Back Online For Now
byI wanted to write a post to address the recent attacks on Miss604.com. These weren’t your regular spam or virus attacks, these were mighty serious. There wasn’t much I could have done to prevent these, or to get my site back online, but by detecting vulnerabilities or even the attack early, you have a better chance at a speedy recovery.
Malware Attack
Almost two weeks ago now my site was attacked with malware. Malware or malicious software can be anything from an uploaded image file to code that someone hacked into your server to paste into a file.
What was happening
When you would Google my site, results for Miss604.com did not come up with the proper titles. Instead, all results in Bing and Google were showing up with spam ads. This was an attack that only targeted Google meaning it’s soul purpose was to attack my search engine rankings. With about 50% of my traffic coming from people Googling things like “Easter Activities in Vancouver” I noticed the slow in traffic right away. Thanks to several concerned readers who discovered the search engine issue, we worked for about 2 days to clean up all files on Miss604.com.
Update: This post explains the attack on WordPress sites as well.
What to do
Immediately change all your passwords, from your WordPress admin password to your FTP and database. We found this site to be useful in terms of getting things cleaned up. Look for malicious code or images with funky names on your server as well as they would be the source of the code. Install a fresh version of WordPress and all your plugins. Re-install your theme after you’ve combed through its files — or install a new theme in the interim.
Recovering
Setup your site with Google Webmaster Tools and when you believe you’re all cleaned up, re-submit your site to Google. All you can do after that is wait it out to see if your rankings improve and the results get cleaned up.
dDOS Attack
While the malware only affected my search engine results, the dDOS attack that happened April 1st was no joke. In the past these types of attacks have been used to take down banks, search engines themselves, and even Twitter.com was a target last year. Why they would target my blog, I haven’t the foggiest. When my host saw this happening they took down my site as a preventative measure.
What was happening
Thousands of computers were all trying to go to Miss604.com at the same time. So many, so often and so quickly that my site caused my server to “fall over” toppling other sites on my host to do the same. It simply couldn’t handle the onslaught of requests. To stop the attack, my host took my site down thinking if the attackers can’t get to it, they’ll stop.
The attackers are zombie computers, again – no joke. These are computers that become infected with a virus, maybe like the one you would open up in an email attachment. The puppetmaster if you will then calls upon all their zombie computers who are still carrying the virus and these are the computers that are used to attack sites. This wasn’t someone getting into my server or stealing my password, this was a full frontal attack on Miss604.com.
Recovering
As I mentioned, my host took down my site as a preventative measure. Sometimes if the attack is only coming from one location they can block that location from hitting the site. However in this case, they spotted hits from Moscow, Ohio, Utah and beyond meaning they had no way to ban one user — there were just so many.
Protect yourself
I am very fortunate to have such loyal and dedicated readers. I received phone calls, texts, emails and direct messages about my site as soon as people saw something wrong. I was able to immediately kick into action and see what happening and get a diagnosis from my site’s host.
I would also highly recommend installing a WordPress Database Backup plugin. The dDOS attack didn’t hurt my content and I still had my latest daily backup available. Worst case scenario, I could have taken my thousands of posts and imported them on a new site.
As for the malware, it may sound narcissistic but Google yourself every day. Go to Google and type in site:yoursite.com to see what results come up. It should display a list of your posts and pages that will help you spot the malware spam right away if you’re infected.
Thank you
I don’t know if the attack is done for good or if this uptime is temporarily. Regardless, I want to sincerely thank every Miss604 reader (from the blog, Twitter or otherwise) for their support. Over the last two weeks I’ve had sleepless nights and plenty of tears over the loss and attack on my work. I write online because I’m passionate about sharing information about the West Coast and it’s just what I love to do – I am a blogger.
Thank you to everyone who recognizes this and supports my work — whether by leaving a comment, sending me a personal note, tweeting, or just visiting whenever they can. I am overwhelmed by how much this city cares and I promise to do my best to keep writing interesting, informative, and helpful content for the community.
22 Comments — Comments Are Closed
Sorry this had to happen to you Rebecca. Hopefully you’re out of the woods and can blog full steam ahead without things like this happening again!
Nice to see Miss604 back!
Glad you’re back at it! 🙂
Kristi
Good to see you bounce back so quickly … and STRONGER! Looking forward to more posts from you. I enjoy the posts where you had pix of Vancouver of yesteryears vs today.
