08.01.08
My blog was hacked!
Yeah… someone hacked this very blog you’re reading. And I had no clue of it for about a month. I know it makes me sound like a duffer, but hear me out.
It wasn’t like the hacker defaced my blog or had any weird messages scrolling all over it. But he did hack into my wordpress files and flooded it with all sorts of scam links - pharma stuff for enhancement, for shrinkage.. you name it.
It didn’t take Google long to drop me in their search rankings and remove most of my pages from their index. At the time of writing this post, my blog has only 29 pages indexed in Google. Just 2 months back, I remember seeing 300+ pages from this blog in their listings.
I don’t think I need to explain how much that affected my blog traffic. All because some automated script created by some hacker injected 1000s of scam links to my Wordpress header and footer files.
After a lot of research and reading dozens of blogs and forums, I traced the problem (?) and deleted these scam links from the header and footer files. I felt good, thanked Google for leading me to all the useful information and cursed the hacker one last time.
Or so I wished…
The very next day, the scam-links were back… in all their glory and in bigger numbers this time. I was demolished. I cursed - cursed technology, cursed Google, cursed the hacker, cursed anyone who came in front of me then. I was at a complete loss.
But even in that situation, I had no one else but Google to go to. There I was again, asking Mighty Google for the root cause of my problem. And like always, Google had answers. Every single time - the wonders of the Internet 
This time around, I was supposed to upgrade my Wordpress installation. I was running an older version which was plagued with bugs. Upgrading a software that my web host had installed at the click of a button seemed like an uphill task. But Fantastico (the automatic installer application that comes with most hosting accounts) made it a walk in the park.
So here I am, all upgraded to Wordpress 2.5.something in under 15 minutes. And hoping it keeps them hackers at bay!
Bruno Auger said,
August 1, 2008 at 9:12 am
I know how you feel I know of another mraketer who had their blog hacked like 5 times in a 2 week span.
It was just like your hacked through the header files. It is amazing what hackers will do just because they are too stupi to try and make a legit money making blog or whatever..
Marie said,
August 1, 2008 at 9:18 am
Sorry to hear about that, I stopped using wordpress due to the fact that the security level was just not there even in their updated scripts , not only that is they are not on the cutting edge..
I hope your blog gets back to the rankings…
I do not use google ads either, I make more money with another program.
Thanks for letting us know about WORDPRESS and their scripts
proson cheng said,
August 1, 2008 at 9:18 am
ok, thanks for your post… may be I should reference you and
do a post and warn my reader and subscribers : )
Lewis said,
August 1, 2008 at 9:18 am
Bad news! But here’s more caution… you need to update again as its now on V 2.6
Best wishes
Lewis
refurbished psp said,
August 1, 2008 at 9:32 am
Theres been alot of that going around
I am using a plugin for WP called Login Lockdown
it disables the login to adim after however many attempts you set in control panel.I notice from my logis that I was getting a botload of traffic to my admin login.
Hers the URL to the plugin
http://www.bad-neighborhood.com/login-lockdown.html
Ricardo said,
August 1, 2008 at 9:33 am
Sad to hear that your blog were hacked, sometimes is difficult maintain at bay these pest.
Chris said,
August 1, 2008 at 9:33 am
All the various php/MySQL content management systems out there suffer from the same generic exploits and they’re not going to go away any time soon.
If you want super secure go for simple css/html with a very good password.
Mike Ndegwa said,
August 1, 2008 at 9:37 am
At one point in life we happen to be victim of circumstances. sorry it happened to you. I admire your determination to shake off dust and move on.
This takes your blogging experience to the next level.
Softwares like comment Kahuna are used to leave comments on blogs and I admire them. but for spammers and hackers its unfortunate.
Happy blogging
Mike
http://www.mikesnotice.com/blog
khan said,
August 1, 2008 at 9:42 am
I am very very sorry
Arshad Hussain said,
August 1, 2008 at 9:51 am
sorry
i am very dis hard through internet marketing
Dame Wotta Tripp said,
August 1, 2008 at 9:56 am
This is something I hadn’t considered! I’m very sorry this happened to you and I sincerely hope you recover your lost ground. Thanks for writing about it!
Gregory Parks said,
August 1, 2008 at 10:15 am
Alok,
Welcome to the club. I am an early Internet user, since I wrote one of the technical papers on which the commercial market was based in the early 1970s in undergraduate school. It was called “How to Communicate by Lasers” and was sent to every major tech university in the world by my professor.
My email was “hacked” by a group that was “phishing” (looking for alphabetic email addresses and sending ‘junk’). I contacted the Los Angeles Police Department “Fraud Squad”. They are the best in the World - these folks are EXPERT.
