Hacker Demanded iPhone After Molesting My WordPress Site (…and What I Did)
(what the hacking dude told me... damn)
"That son of a b*tch!"
Forgive my French, but that was all I could say when a dude hacked this very site you’re reading
It was one ordinary day - August 20’ish of 2013
I woke up, connected to the internet… and boom!
Somebody molested my website, making it look like this:
Forgive my French, but that was all I could say when a dude hacked this very site you’re reading
It was one ordinary day - August 20’ish of 2013
I woke up, connected to the internet… and boom!
Somebody molested my website, making it look like this:
(there are a couple more "defacements", but these are the screenshots I was able to get)
Of course I was shocked! I did not know what to do
My eldest daughter was just about 2mos old at that time…
…a time when I was cranky from having less sleep because of the baby
I wanted to find a solution online but I did not know where to start – I’m a nurse for crying out loud
Anyway, after hours and hours of snooping around, I was able to trace the guy who “I suspect” hacked me, at Facebook
(I can’t remember how I did it – but my guess is, I just searched for the name he left in front of my website… no heavy science or IT shit)
So, I contacted him, and the conversation went something like this (notice the time stamps):
My eldest daughter was just about 2mos old at that time…
…a time when I was cranky from having less sleep because of the baby
I wanted to find a solution online but I did not know where to start – I’m a nurse for crying out loud
Anyway, after hours and hours of snooping around, I was able to trace the guy who “I suspect” hacked me, at Facebook
(I can’t remember how I did it – but my guess is, I just searched for the name he left in front of my website… no heavy science or IT shit)
So, I contacted him, and the conversation went something like this (notice the time stamps):
(ok, I know... that was a pathetic conversation starter hahaha)
By that time, I was able to figure out how to at least get the “defacement” off my site...
(trust me, it took a lot of time – research, trial and error, PAIN)
BUT… it was a back and forth battle
I would fix it, then the “defacement” comes back again within a day
It was a nightmare, as I was doing the fix manually
He hasn't answered back yet
It continued a few days more until I contacted him again:
(trust me, it took a lot of time – research, trial and error, PAIN)
BUT… it was a back and forth battle
I would fix it, then the “defacement” comes back again within a day
It was a nightmare, as I was doing the fix manually
He hasn't answered back yet
It continued a few days more until I contacted him again:
And we conversed some more...
And at 2:28am of August 29...
All I could reply to end our conversation was:
All I could reply to end our conversation was:
But of course… Hurricane Dexter would NOT give up without a fight
(…I could just imagine now how exhausted I was at that time)
We continued the back and forth “fix-deface” cat and mouse run… and he even got some of this hacking friends to tag along
(…I could just imagine now how exhausted I was at that time)
We continued the back and forth “fix-deface” cat and mouse run… and he even got some of this hacking friends to tag along
(only screen shot I could recover, but I'm sure there were more of them)
My wife could only laugh and describe those guys as bullies...
(yep… online bullies, bullying me… but I got to hand it to them, they got brilliant minds lol)
After a few days, I felt we were going nowhere – so I decided to pull the plug
I transferred my website to another host
I just salvaged parts of my site that I could, and then moved on
One thing for certain:
I do not wish to get hacked again
And I don’t want my clients or friends to get hacked either
From there, I’ve been more particular about...
WordPress website security – at least, the very basics like:
#1. Do NOT use “admin” as a login username and have a stronger password (combination of lower and upper case letters + numbers + symbols)
#2. Keep your plugins and themes updated
#3. Host your site on a good one (here’s an affiliate link to one of the hosts I use: http://imgrowbox.com/tunedhosting)
#4. Keep regular backups of your site (there are free WordPress plugins for those – I use UpdraftPlus)
#5. Use security plugins – I used the free one called “WordFence” and it has kept me safe ‘till now
Recently though, I heard that some of the top security plugins (even my favourite WordFence) failed to protect a “test-site” from an exploit
(yep… online bullies, bullying me… but I got to hand it to them, they got brilliant minds lol)
After a few days, I felt we were going nowhere – so I decided to pull the plug
I transferred my website to another host
I just salvaged parts of my site that I could, and then moved on
One thing for certain:
I do not wish to get hacked again
And I don’t want my clients or friends to get hacked either
From there, I’ve been more particular about...
WordPress website security – at least, the very basics like:
#1. Do NOT use “admin” as a login username and have a stronger password (combination of lower and upper case letters + numbers + symbols)
#2. Keep your plugins and themes updated
#3. Host your site on a good one (here’s an affiliate link to one of the hosts I use: http://imgrowbox.com/tunedhosting)
#4. Keep regular backups of your site (there are free WordPress plugins for those – I use UpdraftPlus)
#5. Use security plugins – I used the free one called “WordFence” and it has kept me safe ‘till now
Recently though, I heard that some of the top security plugins (even my favourite WordFence) failed to protect a “test-site” from an exploit
Luckily, another plugin came out that solves those extra WordPress security problems...
It’s a paid one though, and you can find it here: http://imgrowhouse.com/siteguardian
(Yes, I bought it and installed it on my sites... and yes, I suggest you do the same)
Thank you for your continued support to my blog by getting it thru my affiliate link here
I wish you learned from this post, and most importantly, a safe site to you
Cheers!
It’s a paid one though, and you can find it here: http://imgrowhouse.com/siteguardian
(Yes, I bought it and installed it on my sites... and yes, I suggest you do the same)
Thank you for your continued support to my blog by getting it thru my affiliate link here
I wish you learned from this post, and most importantly, a safe site to you
Cheers!
from way up high
Philippines’ City of Pines
Philippines’ City of Pines
Hey there buddy, care to share what's on your mind?
Dexter Paglinawan
Hi, Dexter here (in-house crazy copywriter, terrible proofreader)... and I'm here to make your entrepreneur life easier and better. You and I are going to do this by implementing "Auto-Smash Strategy" (our proprietary marketing blueprint) in your campaigns. When not creating high-impact materials, and not teaching life changing ideas, you can find me busy with my family... playing guitar, video games, and having fun with my little daughters. Get you free copy of "SELLMORE" eMagazine (10 Strategies to Better Ads - $47 value) for free today at www.dexterpaglinawan.com/sellmore
Pingback:Dexter Paglinawan Blog Hacker Demanded iPhone After Molesting My WordPress Site