Ben
That totally sucks that someone would do this to you. I’m sorry you had to deal with this and I too am hoping that it’s all over now! And thanks for sharing this info on what these are attacks are and how to deal with them. Though my blog is pretty small potatoes, it has been hacked twice so it’s always good to know what the risks are out there and what to do if they happen.
Glad to see your back, stronger then ever I hope.
Rebecca,
Thank you for the link. Some time your risk your database which powers your WordPress to be hacked as well. There is a plugin called WP Database Backup – you can find it in the repository. This plugin can do a daily MySQL back up and e-mail it to you on daily basis. So if you know approximately the date your blog was hacked, you can restore your entire database minus the posts that were published after the hack took place.
Again thank you for the link.
Wow. That sucks. Who in the world would want to do that to someone who is merely sharing information? I only have about 6 or 7 people a day going to my site so I highly doubt I’ll have to face things like this anytime soon 🙂
One would think that, if they lived in the area, they would actually want the economy to pick up and more knowledge to get out of the beauty that is BC so people can actually have an outlet to go to to get information and decide to go to some particular event. Attacking other sites that support the same thing is foolish. Instead of attacking one would think they would want to join forces in a sort of network with links to all sites and blogs.
You can’t take this personally — I have a website that I only use for “personal use” — can’t even find it on google search — it was attacked from africa, and used for a phishing attack on HSBC customers in China — it was only by coincidence that I even discovered this, I downloaded a file from my website, and it took forever… My ISP figures that somehow my account was compromised — probably when I accessed it from an internet cafe.
There are miscreants out there just attacking whatever domain they can, just to get free hosting (even if briefly) for their malware.
Bottom line is anybody with a domain should change their password and check for miscreant files on their server regularly.
@Vlad Yes, I mention that plugin in the post already, I use it daily. Cheers!
Really good explanation on how the DDOS works (I was explaining it after the SMCYVR meeting, pity I didn’t think to use a picture).
I agree that you need to keep on top of malware, Keeping secure, clean, backups of your theme, database, and uploads (as you know) is essential, everything else isn’t important (fresh copies can be pulled).
For DB backups I’ve switched to this plugin http://wordpress.org/extend/plugins/wp-dbmanager/ from GaMerZ, it has some nice bells and whistles you’ll appreciate (like table repair and optimize built in).
And I still can’t think of for the life of me who you could have pissed off so much to launch a DDOS on you…glad you’re back.
Oh and to clarify the search for malware also search “miss604.com” (without the site:) as well also adding like miss604.com pharmacy will bring up tell-tale hints too (if you’re infected).
Welcome back! Here’s hoping for only sunny skies from now on.
It completely sucks that this happened to you, especially given the timing with the book. At least on the plus side, you were prepared with your daily backups, knowledgeable friends, and everyone/everything that helped you recover so quick!
That should certainly be a lesson for everyone else – in addition to learning about malware and knowing how to protect yourself from it, a good backup system is a must for everyone doing any sort of publishing online!
Beck, I’m glad you recovered your site!
Glad it all worked out! @TiaSparkles
Impressive recovery time! Really glad that you’ve got things back rolling and used this as a positive way to educate people about protection and recovery. Great stuff – although this was a terrible thing to have happened!
I’m really glad your site is back and you recovered so quickly. We’ll have to have lunch sometime soon. Many hugs, lots of love and positive energy. And yay for Muse! I. Love. Them.
That’s crazy stuff Rebecca! I just found your site in February while I was looking for things to do for the Olympics. I also enjoy keeping up with all the local things that go on in Vancouver now that I’m livng on the Island. Chin up girl! They’ll never silence Miss 604!!!
Glad to have you back!
Really sucks that you’ve had to go through this Rebecca – and very glad to see you back up and running again.
I’d just add a PS for other people reading this that this is not a typical site hack. DDOS attacks are aimed at high profile accounts. For people with smaller sites, the hacker usually wants to HIDE the fact that you’ve been hacked rather than to take your site down (because they want to use you to host their malicious scripts). So take care with your passwords, keep your software updated and never login to anything over an unencrypted wireless link (eg a coffee shop) unless the webpage is secure.
Wow. I completely empathize. This happened to me about a year ago. It was heartbreaking. Glad to see you got things sorted out.
Glad to see you up again!