I live in the land of ‘Intellectual Property’, so they take this stuff VERY seriously: movies, TV, Cable, songs, videos, etc. The cost to the economy here is incredible. With a bit of work on MSN, I found that my email was an alphabetical listing that included over 10,000 other recipients, which LAPD confirmed.
Anyway, I went “undercover” for LAPD and went to the bank, and identified myself to the bank manager at B of A where I’ve banked for 25+ years, so I know my way around.
Someone with a Russian accent contacted me from an ad I had posted on the Internet. Their offer seemed “too good to be true”, so I identified myself to everybody and agreed to take the call, via cell phone.
It was a money transfer from one B of A account to mine, not from some foreign sounding bank. I am an expert in the “Laws of Agency” and know that if B of A transmits the money transfer to another B of A branch, they hold full responsibility. Period.
Well, it turns out, the bank’s security code had been breached by Russian programers in the Ukraine (where all the Defense Computer work was done before the collapse of the ‘Cold War’), so these were very bright people looking for something to earn money.
BINGO. Sucker in gullible Americans.
It turns out, B of A had a “hole” in their computer software that’s used for issuing “Certified Checks”, which I had requested. Their software identifed “key customers” that were given the opportunity to create a certified check that B of A would honor, as long as the money was put into the account within about 60 minutes!
That’s like having a small merchant open a cash drawer and then leave the room to answer a phone call. The patron quietly takes out the cash from the open drawer, and later pays from the banks own receipts (ie, the patron pays nothing and walks away with merchandise).
The B of A Security people threatened to send me to jail, etc. I was a convict, etc.
When I explained what had happened, and what I discovered, which their whiz-bang analysts hadn’t, the head of Security shut up. The phone went dead for a few seconds, and then she backed off. She knew that I knew what I talking about and if this went to court, it would be a ‘public relations’ nightmare for the World’s largest bank.
Yup.
So I won, because I was absolutley correct.
We’re living in a “fish-bowl” today. The only way to protect yourself is to set up a separate bank account for business transactions, with very little cash. Keep your personal account just that: DO NOT EVER USE YOUR PERSONAL BANK ACCOUNT FOR A BUSINESS TRANSACTION.
Greg Parks
refurbished psp said,
August 1, 2008 at 10:30 am
Thats good sound advice ,I stopped in 2000 using my personal bank acct.
I noticed a russia domain that had hack one of my sites,so I tracked down this domain and found a forum that posted stolen credit card info…
A employee of a USA credit card CO was bragging about stealing this information off the call in line for customer service. and had complete card data.
I just dont understand why some just want to wreck others lifes…
kelly said,
August 1, 2008 at 10:33 am
I don’t know how hackers do it but always change your passwords often and use a seperate account from your business trading account. Think of the account as girlfriends!! One must not know of the other!! lol
Jo said,
August 1, 2008 at 10:37 am
sorry to hear that,
maybe you should try this one…http://wordpress.org/extend/plugins/wp-security-scan/ hope it will help
Steve @ Mens Health and Fitness said,
August 1, 2008 at 10:55 am
I have had the same thing, except it said hacked by something. It was a real drag. But my question is this, don’t some of the plugins not work when you upgrade to the different WP levels???
Thank
Steve
Money Maker Cash said,
August 1, 2008 at 11:19 am
I’ve run into the same problem twice when the scambots put hundreds of links into my header section - adding the root url of these links to the Wordpress blocking features seems to have cured the problem for me.
Terence said,
August 1, 2008 at 11:31 am
Sorry to hear about this. I heard that internet marketer Albert Hallado also had his blog hacked recently so maybe there is a pattern there?
I will be taking more care from now on including using the Login Lockdown plugin that a poster mentioned.
Get Email Addresses said,
August 1, 2008 at 11:48 am
Kinda the same thing happened to me but it was in the actual comments. I wasn’t checking the comments and sure enough all kinds of pharm stuff and bam, links were gone. Deleted all those comments and still praying to get the links back.
Ari said,
August 1, 2008 at 12:20 pm
Hackers and most other criminals have a clear advantage in relation to us, normal guys: they’ve got plenty of time to create their next evil thing ’cause they normally don’t spend their time working like we do, However, even if it’s hard to admit it, most of the Internet’s security breaches occur because of Mr. Gates’ Operating system, Windows.
I’ve been on the internet for over ten years and never had a virus or a spyware or any other problem with my computer, simply because I use a Linux operating system.
