Our Site Got Hacked!
How I fixed it and added prevention to the site.
How I fixed it and added prevention to the site.
It’s the nightmare of all website admins, the takedown type of site hack. Today I experienced this form of digital assualt first hand like I’ve never seen it before in my 10+ years of web development and 8 years of WordPress development.
What I saw on our website today was a complete gut of all content and database and a replacement of the index file with the 404 error file. This was a very interesting hack compared to most hacks that are brutal force and done by software (robots) that was written by some squirelly hacker.
No, this was quite different. This was deliberate and manual and straight-up brutal. All of the content was deleted, hundreds and hundreds of pages. All that was there was 404 error. The search engine Google took notice and all rankings had dropped from prime top listing to lost in second page. This was very disconcerting for a company like SkyPoint Studios, who prides itself in ranking #1 in it’s keywords on Google and other search engines. Of course, we have backups and the site was up within minutes of discovering it was hacked. We’ll be right back up on the rankings and be putting forth plenty of ammunitution to get back all rankings. (Update: All Google rankings returned to #1 the next day)
Also, investigation has started into who hacked the site and where they are located. Sidenote on persuing such actions yourself with your host company should you come across this exact situation, get a letter from your attorney first requesting the access logs to the website during the specified time that the hack occurred. Without an attornies request, companies like GoDaddy will not turn over such logs, the type of logs that could lead to determining if competitive foul play is afoot or if some random webbot from some god-forsaken land hacks from a small commune of web scum, hellbent on leaching resources from the good citizens of the web, like ourselves whose aim is to provide havens for information on specific subjects. Ours happens to be web design and web security, so when our site went down and was hacked so epically, it only made sense that once the dust had settled and we had taken the appropriate steps to up security across the board, that I would pen a blog post to discuss this horror.
All things considered, things could have been much worse for us. Let this be a warning to all site owners, make sure you have good backups, strong security product and an idea of how often the software that runs your website is updated. You cannot prevent all threats (hence this situation I just experienced), but you can make it much, much easier to recover after an attack. With big companies like Experian and Target getting hacked these days on the regular, it would do good to take heed and invest in several security products to protect your online investments or in other words, your digital real estate. One important product to consider for protecting your valuable data from hackers is website insurance.
Have a question about how we solved our hacking dilemma and what we did to double-down on security for the future? Hit me up in the comments or call 406-208-8733 to discuss it with me in person.