yan. Thank goodness for backups it would have been a shame if all your posts had just poofed forever. I came on after you had been hacked and only saw your Hacked announcement post. It almost made me cry to think of what had been done
Hey, Emma.. thanks for your support too. I have been backing up my blog right from the beginning and it’s only now that I had a chance to use it..:-)
Oh my gosh. I can’t believe they hacked your blog. That is crazy!
That is it I am going to back up my blog right this minute as we speak.
I can’t afford to lose all my content. That is about 6 months worth of work!
[WORDPRESS HASHCASH] The poster sent us ‘0 which is not a hashcash value.
Good to hear that, Ryan and yes, who else can afford it anyway?
I am looking forward to hearing the entire story though
[WORDPRESS HASHCASH] The poster sent us ‘0 which is not a hashcash value.
Sorry not trying to span but I just think it would be awesome if you could write a post on backing up your database for your blog so we can all know how to do it
[WORDPRESS HASHCASH] The poster sent us ‘0 which is not a hashcash value.
oh. so that’s what happened… that sucks, man. am sorry to hear about the hacking. hope you’re able to get some rest.
it’s sad, the fact that a person with that much talent, directs it to something so unproductive. especially in light of the fact that the world has so many problems, and s/he could have instead been part of the solution.
Agreed! Very well said, kouji and if only….they could be part of the solution. This world is going to be a better place to live in.
Sorry to hear about that Yan.. Since my DB backups are soon to be delivered via email I should probably backup the posts.
hmmm… just realized… will have to figure out how to fully backup a blogger blog… :O again though, thanks for the timely reminder.
These hackers are at it again..pls share with us the details
okay you got to tell me how to backup first before I backup. :)
Yan, is your blog now totally recovered?
I left two comments yesterday when your blog had default wordpress template. I don’t see the comments here…
Yeah, all those comments have been deleted once I restored everything back to its original form. Anyway, thanks for the support, Nihar.
How’s the weather in Japan?
I’m sorry for what happened to your blog, Yan. These teen retards could really use a girlfriend or something :D , they’ve nothing to do but cracking sites…kinda sad.
Anyway, I’m glad you were smart enough to back up your files. I do it too, fortunately there is a function in wordpress that e-mails it every day.
Oh, and one more thought: as it turns out, hackers don’t crack sites. Real hackers built the internet and they give away free programs to the community. I know it’s the widely accepted term for guys who f*** up your site, but real hackers feel very uncomfortable when people mix them up with crackers, and I can understand it, dedicating your life to help people for free and when someone hears you’re a hacker they send you to hell :D
Thanks for the support, rjani. These ‘kids’ are just doing it to showcase their talents in a wrong way in the hope that Google will notice them one day.
I’m glad that your blog is back, Yan. :)
Thanks for your support, buddy…
Good to see you back Yan. You had me pretty worried for awhile there.
Thanks for your support, Sire..
@all: Thanks all for the support and appreciate all the comments of support. It’s nice to see you guys back too. I love you all.
Sorry to hear that your blog got hacked! But, if there is a silver lining it will make everyone else make sure that they are backing up their own blogs daily.
Hm… I am no expert (I say this a lot lately :) )…
1. Relatively low level of damage and no changed passwords vote for host issue.
2. A lot of spam registrations may be attempt to exploit php security issue that was fixed in 2.6.2. But since issue is about reseting passwords – if all are in place it’s not the case.
I’m yet to upgrade to 2.6.2 as I’m waiting for 2.7 which will come out in about a month or so… hopefully it will fix other security issues.
Sorry It happened to you Yan, I do weekly backups but I plan to change it to daily.
Yeah, it’s better to do a daily backup than a weekly one..
I will say though.. Being hacked can only mean your site is gaining in popularity. Although its a horrible to have happen.
If that’s true, I’m cool with another one…:-) no, it’s a joke
Haha yea… Being hacked is definitely not a pleasant thing. I have seen quite a bit of it happening lately.
Anyway, thanks for your support…appreciate it a lot. I hope that your blog is already in a backup mode.
Yep.. my blog gets backed up daily and sent to me via email as well as downloaded. No such thing as being safe enough.
Domain Structure lastest post..Social Bookmarking List
had you checked ur cpanel.
coz i think they are going to ‘jump in’ again,
and thats going to be easier if they left a backdoors.
[WORDPRESS HASHCASH] The poster sent us ‘0 which is not a hashcash value.
I have since changed my password to the cpanel and created a new database. That’s pretty much I could do right now.
Do you have any other suggestion?
glad to see you back again…I understood how you felt when it happened…hacking is done by someone who is really talented technically…it is frustrating when they do it and god only knows their real intent… But you are saying that your posts have been deleted.Why does the hacker want to delete your posts? What pleasure does he get by doing so? Hackers would probably target wordpress blogs for traffic redirection and links.But in this case,your db has been emptied.So my guess is it has got more to do with someone’s fault from your host.
Despite all preventive steps, hackers would find some ways of hacking your website, if he is bent upon doing it.So understanding the backup and recovery process is vital for a blogger.I will make a few posts on that from a technical perspective.
good luck Yan and I will help the bloggers with whatever I know.Continue blogging and you are good at it.. :)
I’m beginning to feel that it could be due to my host’s fault. Why would anyone do this to my blog anyway? You are right….what pleasure does he get?
