What happened? A genius programming hacker figured out the password to my ftp server because the one I had wasn't strong enough. After that, a script was run on the main directory of my server that found any javascript, xml, and php file where the script could input a line of php code at the top of each file. On my server we're talking hundreds of files getting changed against my will.Luckily in my case only the php code was compromised for whatever reason I do not know. This also jacked up my site because certain areas wouldn't work properly on top of the spam ads.
What did the php code do? It made pop ups come up on pretty much every page of my site to visitors all over the world. Pop ups aren't usually a bad thing, but these were labeled attack sites with malicious malware that could potentially spread viruses to many individual computers or steal information.
How did I fix it? First thing I did was updated my poorly thought out password and made it very random with numbers, special characters, upper and lower case letters, etc.. Thanks to the hosting Company I have, GoDaddy, they automatically make back ups of previous day's file structures. All I had to to was go back one day before the incident and restore the non corrupted files in each main directory. This worked like magic, but was still time consuming taking about half a day to complete. Doing the restore this way also ensured I didn't miss any hidden files in sub directories.
I also checked to make sure there weren't any extra files after the individual directory restores. Then I double checked to make sure there were no other users on my server.
What did I learn in this whole crappy experience? Passwords are pretty damn important. Make sure to properly strengthen all your passwords because they could be compromised otherwise. Also, if you use 3rd party open source code, which I do, make sure it is updated to its latest version. This wasn't a problem for me, but it could be for someone else.
Posts
0 comments:
Post a Comment