PSA: The Story of My Hacked Blog

by Kim on September 25, 2012 · 37 comments

Three months ago, Sophisticated Dorkiness was hacked… and I didn’t know it.

Someone, somewhere, managed to exploit a loophole in my website security and insert malware that took over the search results to this site, hijacking my traffic and putting my work at risk.

I’m writing this post because what happened to me and my site was likely preventable. Had I paid more attention to some early signs of a problem or taken basic website maintenance and security seriously, I probably wouldn’t be writing this post. I don’t want to scare anyone, but I think it’s important to share this information and remind other bloggers who self-host their sites to be vigilant.

Finding the Hack

First of all, I think it’s also important to mention that I am NOT an expert in website security or the intricacies of being hacked. I’m a hobby blogger that self-hosts this website. If you think your site has been hacked, DO NOT take this an expert advice or expect this post to offer a fix. This is just my personal experience and a few lessons learned.

My first clue that something was wrong with my site should have come several months ago when I noticed a steep drop in my traffic on Google Analytics. This is a look at my traffic, starting in April 2012:

As you can see, I had pretty regular traffic pattern (high traffic during the week, lower on the weekends) until about June. Then, traffic dropped of dramatically. I was a little concerned about this, but given the quirks that can come with analytics I figured it was just an error and ignored it. In hindsight, I’m pretty sure the drop in June is from when my site was hacked and all of traffic from search engines got diverted.

I finally realized I had a serious problem earlier this month when I went to do a Google search for my blog. This is what came up:

If you can’t read it, the image shows that the titles for many of my posts show up, but the text underneath is for an online drug store. When you clicked on the links, it took you to the pharmacy site… not my blog.

When I first discovered this issue, I didn’t know what to do and ignored it for a couple of days (bad decision). When finally took my head out of the sand, I got some help from my friend Erin, a Google ninja, to figure out what was going on. As we soon discovered, this type of website hack is common enough to have a name — the Pharma Hack – and it is viciously complicated.

Basically, the hackers find a way into your site and insert code that gives them a backdoor into your system, a backdoor into one or more of your plugins, and a backdoor into your database to hide the spam. You have to find and get rid of all three to have a hope of protecting your site. It’s also tricky because the hack doesn’t show up to you as the site administrator unless you are in the habit of searching for your site… which I’m not. Ugh.

When Erin and I figured out the hack, I went around and did my best to secure my blog following some of the recommendations I found online. And for awhile, it appeared that I did a decent job. If you look at my traffic again, you see a jump in September before it trails off again — I’d caught the hack, sort of, but it came back.

Fixing the Hack for Good, I Hope

At this point, I knew that I was in over my head. In my initial searching for fixes, I came across multiple sites that recommended an online security company that had helped them fix and secure their sites — Sucuri. It’s not exactly cheap (signing up with one site is $89.99 for one year), but so far I’m really, really pleased I made the investment.

Getting help is easy and quick. I signed up with the site Sunday morning, submitted a support ticket for the problem, and had an initial round of fixes by early afternoon. They also sent a link to instructions for how to better secure my site and offer a WordPress plugin to make it easy to see what is going on. I had a second malware incident Sunday afternoon, and that one was addressed within an hour. Since Sunday, Sucuri has also blocked my site from over 150 IP addresses that have tried to access my site. That’s scary.

Admittedly, I didn’t look into many other security websites, but I’m ok with that decision because Sucuri has some expertise dealing with this particular hack. I’m comfortable with the choice, but if you’re going to look into website security for the first time I’m sure there are other options.

Lessons I’ve Learned

Getting your website hacked is not fun, but I think on the whole this hack is probably on the minor side. My site never got blacklisted and I don’t think it caused problems outside killing my SEO ranking. But it also taught me some good lessons about website security that I’m working to implement going forward.

  1. Do not ignore announcements to make website updates. WordPress frequently comes out with small updates, and before this incident I was notoriously bad at making them in a timely manner. It’s possible my blog was hacked because I left a security loophole in WordPress installation or one of my plugins. This is often how hackers will get inside sites.
  2. Uninstall and delete plugins/files you don’t use. I like to experiment with plugins for WordPress, but normally don’t bother to update them or get rid of plugins I decide I don’t like. It’s also possible one of those plugins left my site vulnerable to an attack. I’ve since uninstalled plugins I don’t use and deleted old files on my FTP site that aren’t being used.
  3. Pick good passwords. My passwords were lazy, and I didn’t change them very often. Since getting my site fixed, I’ve changed every password related to the blog using a password generator. I enter most of them so infrequently anyway, I doubt it will be very annoying.
  4. Be vigilant. If you notice something weird, don’t ignore it. Sucuri also offers free website scans on their website, so you can check your site once in awhile to make sure nothing is wrong.
  5. Get some help if you feel over your head. Paying for the security service feels a little extravagant, but after my first attempt and fixing the problem failed I knew I was dealing with a problem beyond my expertise. Ultimately, I think the money will be a good investment in fixing the problem and teaching me how to secure my site better.

You can learn more about website security with these posts, which I highly recommend:

I guess in conclusion I’ll leave you with this this — website security is not a joke. Even if you’re a small scope blogger, there are basic steps you can take to protect the time and investment you’ve made in your website. Please, take a few minutes to secure your site before something frustrating and damaging happens.

