Back Online For Now

Comments 22 by Rebecca Bollwitt

I wanted to write a post to address the recent attacks on Miss604.com. These weren’t your regular spam or virus attacks, these were mighty serious. There wasn’t much I could have done to prevent these, or to get my site back online, but by detecting vulnerabilities or even the attack early, you have a better chance at a speedy recovery.

Malware Attack
Almost two weeks ago now my site was attacked with malware. Malware or malicious software can be anything from an uploaded image file to code that someone hacked into your server to paste into a file.

What was happening
When you would Google my site, results for Miss604.com did not come up with the proper titles. Instead, all results in Bing and Google were showing up with spam ads. This was an attack that only targeted Google meaning it’s soul purpose was to attack my search engine rankings. With about 50% of my traffic coming from people Googling things like “Easter Activities in Vancouver” I noticed the slow in traffic right away. Thanks to several concerned readers who discovered the search engine issue, we worked for about 2 days to clean up all files on Miss604.com.
Update: This post explains the attack on WordPress sites as well.

What to do
Immediately change all your passwords, from your WordPress admin password to your FTP and database. We found this site to be useful in terms of getting things cleaned up. Look for malicious code or images with funky names on your server as well as they would be the source of the code. Install a fresh version of WordPress and all your plugins. Re-install your theme after you’ve combed through its files — or install a new theme in the interim.

Recovering
Setup your site with Google Webmaster Tools and when you believe you’re all cleaned up, re-submit your site to Google. All you can do after that is wait it out to see if your rankings improve and the results get cleaned up.

dDOS Attack
While the malware only affected my search engine results, the dDOS attack that happened April 1st was no joke. In the past these types of attacks have been used to take down banks, search engines themselves, and even Twitter.com was a target last year. Why they would target my blog, I haven’t the foggiest. When my host saw this happening they took down my site as a preventative measure.

What was happening
Thousands of computers were all trying to go to Miss604.com at the same time. So many, so often and so quickly that my site caused my server to “fall over” toppling other sites on my host to do the same. It simply couldn’t handle the onslaught of requests. To stop the attack, my host took my site down thinking if the attackers can’t get to it, they’ll stop.

The attackers are zombie computers, again – no joke. These are computers that become infected with a virus, maybe like the one you would open up in an email attachment. The puppetmaster if you will then calls upon all their zombie computers who are still carrying the virus and these are the computers that are used to attack sites. This wasn’t someone getting into my server or stealing my password, this was a full frontal attack on Miss604.com.

Recovering
As I mentioned, my host took down my site as a preventative measure. Sometimes if the attack is only coming from one location they can block that location from hitting the site. However in this case, they spotted hits from Moscow, Ohio, Utah and beyond meaning they had no way to ban one user — there were just so many.

Protect yourself
I am very fortunate to have such loyal and dedicated readers. I received phone calls, texts, emails and direct messages about my site as soon as people saw something wrong. I was able to immediately kick into action and see what happening and get a diagnosis from my site’s host.

I would also highly recommend installing a WordPress Database Backup plugin. The dDOS attack didn’t hurt my content and I still had my latest daily backup available. Worst case scenario, I could have taken my thousands of posts and imported them on a new site.

As for the malware, it may sound narcissistic but Google yourself every day. Go to Google and type in site:yoursite.com to see what results come up. It should display a list of your posts and pages that will help you spot the malware spam right away if you’re infected.

Thank you
I don’t know if the attack is done for good or if this uptime is temporarily. Regardless, I want to sincerely thank every Miss604 reader (from the blog, Twitter or otherwise) for their support. Over the last two weeks I’ve had sleepless nights and plenty of tears over the loss and attack on my work. I write online because I’m passionate about sharing information about the West Coast and it’s just what I love to do – I am a blogger.

Thank you to everyone who recognizes this and supports my work — whether by leaving a comment, sending me a personal note, tweeting, or just visiting whenever they can. I am overwhelmed by how much this city cares and I promise to do my best to keep writing interesting, informative, and helpful content for the community.

Current Contests on Miss604
*All contests are open to residents of Canada only, unless otherwise stated. Contest timelines are published on each individual post along with entry methods. Some contests may only be open to those 19 years of age and older. Winners are announced on the contest blog posts. Contest policy »

22 Comments  —  Comments Are Closed

  1. RichardSaturday, April 3rd, 2010 — 10:47am PDT

    Sorry this had to happen to you Rebecca. Hopefully you’re out of the woods and can blog full steam ahead without things like this happening again!

    Nice to see Miss604 back!

  2. Kristi FergusonSaturday, April 3rd, 2010 — 10:52am PDT

    Glad you’re back at it! 🙂

    Kristi

  3. BenSaturday, April 3rd, 2010 — 10:55am PDT

    Good to see you bounce back so quickly … and STRONGER! Looking forward to more posts from you. I enjoy the posts where you had pix of Vancouver of yesteryears vs today.
    Ben

  4. BethSaturday, April 3rd, 2010 — 11:09am PDT

    That totally sucks that someone would do this to you. I’m sorry you had to deal with this and I too am hoping that it’s all over now! And thanks for sharing this info on what these are attacks are and how to deal with them. Though my blog is pretty small potatoes, it has been hacked twice so it’s always good to know what the risks are out there and what to do if they happen.

  5. Martica JSaturday, April 3rd, 2010 — 11:37am PDT

    Glad to see your back, stronger then ever I hope.

