My website was hijacked!

artistry in bloom

New Member
Jul 24, 2007
369
544
0
Victoria
www.flowerartisan.com
State / Prov
British Columbia
I don't know if anyone else has ever had this happen but my website was hijacked.
I sometimes get emails from my webhosts advising when they are doing maintenance to their servers, etc which is usually in the middle of the night so I don't think much of it. I had a notice saying they were doing maintenance from 2am to 4am. This time it seems a hacker was able to get in from Indonesia during the time they were working on their servers.
I check my website daily but I do it from my "favourites" not realizing I am looking at an old version of my website. Now that this has happened I daily clear all temporary internet files so I can always see the current version.
When my website was hijacked what people would see was a creepy picture of a man dressed in a black robe with a black hood over his head and a message that said "this website has been hijacked by Indonesian Hacker 4287". I was horrified when I saw it. Not only was it spooky but nobody had access to my website.
My webhosts had it fixed within 20 minutes of my reporting it. They promised me they have fixed the problem and it will never happen again but they also told me to continue to check my website daily to make sure it doesn't happen again .In other words they really can't guarantee it will never happen again.
I had just paid for another years hosting and ssl certificate two days before this happened.Fortunately the hijacker didn't actually do anything to my website except put the picture on top of it so nobody could see it but I don't know how much business I lost because of it.
Anyway I thought I would just let you all know that there are creeps out there just waiting for the opportunity to arise to get in and hijack your websites just for the fun of it and to proove they can do it.

Dianne
 
You're right - it's impossible to guarantee it won't happen again. Often these hacks are made possible through brute force attacks where they guess your username and then keep trying machine generated passwords. This is why you need to have a non-word based password with a combination of upper and lower case letters and some numbers. Brute force attacks usually start with dictionary words, possibly mixed with numbers (ex: gerbera99).

Since links are so important to Google rankings, and link buying has become harder to do, it's becoming more common (and will continue to grow) to find sites hacked just to insert some links. In many respects you're lucky to have a blatant hack. Other link and pharma hacks can go undetected for ages - though your rankings may suffer.
 
Hi Ryan,
I thought I was being extra careful . I already have a nonword based password with upper and lower case letters and numbers mixed in and my username is a really unusual nickname my uncle gave me when I was a baby. It also isn't a real word but something he made up himself so how they could have figured that out is a mystery but obviously they have ways.
Is there anything else I can do to prevent this ? I was thinking it might have happened because I started blogging, started a facebook page, and do youtube videos now. Would that have anything to do with it or do you think it was just a random luck of the draw thing?
Anyway I will change my username and password again and continue to do my daily checks because I don't want anything freaky like that to happen again.
Thanks for the info . I had no idea it had anything to do with links. What is "pharma"?
Dianne
 
I had no idea that this could happen. Why would some one do it? Just for the challenge? Especially some little flower shop in Anytown, USA.
I mean, it must take some doing....what's in it for them?
JP
 
Hi Ryan,
I thought I was being extra careful . I already have a nonword based password with upper and lower case letters and numbers mixed in and my username is a really unusual nickname my uncle gave me when I was a baby. It also isn't a real word but something he made up himself so how they could have figured that out is a mystery but obviously they have ways.
Is there anything else I can do to prevent this ? I was thinking it might have happened because I started blogging, started a facebook page, and do youtube videos now. Would that have anything to do with it or do you think it was just a random luck of the draw thing?
Anyway I will change my username and password again and continue to do my daily checks because I don't want anything freaky like that to happen again.
Thanks for the info . I had no idea it had anything to do with links. What is "pharma"?
Dianne

Having a more active presence may have drawn some attention, but without knowing more details it's hard to say.

The fact that your webhost patched the issue so quickly makes me think the problem may have been a hack at the hosting level, not necessarily to your account.

The new reality is that we can't ask "if" our sites will be hacked, it's "how often" our sites will be hacked. That's why we need to be prepared and vigilant. :)

Oh - and "pharma" = pharmaceutical .... Viagra, Oxy, etc. Big money stuff, and very competitive therefore they often turn to hacking and blackhat stuff. It's been said that the new blackhat SEO is not cloaking or link buying, but actually hacking other sites for links.
 
Oh - and "pharma" = pharmaceutical .... Viagra, Oxy, etc. Big money stuff, and very competitive therefore they often turn to hacking and blackhat stuff. It's been said that the new blackhat SEO is not cloaking or link buying, but actually hacking other sites for links.

A whole list of people recieved an e-mail from a fellow Kiwanian. It came in as it usually would, with a woman's name in the subject line. When we opened it, it was a site for these different "pharms". He called all of us and told us he did not send the e-mail. Because I was the only woman who recieved it, I e-mailed back to him and said I didn't get the joke. None of the guys e-mailed because they were un-comfortable, and didn't know if it was a joke or not, wondering "why did he send that link to me?" lol.

That is why it's always best to email to lists with BCC, just never know who got your info and how they are going to use it.
 
Just a few weeks ago, my site was hacked . When you googled our shop, it was flagged as "malicious site..will harm your computer", and
this is what it said when you went to EVERY page of my site.
My webmaster spent lots of time looking for the script that was causing the problem and did find it and removed it. Then, we had
to ask google to review it and see if we can be in their good graces again. I am not sure of all the details
yet, but, it was hacked.
Interesting, that right after the attack, I got emails from people who could repair it for a fee.....like..hmmm...?