I think someone need to write a more comprehensive back up and restore process for the benefit of others and that someone could be you.
Oh ya, thanks so much for your time and support. I wouldn’t had went through the restore stage without your help.
Cheers
@Yan
Threaded comments are nice but combining it with subscribe to comments when you reply to every single comment it drives my mailbox crazy. :)
Could you please reply in bulk as before? Or at least include whom you are replying to in replies – it is visible in threads but not in email notifications.
PS huge thanks for design changes on comments, they are much more readable now.
Rarst lastest post..Determining file type with TrID
@Rarst: I’m sorry about it and I’ll make an effort to quote whom I’m replying to.
Oh yes, it took me quite a while to make this plugin workable on my comment section and little did I realize that in the next release of WP 2.7, threaded comment will be included in the package.
This is one of the toughest plugin to install but it’s worth all the effort as I find it easier and more manageable to response to the commenters.
What’s up Yan? I appreciate the public thanks, but it’s np at all. I’m just glad to hear that it eventually went well, and you didn’t lose anything (except time) :)
The crappy part is not knowing what actually happened, because then you’re stuck wondering/worrying if it’ll happen again. :(
Cheers, and glad everything is back to normal!
Jay
SuiteJ lastest post..5 Simple Steps To Get Started Website Flipping This Weekend
@SuiteJ: It’s my pleasure and thanks for all the help. I think I could handle it better if it happens again..
I guess no matter how we prevent it from happening, there isn’t a foolproof way and what’s important is to know what to do thereafter.
Happened before to myself as well. Luckily my hosting was able to resolve the problem in minutes. Thats the problem with open source stuff.. If one thing is left un-fixed, the users pay for it :(
Brad Blogging.com – Personal Blog Tips And Blog Help lastest post..Weekend Wordpress Security Tip: Update Your Old Plugins
@Brad: Yeah, due to time difference, I wasn’t that lucky enough to have my host responded to me in time but I was blessed enough to know some great bloggers who pulled me out of the mess.
Hey Yan, just saw you mentioned my comment in the post. Thanks man, it even boosted my Technorati authority :D
By the way, I’m not sure about this, but I saw something on my hosting’s page that I can backup my files there too, though I still have to figure out how to do that automatically…
That looks even better, cause that saves EVERYTHING, so even if I’m hacked seriously, or my hosting deleted some more important files by mistake, it’s not a problem…
rjani´s lastest post..Find your best traffic sources!
@Jani: You are welcome..I just thought it was worth a mention. I recommend using WP Backup to automate your database everyday and have it sent to your email.
I doubt you could automate the backup from your cpanel. Let me know if it’s possible..
I saw your blog go through the whole thing. at first there were php errors showing for some parts of your site. things like plugin notifications saying the procedure doesn’t exist.
then your theme broke, it was just the header
and then finally you went to install mode
and at last you made it back! Glad you had the power to rebuild, for some people that would have been the death knell to their blogging!
wp-backup sends me my databases every day by email, the worst that can happen is that I lose 1 days comments and posts.
Andy Bailey´s lastest post..Some improvements for commentluv.com and plugin
@Andy: Yeah, it happened not too long after you came in here and introduced the ajax comment love. In all honesty, I never thought that your plugin could be the cause of the problem but it was too coincidental that it happened right after I installed yours.
Yes, I was lucky enough to have the support of some great bloggers who came in to help me get out of it within the shortest period of time and WP backup was the real blog saver. I couldn’t imagine the worst without it.
Thanks for dropping by, Andy…
Congrats on getting your blog back online Yan! let this incident be an indispensable teacher to all of us bloggers.
dimaks´s lastest post..Jason Mraz – I’m Yours Video and Lyrics
@dimaks: Thanks, buddy…appreciate your support.
Daily backups it is!
I wonder if there is a script out there to do this sort of thing automatically. I know you can save the db, but what about an ftp cron job or something? Any ideas?
Why would you rather not use WP db backup instead? You can do scheduled backup and automate everything with a peace of mind.
Well, the only way to automate that way is to use email, and just look at what happened to Palin and O’Reilly ☢
glad to see you up and running again!
Hugo Santos´s lastest post..Feeling Sick
@Hugo: Thanks, buddy…
Yan, this is the second time I pay a visit here, I guess that’s because I love your blog. And I did’t expect to hear this bad news. I feel sorry about this. At the same time I believe that everything will just get back to normal. Please don’t be dejected , everyone has hard time.
All the best
Appreciate your concern and support. Glad to see you around here again and all the best to you too.
Will there be a third time?
There does seem to be more of this happening than usual…or perhaps I’m just a bit more aware of it these days. Anyway, I wrote something on this just a couple of days ago, which includes a couple of resources for securing your site: http://www.hippowebsolutions.com/how-secure-is-your-site/ if anyone’s interested.
Rod´s lastest post..AdWords competition update
You bet it is and mine was no exception but it’s been a good experience for me and I should be able to handle better in the future.
