This time one of my sites that makes me money got hacked. It is a pretty large site with hundreds of products. Gets only natural traffic. Yesterday I went to check on the site and found my index file had been defaced. These are the steps I took

• I logged in to my FTP program (Filezilla) and blew the site
• Went to my backup folder on my computer and uploaded all the files.
• I got it back to where it was 98%. (Some links are broken)
• It is up and running again. It took me 20 minutes to do this.

What I did not do was to check if only my index file was defaced or Iframe was injected. I learnt about Iframe only this morning. It is something very nasty.
“After they put the iframe code into that person’s pages, anyone visiting that site will be redirected to the hackers infection site, where the person’s computer will be injected and infected. The hackers are depending on site owners not knowing their sites have been hacked so that the number of hacked sites will grow (as they have starting in Italy) into the tens of thousands… Please don’t think you can depend solely on your antivirus software to protect your computer. It more than likely won’t help you. For $1000 dollars, the russian hacking bulletin boards are offering Mpack with 1 year support and a GUARANTEE that virus programs will not catch the keyloggers. SO, keep your virus program updated, but don’t depend on it completely!”  – This is from a digitalpoint thread.
Solution
If you are facing this problem and your administrator says it is only your account, just change the FTP password and it will stop. Just changing password is not complete solution but is the first step.

What next?  Your password is leaked that means your computer is sending out the passwords, so I would suggest you to do a clean format first and then install any antivirus of spyware which you think could block it. But the best solution is to clean format the computer.
Just do these two things:

1) Change the FTP or root password of server
2) Clean and format the PC

Things to do

• Always backup your files to local hard drive. (saves you a lot of pain)
• Keep your antivirus up to date.
• Use password generator and change password often and don’t use the same password for all sites
• Keep password secure

I use Roboform and Pareto antivirus to keep me up to date and I still got hacked! Got to step up my security.

I know I have written about this topic many times before. A story I read today reminded me not to take this subject lightly.

I was just now reading a blogger’s post about ” How he fell for a phishing attack and the response or no response from Google.

Mark Gosh is a blogger and has a community in Orkut with a following of 25k. He fell for a phishing attack and his profile was taken over by the hackers. He also uses Gmail to store a lot of stuff. (Don’t ask me why people do this kind of silly stuff – really!) He had the same login password for both (Duh!)
He changed his log in password for both his accounts. But the hackers managed to play hell with his Orkut community. Here is why it was happening.
“The Orkut application stores cookies in such a way that if your cookie is ever recreated by someone else or transmitted to someone else, they can use that cookie to log in to Orkut as you. forever. No matter how you change your credentials, you have no recourse of regaining control. So if you ever get caught in a phishing scam that sends your password to someone else and they recreate your orkut_state cookie, they can login as you forever.”

He states that is spite of ringing,emailing Orkut help and Google he got no where. Looks like Google does not want to know about him. What do you do? I personally feel he got himself into this mess.

The most important rule of online activity is not to have a common login password. That way you can cut your losses if something like this happens. Have long difficult passwords and keep changing them often. This can be a tedious job if you do it manually.

I use Roboform to generate random passwords for me in a second.
But it is also sad that big companies do not care about you when you get into a kind of soup. In the past I have had some troubles with Google and no they did not want to know about me.

Continuing from my post yesterday, the hacking problem has been resolved by Hostagator. This is one of the reasons I love Hostgator. They are so quick to resolve problems.

There were two spamming scripts installed on the website server. Even after deleting all the files these spamming scripts could not be deleted. It was finally deleted by Hostgator after a few emails back and forth.

I have been recommending Roboform in couple of posts. There a free version and a Pro version. The Pro version has more functions and I purchased it couple of months. I did try the free version before I purchased.

image by Declan TM

I have changed the passwords of all my sites after this experience.  Just to be on the safe side. I will be paying special attention to online security from now on.  If this had not been detected and fixed the domain could have been de listed. Then it is a bit of a time & process to get it listed again. I would not want this to happen to a large site that produces income for me.

I wrote a post about password security yesterday. The importance of having a strong password. Today I get an email from Hostgator my hosting company which says one of my sites is sending out more than 500 emails an hour and they have suspended that account! And I thought I had a strong password. The domain does not have much in it. I have used it in the past to experiment some content management systems.

This was a bit of a shock. What did I do?

• I deleted all the files on the server
• I uninstalled the CMS
• Deleted all email addresses
• Pointed the domain to my domain registrar, Godaddy

That was easy as it was not a domain with a large website. I also contacted Hostgator to identify the security breach and keep me in the loop. The email samples they sent me was definetley spam.

If after all these precautions my domain was hacked into, imagine what can happen if you have a weak password. Please take this seriously and change your passwords to really strong one. Get a software like

Roboform to generate your passwords and change them often to save yourself a lot of trouble.