Wow…the bad guys really want to get in on the #Fitblog love, huh?
To set the scene:
- 2pm Tuesday: I check and confirm that the #Fitblog Chats on Twitter website is loading and has the updated information for that night’s moderator
- 2-9pm Tuesday: I tweet reminders about the chat and send people to the website to sign in
- 8:55pm Tuesday: I load the FBC site on my iPhone, just to make sure it’s OK and I get this:
Hmmm, I think. Must be a weird mobile thing. So I grabbed my laptop, and found something even more bizarre. Where my site should have loaded, at http://fitblogchats.com, I instead saw this:
It was a live, working website…just not my website. The address bar still read my URL, so I knew it wasn’t being redirected. It was like it had been taken over. (What was more bizarre was that this website had a Facebook link and complete contact information, so I was able to track the real website owner down!)
So, as you can imagine…I scratched my head, rubbed my eyes and then panicked. At this point, the chat was underway and I had to redirect people to another service. Then I contacted my host. Because although #Fitblog has been hacked before and I’ve even written a post on how to handle it (http://katywidrick.com/2011/08/29/hacked-how-to-handle-it), I knew this was over my head.
I decided to start with my host, Eleven2, and luckily — they recognized it immediately and had it fixed by the time I woke up. In their words:
There was a DDOS attack on the server and we had to migrate all the sites to a new IP address. You won’t be seeing the other site now. This issue has been fixed.
That is a MAJOR hit for Eleven2, and unfortunately for them/lucky for me, it affected multiple sites, and they had to respond ASAP. I’m not the only recent victim of a DDoS, or denial-of-service attack:
It’s a bummer, and I got lucky because my information was back in a matter of hours. So here’s how you can make sure that you’re prepared, too:
- Contact your host now and find out what level of service it provides for malware attacks, DDoS attacks, hackers and more. If the answer is none, look for another that can help, or do some research to ensure that you’re able to manually get your website back up if you are attacked.
- BACK UP. BACK UP. BACK UP. I can repeat it all day every day and some of you will still get screwed. Don’t let that someone be you.
That’s sort of it, as far as I can tell (if you’re a business, you may have your own servers or IT team that can beef up Web security more than mere bloggers) although I’d love to get your advice and input. Is there something else people can do to prevent or respond to issues like this?