  6. VladSaturday, April 3rd, 2010 — 11:50am PDT

    Rebecca,

    Thank you for the link. Some time your risk your database which powers your WordPress to be hacked as well. There is a plugin called WP Database Backup – you can find it in the repository. This plugin can do a daily MySQL back up and e-mail it to you on daily basis. So if you know approximately the date your blog was hacked, you can restore your entire database minus the posts that were published after the hack took place.

    Again thank you for the link.

  7. JeffSaturday, April 3rd, 2010 — 12:27pm PDT

    Wow. That sucks. Who in the world would want to do that to someone who is merely sharing information? I only have about 6 or 7 people a day going to my site so I highly doubt I’ll have to face things like this anytime soon 🙂

    One would think that, if they lived in the area, they would actually want the economy to pick up and more knowledge to get out of the beauty that is BC so people can actually have an outlet to go to to get information and decide to go to some particular event. Attacking other sites that support the same thing is foolish. Instead of attacking one would think they would want to join forces in a sort of network with links to all sites and blogs.

  8. peterSaturday, April 3rd, 2010 — 12:32pm PDT

    You can’t take this personally — I have a website that I only use for “personal use” — can’t even find it on google search — it was attacked from africa, and used for a phishing attack on HSBC customers in China — it was only by coincidence that I even discovered this, I downloaded a file from my website, and it took forever… My ISP figures that somehow my account was compromised — probably when I accessed it from an internet cafe.

    There are miscreants out there just attacking whatever domain they can, just to get free hosting (even if briefly) for their malware.

    Bottom line is anybody with a domain should change their password and check for miscreant files on their server regularly.

  9. Miss604Saturday, April 3rd, 2010 — 12:52pm PDT

    @Vlad Yes, I mention that plugin in the post already, I use it daily. Cheers!

  10. Tris HusseySaturday, April 3rd, 2010 — 1:41pm PDT

    Really good explanation on how the DDOS works (I was explaining it after the SMCYVR meeting, pity I didn’t think to use a picture).

    I agree that you need to keep on top of malware, Keeping secure, clean, backups of your theme, database, and uploads (as you know) is essential, everything else isn’t important (fresh copies can be pulled).

    For DB backups I’ve switched to this plugin http://wordpress.org/extend/plugins/wp-dbmanager/ from GaMerZ, it has some nice bells and whistles you’ll appreciate (like table repair and optimize built in).

    And I still can’t think of for the life of me who you could have pissed off so much to launch a DDOS on you…glad you’re back.

  11. Tris HusseySaturday, April 3rd, 2010 — 1:44pm PDT

    Oh and to clarify the search for malware also search “miss604.com” (without the site:) as well also adding like miss604.com pharmacy will bring up tell-tale hints too (if you’re infected).

  12. monalisaSaturday, April 3rd, 2010 — 1:48pm PDT

    Welcome back! Here’s hoping for only sunny skies from now on.

  13. rboSaturday, April 3rd, 2010 — 1:59pm PDT

    It completely sucks that this happened to you, especially given the timing with the book. At least on the plus side, you were prepared with your daily backups, knowledgeable friends, and everyone/everything that helped you recover so quick!

    That should certainly be a lesson for everyone else – in addition to learning about malware and knowing how to protect yourself from it, a good backup system is a must for everyone doing any sort of publishing online!

  14. fotoeinsSaturday, April 3rd, 2010 — 2:31pm PDT

    Beck, I’m glad you recovered your site!

  15. Tia SinghSaturday, April 3rd, 2010 — 4:27pm PDT

    Glad it all worked out! @TiaSparkles

  16. ColeSunday, April 4th, 2010 — 9:13am PDT

    Impressive recovery time! Really glad that you’ve got things back rolling and used this as a positive way to educate people about protection and recovery. Great stuff – although this was a terrible thing to have happened!

  17. RaulSunday, April 4th, 2010 — 10:59am PDT

    I’m really glad your site is back and you recovered so quickly. We’ll have to have lunch sometime soon. Many hugs, lots of love and positive energy. And yay for Muse! I. Love. Them.

  18. MargaretSunday, April 4th, 2010 — 10:09pm PDT

    That’s crazy stuff Rebecca! I just found your site in February while I was looking for things to do for the Olympics. I also enjoy keeping up with all the local things that go on in Vancouver now that I’m livng on the Island. Chin up girl! They’ll never silence Miss 604!!!

  19. NicoleSunday, April 4th, 2010 — 10:37pm PDT

    Glad to have you back!

  20. Jon JenningsMonday, April 5th, 2010 — 1:01am PDT

    Really sucks that you’ve had to go through this Rebecca – and very glad to see you back up and running again.

    I’d just add a PS for other people reading this that this is not a typical site hack. DDOS attacks are aimed at high profile accounts. For people with smaller sites, the hacker usually wants to HIDE the fact that you’ve been hacked rather than to take your site down (because they want to use you to host their malicious scripts). So take care with your passwords, keep your software updated and never login to anything over an unencrypted wireless link (eg a coffee shop) unless the webpage is secure.

  21. lizTuesday, April 6th, 2010 — 9:02am PDT

    Wow. I completely empathize. This happened to me about a year ago. It was heartbreaking. Glad to see you got things sorted out.

  22. ShermanTuesday, April 6th, 2010 — 4:40pm PDT

    Glad to see you up again!

Also on Miss604.com
«
»