Create a Blog said,
August 1, 2008 at 12:41 pm
Makes you worry about using wordpress as your blogging platform
Glad you have found a solution for now
Webmaster
Lyne said,
August 1, 2008 at 1:10 pm
Sorry to hear that your blog were hacked. Thanks for writing about it! I will be more careful now that I know.
Lyne
Vikash Kumar said,
August 1, 2008 at 1:26 pm
Dear Alok,
Sorry to hear that this happened to you,
As already suggested to you try
http://www.bad-neighborhood.com/login-lockdown.html
as well as I will suggest you to regularly update your blog version as and when it is available.
A wordpress plugin “wordpress-automatic-upgrade.1.2.0.2″ is also there which will reduce the conversion time as well as it will inform you about changes or new version availability.
Wishing You Best,
Vikash
Marshall Fowler said,
August 1, 2008 at 1:47 pm
[snip: No promo links pls]
Alok check the web site listed above.This is the best security program.The tec support is the best is the best I have ever seen.It can save you money on computer repaires.
Marshall Fowler
Dave Groom said,
August 1, 2008 at 3:49 pm
I have had the same problem about 3 months ago! I see wordpress has moved on already to version 2.6- fast moving… It is time to think about using ssl for the wp-admin area! Good luck!
Sheila Kennedy-Robinson said,
August 1, 2008 at 4:28 pm
Thank you Alok, I am very new to the internet and to blogging, and I appreciate your time to share this information.
Sheila Kennedy-Robinson
Kevin Sinclair said,
August 1, 2008 at 5:04 pm
Thanks for posting this information and sorry that your blog was hacked. I am going to check all my wordpress blogs now and to ensure they are running on the latest version of the software. Also, thanks to those who provided links to security fixes etc. I\’ll be checking those out too.
Ellie crowell said,
August 1, 2008 at 5:20 pm
Alok,
I read your email.You must have felt violated,anry. do not wish bad things
on anyone it will come back on you. The hacker probably did not have anything better to do or maybe he was jealous of you.who knows. put some
security on your blog so it does not happen again. There are alot os sickos in the world.
Andrew Jones said,
August 1, 2008 at 6:31 pm
Hi sorry to hear of this breach
but did you know that google have been named as the worst offender for allowing sites that drop all that nasty stuff on your computer
and the google toolbar is a notoriuos way for them to get access to your computer
as I found out recently
dear mum placed the google toolbar on the pc we got loads of worms etc etc,I removed the toolbar and it reduced the incidents to a rarity
then to my ammazzement she only went and put it back on again last week and CRASH!!!
so I have taken this out rescanned with
Trojankiller,avg8,spybot search and destroy and Vclean also Avast all downloadable freeware from http://www.majorgeeks.com
as is this super fast downloader DAP speeds uop your downloading by upto 400% and its FREE!!
DAP also has a checker within it that scans your downloads this has sved me some grief too
kindest regards AndyJ
Michael VanDeMar said,
August 1, 2008 at 9:48 pm
Alok, not to scare you, but simply upgrading may not be enough to keep them out. I’m not saying they will definitely be back, but unless you did a total wipe and reinstall (which Fantastico does not do), then there is a chance that they can still get in. I blogged about how to do that relatively painlessly here, in case you do wind up needing to do that:
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
Good luck!
Michael said,
August 2, 2008 at 12:28 am
Why not give serendipity (www.s9y.org) a try. I am using it for years now and have never been hacked.
There are tons of plugins aus thems installable via the admin interface, it’s customizable, well documented and the developer & community is *very* helpful.
How To Make Money With EBAY said,
August 2, 2008 at 9:47 am
Hi,
Ya hacking is something dreadful. I never had my blog hacked but once I had my domain name hijacked. Every time I will got to the URL it will go to some gambling site. I had a hell of a time fixing things. Anyway these days Google is taking stern steps to curb down spam blogging.
kelly said,
August 2, 2008 at 7:46 pm
Jo, that is a good suggestion for WP. Filed for future action!
Alfred Fernandes said,
August 3, 2008 at 8:18 am
Hi Alok,
Sorry to hear that your became a victim of online criminals! That’s the reason I’d not seen your blog post email for quite some time. Glad you overcame this unexpected problem.
Wising you more continued online success as ever! I need your support, good neighbour. Good Luck and Cheers!!
mohamed ahmed said,
August 3, 2008 at 10:16 am
10 Reasons To Form A Strategic Business Alliance
1. You could offer your customers a larger variety ofproducts or services. This will allow you to spendless time and money developing new products to sell.
2. Your number of sales people will increase becauseyou’re combining with other business. You won’t havespend to time and money hiring new employees.
3. Your marketing and advertising budget will increase.When you form a strategic alliance with other businessesyou both will share the advertising and marketing costs.
