Saturday, November 19, 2011

Three hacks later...

It's not just my client sites that have gone berserk this month. A hacker infiltrated my own website and set it up to be a phishing site, sending out thousands of emails to encourage people to click on a fake bank site and key in their username and password.

This was on the 7th. I found out about it when my ISP shut my site down. I changed passwords, deleted what I thought were all the hacker files and thought all would be well.

It happened again on the 10th. I found more files in a different location, got rid of them and got my site reinstated after being closed twice in a week.

Yesterday I got a grumblegram from a major bank asking me to close my site as it was still sending out spam. Once again I delved into the deep recesses of FTP and found the latest, third batch of phishing files as well as, cunningly hidden several folders deep, the nasty little login form Mr Hacker had lodged in my site on the 7th. I copied them all to my hard drive and sent them to the bank at the bank's request in case their IT people could track the bastard down. Now all hacker files are off my server and my password is 23 characters long. I hope that's *it* for now. For ever, actually! I can't afford to lose business and it looks pretty crap if a website designer's site is down because it's been hacked LOL!

What's interesting is this: I checked my FTP logs to see if anyone else had logged into my site. Lo, there was someone on the 7th who'd got in whose IP address wasn't mine. I tracked the IP address to another ISP in Sydney, rang them, told them what had happened and they more or less denied responsibility, not willing to look up the IP address and take any action against the person using it. They did tell me they took security breaches very seriously. So did I, I said back. In the end they suggested someone had hacked into my WordPress site to deposit the files there but I believe it was the bastard who somehow got into my FTP files on the 7th. One of their customers. I'm now checking my logs on a daily basis too.

Has anyone else been hit by the hackers? Do you want to share your story and how you got rid of them?

No comments:

Post a Comment