Wow…the bad guys really want to get in on the #Fitblog love, huh?
To set the scene:
- 2pm Tuesday: I check and confirm that the #Fitblog Chats on Twitter website is loading and has the updated information for that night’s moderator
- 2-9pm Tuesday: I tweet reminders about the chat and send people to the website to sign in
- 8:55pm Tuesday: I load the FBC site on my iPhone, just to make sure it’s OK and I get this:
Hmmm, I think. Must be a weird mobile thing. So I grabbed my laptop, and found something even more bizarre. Where my site should have loaded, at http://fitblogchats.com, I instead saw this:
It was a live, working website…just not my website. The address bar still read my URL, so I knew it wasn’t being redirected. It was like it had been taken over. (What was more bizarre was that this website had a Facebook link and complete contact information, so I was able to track the real website owner down!)
So, as you can imagine…I scratched my head, rubbed my eyes and then panicked. At this point, the chat was underway and I had to redirect people to another service. Then I contacted my host. Because although #Fitblog has been hacked before and I’ve even written a post on how to handle it (http://katywidrick.com/2011/08/29/hacked-how-to-handle-it), I knew this was over my head.
I decided to start with my host, Eleven2, and luckily — they recognized it immediately and had it fixed by the time I woke up. In their words:
There was a DDOS attack on the server and we had to migrate all the sites to a new IP address. You won’t be seeing the other site now. This issue has been fixed.
That is a MAJOR hit for Eleven2, and unfortunately for them/lucky for me, it affected multiple sites, and they had to respond ASAP. I’m not the only recent victim of a DDoS, or denial-of-service attack:
It’s a bummer, and I got lucky because my information was back in a matter of hours. So here’s how you can make sure that you’re prepared, too:
- Contact your host now and find out what level of service it provides for malware attacks, DDoS attacks, hackers and more. If the answer is none, look for another that can help, or do some research to ensure that you’re able to manually get your website back up if you are attacked.
- BACK UP. BACK UP. BACK UP. I can repeat it all day every day and some of you will still get screwed. Don’t let that someone be you.
That’s sort of it, as far as I can tell (if you’re a business, you may have your own servers or IT team that can beef up Web security more than mere bloggers) although I’d love to get your advice and input. Is there something else people can do to prevent or respond to issues like this?
About Katy
Katy, I absolutely love these little reminders. I want you to know I have a folder in my email entitled, “Katy WP Fixes”. I’m banking and saving all of these for when I go hardcore and go self-hosted. DDoS attacks can be pretty nasty if you don’t know what to do or where to go. Now I do. Thanks!
No one is immune, and website attacks cannot be fully prevented. To minimize your risk, always make sure your software version is up to date — that includes all components and plug-ins as well as the platform. Updates frequently address security issues and fix flaws.
Although I’ve never been a victim of DDoS, my site has been hacked on several occasions, usually by malware code insertion. Any place on a website that allows user input — this comment box, for instance — is a potential gateway into your website. Adjust your settings to prevent URLs from displaying as hot links and employ security code measures, such as Captcha Codes — most hack jobs are performed by bots that cannot enter the codes (yet).
The hosting company is important, as well. I use HostGator and have been pleased with the speed and professionalism of their responses.
And even though Katy said it, I’ll say it again: backup, backup, backup.
Thanks for this post, I hope I never have to use it, but it’s a great resource just in case!
I am doing a lot of backups for my sites. My brother even went on saying that I am doing it at the point of paranoia. I tell him that it is better to be safe than sorry.
Wow that is crazy! I am backing it up through Vaultpress and just in case with the Dropbox plugin. I am a plan a, b, c kinda girl cause you never know!