The Hack
Last Sunday, I spent the day out and did not get a chance to get on my computer til late in the day. My websites were hacked. The hack happened when someone, somewhere seemed to have uploaded malicious files to my website. From what I have been able to learn, I do not believe that this was just my websites. There were others who had the same thing happen, luckily some were not as bad as mine.
When I tried to access my websites, I noticed they were both down. I logged into my hosting company and when I went to support I noticed a ticket had been opened already, all it said was Malicious Files. Their phone lines were tied up so I used the standby of online chat to get some help. The representative ran a program that would run through all of my files, and delete anything that had been corrupted with the malicious files. I was advised that once that was done, the hosting company would scan my files and then reinstate my websites. I was glad because this meant all should be good come Monday morning.
But, that was not the case. By 11 am central time my websites were still down. I called my host, and sat on hold for a very long time. When I finally got through the gentleman told me he would run the final scan and get them up and running. But, as I logged into my host again. I noticed that this website and disappeared from my list of active websites. I was frantic, all my work!!! How would I recreate everything?
Well, calmer heads prevailed and I remember that I do an automatic backup, once a month. So, if I lost anything it would really just be two weeks of work. Not too bad in the grand scheme of things. But still, it is bad enough. Who wants to lose any of their work. Then I got to thinking and remembered that a year or so ago when I was having problems with a plug-in I had set up for my host to back up my website as well. Daily back ups to be exact! Woo Hoo! I should be able to get everything restored.
So, as I continued my conversation with the gentleman and was going over my missing website, he said that he could see the website on his end and would get it up and running once the scan was over. That at the most it should take an hour.
About 45 minutes later my travel blog was up and so was my old genealogy website that I have not taken down. This website however was still nowhere to be seen. Again, I called my host and they put me through to the WordPress team. The hold time was crazy long (another clue that the hack was on their end, I have never waited this long in the three years they have been hosting my websites). But, I got a very nice young woman on the phone who worked with another person above her in technical skills and they got my website back up and running.
In the end, I only have one real problem. The plug-in JetPack, which I use for statistics and few other things, does not work. I did reach out to my host and they cannot help because the JetPack files are filled with malicious files (for this website only). My travel blog JetPack works fine.
So, what did I learn out of this? Great question, I learned:
- I need to back up on my end more often.
- Everyone needs to make sure they are backing up through their host as well.
- Do not be so accustomed to using one plug-in for one certain thing. There are others that can do the same thing for you.
- It pays to know a bit about the back-end of how hosting works. (I admit I could definitely learn more).