Good to see you here again, Rod.
OMG! I’m glad you’re back now! Some people don’t have anything nice to do with your life! :(
I’m going to copy all the steps now and is it okey, if I’ll post in in my blog too? Of course, I will credit you to this post :D
Nice post,Yan!~
Yen´s lastest post..Ruby Tuesday
No problem about it, Yen. Go ahead and spread the words for the benefit of others and please don’t forget to have a daily backup of your blog.
Anyway, thanks for stopping by and appreciate your support.
Hi Yan,
Glad to see you back after your horrendous episode I’m sure. To me and I’m sure to many more, this blog has provided such great source of information and some inspiration to me as well. Not many can do what you’ve done, get hacked, write about it, and proving your point about backing up your blog. But I won’t want you to go through that again my friend.
Peter
Work At Home Ideas´s lastest post..OMG, I Got The Google Ban?
Hi Peter
Thank you for such a great commentary. Yes, it wasn’t your ordinary day but I have learned a lot from the whole episode. In fact, it was more of a blessing in disguise.
I wouldn’t have otherwise appreciated the importance of choosing the right host and the indispensable WP Cache, not forgetting of course WP DB Backup.
I hope it serves a good reminder for others to backup theirs. You’ll never know what’s in store for you.
Yan
Wordpress has good security with the latest version at least. You’ll find that sucky Wordpress plugins open up your installation to hack attacks.
There are numerous plugins to prevent hacking attacks, you just got to Google for them.
Dwayne´s lastest post..Reality TV shows suck
Fact is WordPress in its native form isn’t doing enough to protect itself and that’s why plugin like WP DB backup is made available lest anything goes wrong.
If someone is bent on being mischievous, there isn’t much we can do about it. So the take away message is “to backup daily”.
Yan,
I would not wish anyone to go through this experience, not even my worst enemy. Many thanks for sharing about it though since I have immediately backed up my database and have even automated the process of backing it up daily. Really appreciate your sharing about it and also your warning the rest of us to be careful. Very much appreciated indeed.
Thanks a ton!!!
Thanks, buddy. Good to know that you are keeping the habit. You’d surprised that many still don’t.
Anyway, it’s been a while I see you around here. Must be busy, busy, busy, huh?
thanks for post
You are welcome and glad to have you here, Lida.
Sorry to hear you’re hacked but the way I see it, it just shows you’re finally a big success!
Think about it… no hackers would target a small blog, just like no gossip reporter would follow a nobody about their love life.
The fact that you got hacked shows a lot about your popularity! I would be delighted if I were you!
Andre Thomas´s lastest post..The Duplicate Content You Didnt Realize You’re Producing – Part 2
…I would be delighted if I were you!
I’m beginning to think it that way and with the experience, I wouldn’t mind another attack if it’s due to the popularity of my blog….(*wink*wink*)
Thanks for the taking the time to visit my blog and appreciate your encouraging comment. I look forward to have you again and share your experience with the community here.
Yan
PS: Thanks for the shout on your blog.
Yan,
Just recently I read that someone else’s blog had also been hacked too. I am now eager to install this plugin to get the backup for my blog done. I had a real scare 10 min ago as I couldn’t access both my blog and my site. Turns out it was caused by a server problem. Relieved but still scared!
Peter Lee
Work At Home Ideas´s lastest post..Reader’s Appreciation-September 2008
I couldn’t possibly stress further on the need to back up your blog and how important it is.
If there are 3 essential things I should recommend to everyone here, they are backup, backup and BACKUP.
Good luck, pal and hope everything goes well in Peterville.
Yan, this is weird however I’m trying to guess. Maybe you were installing an older version of WP (pre 2.6.2) and I recall that there was a security hole that may help hackers to gain access to your sql. Check WP’s development blog regarding the announce of upgrading to latest WP 2.6.2
Maybe I’m right or wrong however I do advise checking your Log Serves for this day and see maybe the hacker use some script to gain access. Moreover why don’t you check the whole thing with your Hosting Service.
Hicham´s lastest post..Back to the Future!
Hi Hicham
To be frank, I didn’t know what the problem was as it could be due to my host or any security hole in my blog. But then, it doesn’t really matter anymore as I’m now more prepared with what to do next if the same thing happens again.
Thanks for your input. I appreciate it a lot…
Yan
Yan,
Nice post, this will help wordpress bloggers like me to keep proactive and prepare for a bad day.
Thanks
Nihar´s lastest post..Happy Birthday to Hack Wordpress!
Most all blog hacks are from people not upgrading their blog software.
If you don’t change your theme often, just backup your template one time, then create or download a script to email you a database dumb every couple days.
Hacker Forums
Hacker Forums´s lastest post..Dutch Judge sides with Hackers.
if my blog gets hacked,it will be the worst nightmare for me
Webmaster Forum´s lastest post..Add to Favourites code for Internet Explorer.
Hi Yan,
I just got hacked too (by myself) not something I’m proud of but just want to say thanks for always reminding people about the importance of backup. Good thing I did and did survive this incident.
Peter Lee
Work At Home Ideas´s lastest post..The Night My Blog Got Hacked
{ 7 trackbacks }