I often find that it’s difficult to get people who are not familiar with working online to appreciate the risks and effects of being hacked.
Recently the website of Jon Morrow, whose site I visit occasionally, was hacked. Luckily Google had spotted it and warned me before getting into the site that it had been compromised, so I didn’t get in and I didn’t suffer any problems myself.
However, Jon suffered a lot of problems as he explains in this email that he sent to his subscribers. I’ve quoted it below in full, with his permission, because it’s a graphic description of what can happen if your website is hacked.
Here’s his email:
1. Crap. The site has been hacked. I hope Jon is able to clear it up.
2. What the hell? Is this spam?
3. Oh my God. Is my computer infected?
All are perfectly justifiable reactions, and as one of my readers, you deserve an explanation. Here’s what happened:
Last Monday, August 6, Boost Blog Traffic was hacked.
It could’ve been an actual person. It could’ve been a computer program trolling the web for popular sites with vulnerability. At this point, I really don’t know, but I do know links to malware were inserted into one of my posts.
Google responded by blacklisting the entire site. Not only did they remove Boost Blog Traffic from the search engines, but they blocked anyone using their Chrome browser from visiting. Firefox, which also uses the Google blacklist database, also blocked any of its users from visiting.
Traffic dropped 80%. Hundreds of people unsubscribed from my mailing list. A lot of people wondered if the blog could still be trusted.
It was bad. VERY bad.
Thankfully, I’m a pretty technical dude, so I was able to remove the malware myself within a few hours of it happening, removing any danger to readers. The problem was I was still blacklisted by Google, even though the site was clean.
They wanted to know what happened. They wanted proof I fixed the problem. They wanted to know for sure readers were safe.
So I get to work making that happen.
A week later, it’s on its way to becoming one of the most secure sites on the web. I’ve spent more than 100 hours and thousands of dollars over the past week tightening security, and I can say this should never happen again.
Also, it’s important to know you were probably never in danger of getting malware yourself. Malware was only on the site for a very small amount of time, and the majority of the people who tried to visit the site were blocked. If you did manage to get through, you should have only been exposed to the malware if you clicked one of the links on the site taking you to other infected sites.
Still, it would be smart to do a virus scan on your computer if you’ve been on my site any time within the last week. I recommend a program called Malware Bytes. It doesn’t cost you a dime, and it will remove or catch just about anything. Most other virus software should also be fine.
If you were somehow infected, I sincerely apologize. You deserve better than a site infecting your computer.
I also apologize if you weren’t infected. As one of my readers, you deserve better than a big warning sign saying my site is risky.
Needless to say, I’ll be writing an article about this whole experience in the near future. I learned a ton about blog security, and the fact is, almost everyone is a lot more vulnerable than they think they are. Before this incident, I followed all the common security measures, and it STILL happened. So, I want to write a guide on exactly what bloggers should be doing to secure their blogs.
In the meantime, Boost Blog Traffic is now entirely clean, Google has removed it from the blacklist, and security has dramatically improved. Thank you so much for sticking with me until we could get things straightened out. I appreciate your loyalty.
If you’d like to read the article I published last Monday before this all happened, you can read it here:
The CSI Guide to Finding Killer Ideas
It’s a good one. Hope you enjoy it. 🙂
The application that Jon refers to, Malwarebytes, is a very good one – I have it installed on both my computers and I do full scans each week. (And that’s in addition to the full Internet Security application I have running).
Please don’t be under any illusion as to the dangers of being hacked. If your site is important to your business you need to be taking all the precautions you can.
Abledragon offers a technical support and maintenance service, part of which revolves around daily checks of your site and regular full-site backups, so that your site can be restored quickly if it is hacked or otherwise damaged at any time.