{ 30 comments… read them below or add one }

Jeanne September 25, 2012 at 5:50 am

This is sobering. Glad you got it cleaned up, and that you shared the experience so we can all benefit!

Reply

Kim September 26, 2012 at 6:04 pm

I’m glad it’s cleaned up too. It took Sucuri almost no time to fix the problem, but they have infinitely more expertise than I do with these things. I hope this was a helpful post for other bloggers :)

Reply

bermudaonion(Kathy) September 25, 2012 at 6:03 am

Wow! I wouldn’t have thought too much of the drop in traffic because I typically experience a drop during the summer. I’m glad you were able to fix it!

Reply

Kim September 26, 2012 at 6:07 pm

I do too, which is one reason I didn’t think much of it. I’ve also had times when Google Analytics drops for unrelated reasons, and for awhile I assumed it was just a glitch.

Reply

Nicole September 25, 2012 at 8:24 am

Great information Kim. Thanks.

Reply

Vasilly September 25, 2012 at 9:38 am

How scary! Thanks for letting us know about this!

Reply

Trisha September 25, 2012 at 9:42 am

I have never even thought of being hacked. Wow. So crazy. Glad you got it sorted!

Reply

Kim September 26, 2012 at 6:08 pm

I didn’t either. I never would have thought my blog would be hacked. It seems to small, like no one would ever even notice.

Reply

Beth F September 25, 2012 at 10:43 am

Yikes. Thanks for the tips! So glad you found a solution.

Reply

Nikki September 25, 2012 at 11:53 am

Great advice — thanks for putting this together!

Reply

Jen - Devourer of Books September 25, 2012 at 1:31 pm

Sucuri isn’t cheap, but in my opinion they’re worth their weight in gold

Reply

Kim September 26, 2012 at 6:08 pm

Yes, definitely. They fixed this particular problem within hours — a problem I had no chance of fixing myself.

Reply

susan September 25, 2012 at 4:57 pm

Disturbing to hear. Thanks for the info.

Reply

Athira September 25, 2012 at 5:37 pm

Sorry that this happened to you. Sadly, this seems to be doing the rounds every few months. Thanks for sharing this info – that free scan via Sucuri was worth it.

Reply

Kim September 26, 2012 at 6:09 pm

It is comforting to see a clean website. This was the first time I’d heard of this particular hack, but from what I could tell it’s pretty common.

Reply

Jennifer September 26, 2012 at 9:43 am

Oh that stinks :( I’m glad you got it figured out and fixed! I didn’t even realize it was possible for this to happen.

Reply

Kim September 26, 2012 at 6:10 pm

I didn’t really think it was possible either, but apparently hackers are more devious than I am.

Reply

Jeane September 26, 2012 at 11:29 am

Awful this happened to you; good information to have so the rest of us can look out for it! glad you shared.

Reply

Trish September 28, 2012 at 5:28 am

Oh Kim! I’m so sorry that this happened to you but I’m glad you shared your story so that others can be aware as well. I didn’t even realize something like this could occur.

Reply

Kim October 3, 2012 at 8:09 pm

I didn’t either! This was a big lesson for me.

Reply

Stephanie September 28, 2012 at 12:18 pm

I am so sorry you went through this, Kim. And I really appreciate your hard work in putting together this post to help others.

Reply

Sherry September 28, 2012 at 7:47 pm

I’m dealing with this hack right now, and I don’t know what I’m going to do. I’m not sure I can afford to invest the $90.00 in Sucuri, but that seems to be about the only option for a non-techie like me. Thanks for sharing,Kim.

Reply

Kim October 3, 2012 at 8:27 am

Oh no, I’m so sorry Sherry. If you want to talk about it or brainstorm solutions, please do e-mail and I can share more details. I’m not sure there’s much more advice I can give, but I certainly can commiserate :)

Reply

Joy Weese Moll September 30, 2012 at 10:44 am

Thanks, again, for your PSA, Kim. I worked through it today as one of my Bloggiesta tasks: Web Site Security — A Bloggiesta Chore

Reply

Kim October 3, 2012 at 8:28 am

That’s awesome, Joy! I’m glad it was helpful.

Reply

maphead September 30, 2012 at 9:04 pm

Wow, I guess this explains why the Viagra I ordered through your blog never arrived at my mailbox.:) Just kidding. I’m very sorry your blog got hacked! Thanks for the very comprehensive PSA.

Reply

Kim October 3, 2012 at 8:28 am

LOL! This is my favorite comment of the week!

Reply

Katie @ Doing Dewey October 12, 2012 at 3:35 pm

Wow, what a scary experience! I’m glad you’ve got it worked out now :)

Reply

CJ at Food Stories January 4, 2013 at 12:42 pm

Great article – Thx so much for sharing with the rest of us :-)

Reply

Helene Dsouza I Masala Herb January 7, 2013 at 3:53 am

wow, that’s one crazy situation. As you said you were lucky that your page wasn’t blacklisted. Not that I have any experience in that field, but that would be my first fear!

Thank you for sharing the story!

Reply

Leave a Comment

Previous post:

Next post: