I wanted to write a post to address the recent attacks on Miss604.com. These weren’t your regular spam or virus attacks, these were mighty serious. There wasn’t much I could have done to prevent these, or to get my site back online, but by detecting vulnerabilities or even the attack early, you have a better chance at a speedy recovery.
Almost two weeks ago now my site was attacked with malware. Malware or malicious software can be anything from an uploaded image file to code that someone hacked into your server to paste into a file.
What was happening
When you would Google my site, results for Miss604.com did not come up with the proper titles. Instead, all results in Bing and Google were showing up with spam ads. This was an attack that only targeted Google meaning it’s soul purpose was to attack my search engine rankings. With about 50% of my traffic coming from people Googling things like “Easter Activities in Vancouver” I noticed the slow in traffic right away. Thanks to several concerned readers who discovered the search engine issue, we worked for about 2 days to clean up all files on Miss604.com.
Update: This post explains the attack on WordPress sites as well.
What to do
Immediately change all your passwords, from your WordPress admin password to your FTP and database. We found this site to be useful in terms of getting things cleaned up. Look for malicious code or images with funky names on your server as well as they would be the source of the code. Install a fresh version of WordPress and all your plugins. Re-install your theme after you’ve combed through its files — or install a new theme in the interim.
Setup your site with Google Webmaster Tools and when you believe you’re all cleaned up, re-submit your site to Google. All you can do after that is wait it out to see if your rankings improve and the results get cleaned up.
While the malware only affected my search engine results, the dDOS attack that happened April 1st was no joke. In the past these types of attacks have been used to take down banks, search engines themselves, and even Twitter.com was a target last year. Why they would target my blog, I haven’t the foggiest. When my host saw this happening they took down my site as a preventative measure.
What was happening
Thousands of computers were all trying to go to Miss604.com at the same time. So many, so often and so quickly that my site caused my server to “fall over” toppling other sites on my host to do the same. It simply couldn’t handle the onslaught of requests. To stop the attack, my host took my site down thinking if the attackers can’t get to it, they’ll stop.
The attackers are zombie computers, again – no joke. These are computers that become infected with a virus, maybe like the one you would open up in an email attachment. The puppetmaster if you will then calls upon all their zombie computers who are still carrying the virus and these are the computers that are used to attack sites. This wasn’t someone getting into my server or stealing my password, this was a full frontal attack on Miss604.com.
As I mentioned, my host took down my site as a preventative measure. Sometimes if the attack is only coming from one location they can block that location from hitting the site. However in this case, they spotted hits from Moscow, Ohio, Utah and beyond meaning they had no way to ban one user — there were just so many.
I am very fortunate to have such loyal and dedicated readers. I received phone calls, texts, emails and direct messages about my site as soon as people saw something wrong. I was able to immediately kick into action and see what happening and get a diagnosis from my site’s host.
I would also highly recommend installing a WordPress Database Backup plugin. The dDOS attack didn’t hurt my content and I still had my latest daily backup available. Worst case scenario, I could have taken my thousands of posts and imported them on a new site.
As for the malware, it may sound narcissistic but Google yourself every day. Go to Google and type in site:yoursite.com to see what results come up. It should display a list of your posts and pages that will help you spot the malware spam right away if you’re infected.
I don’t know if the attack is done for good or if this uptime is temporarily. Regardless, I want to sincerely thank every Miss604 reader (from the blog, Twitter or otherwise) for their support. Over the last two weeks I’ve had sleepless nights and plenty of tears over the loss and attack on my work. I write online because I’m passionate about sharing information about the West Coast and it’s just what I love to do – I am a blogger.
Thank you to everyone who recognizes this and supports my work — whether by leaving a comment, sending me a personal note, tweeting, or just visiting whenever they can. I am overwhelmed by how much this city cares and I promise to do my best to keep writing interesting, informative, and helpful content for the community.