4. You can now offer your existing customers moreback-end and upsell products. This will increase yoursales and profits.
5. Your business will gain a larger number of skilledpeople working on the same project. You will gainthe knowledge of the other businesses employees.
6. You will be able to beat your competition by sellingto a larger target audience. You will also increase thetotal number of existing customers you can sell yourproducts and services to.
7. You can exchange endorsements with your alliancepartners. You’ll add more credibility to your businessand gain your potential customers trust to buy.
8. You can expand your business more rapidly. Youcan develop new products and services faster witha larger work force.
9. You’ll be able to solve your customer’s problemsfaster with a larger base of customer service people.You’ll also learn new ways to improve your customerservice from your alliance partners.
10. You’ll have a larger number of “strategic thinking”people. This will allow both businesses to come upwith profitable business ideas quicker than before.
Shon Jimenez said,
August 3, 2008 at 1:39 pm
I know exactly what you are talking about. Someone got into my cpanel which controlled about 30 websites and they hacked everyone of them. When I would open the website at would have scrolling letters saying Deface By So & So. This totally burns me up. They hit the one site that was making me money and of course I had no backup of it. So now I do not make any money now. I hope the dude who did this really feels good about himself, taking away the only income someone had.
Shon
Jay said,
August 4, 2008 at 9:17 am
That’s scary and it happens to people unfortunately. It hasn’t happened to me yet (fingers crossed) and I don’t look forward to when it does.
Somik Ranjan Roy said,
August 4, 2008 at 7:35 pm
Hacking is inevitable. Even with the best of software programmers around and the best of information technology available, its just not posible even for either the government or the big comapnies who spend millions to plug all possible loopholes. There always be going to some chink in the armour.
However that does not mean that you don’t take security measures to prevent hacking. The best is to always update your software thats always have a better security than the previous ones, as they keep upto date to keep pace with the hackers latest startegy and tactics to gain entry.
Always have the latest anti virus software, firewall, routers and store in external harddrives for automatic backup of data. You can do so manually using the cPanel and not just depend on your ISPs to do the same automatically.
Also allow the software to update automatically, so that you are running the latest version always. So make sure your Host has one if you are using shared hosting. If you have your own dedicated server, then get it regularly updated by a systems administrator, for the sake of your fans, clients and customers. For example, if you use WordPress, protect your ‘/wp-admin’ area by configuring .htaccess.
If you’re running say wordpress it’s a bad idea to be running 2.0 when say 2.6 is out and so on. So keep yourself updated. Make sure you check the data input that you receive through filled in forms or otherwise. If you are running a membership software you can prevent bruteforce attacks by setting an incorrect login attempts limit say at the most 3 or 5.
Use passwords which is a combination of letters some of them being in capital letters and numbers. The password must be ten to fifteen characters long in alphanumeric. Avoid using duplicate passwords i.e. do not use the same password for different purposes.
Last but not the least keep yourself upto date with the latest developments to identify any security lapse if any and bolt it as soon as you discover them. For this keep your eyes and ears open.
Doug Allitt said,
August 5, 2008 at 5:43 am
When it is so satisfying building a genuine internet business why waste time with illegal and very annoying activities. You can only feel sad for these people because they are missing out on so much.
Jonathan said,
August 5, 2008 at 9:16 am
Glad to hear you got the problem fixed. I’m going to install Login Lockdown as well….
Jeff Paul Internet Millions said,
February 20, 2009 at 12:34 am
I find blogging one of the good ways of internet marketing. I have received a small number of visitors on my site especially from the sites where I commented their blogs.
Perfumes for Mens said,
March 25, 2009 at 11:46 am
Your products are similar to our products. So through your post I got the knowledge that how can I improve my products marketing and improve my product through new fragrances.
Jeff Paul Big League Players Club said,
April 13, 2009 at 10:32 pm
I’ve been reading your post and found it interesting! Internet Marketing these days is spread almost everywhere in the IT world. I run a blog on Internet Marketing so I can use something from your blog as well.
John Beck Property Vault said,
May 29, 2009 at 8:35 pm
Your post is awesome and I am going to add it on my website because recently I have started a small business of internet marketing. This post will help me in expanding my knowledge about Internet Marketing.
Norhafidz said,
June 10, 2009 at 5:11 am
I should be more careful after this, though I have never experience this situation before. Thanks for your post pal. It creates awareness inside me
John Beck Review said,
June 16, 2009 at 10:18 pm
Interesting post. I enjoyed reading your post. My cousins and I have been using John Beck’s program for a while. We even have our own separate blogs on our small business.