Hi, all, it’s Sher today and maybe only me from now on. It’s IWSG day, or the Insecure Writer’s Support Group day, a time to post my writing insecurities for all the world to see. Kind of scary. But not at much as what happened last year or what happened from December through most of Feb.
But wait. First, the credit for IWSG goes to Alex J. Cavanaugh. Thanks, Alex!
Okay, now for today’s insecurity: nobody will ever read what I write. Thanks to the toll of trolls, that fear just came to me — mere seconds ago.
This isn’t an unfounded fear. For starters, take last month’s IWSG post. I posted right on time but nobody read it. Why? Because they couldn’t unless they ignored Google’s warnings or their antivirus’ warnings. My blog was hacked in December, two or three times. Hackers are like trolls hiding under a bridge. Anybody who came across my site could have been the next victim.
The first thing I did was track down and contact the first hacker. He was sorry after he learned he’d hacked a children’s book blog when he attacked the insecure Arvixe server. He told me I needed to change permissions on my config file and add a firewall to my cpanel. Done. Of course, I removed all the spam links, thousands upon thousands. But even though I spent about 8 hours every night trying to find the malware, I couldn’t.
The hacking continued. So I hired a security expert to clean my site and close the back doors. He never found all the bad code either. Neither could any of the security plugins and malware scanners I added.
One small favor: changing my theme made my blog show up on my desktop. My phone, however, kept showing the “hacked by…” message. In late Jan, I got an email from the security guy when he thought he’d cleaned everything. I asked him to keep hunting because I could still see the “hacked by…” message when I previewed most themes, and my emails still had garbled titles including a “hacked by…” message. Eventually, all my sidebar widgets disappeared, so I had to log in through WordPress.com. By then, I think the security guy had given up. He didn’t respond to emails.
The hacker trolls were taking a huge toll on my time and my health, way too much after last year’s debacle when I spent 6 months throwing up after a botched surgery and almost starved to death before I could get the damage corrected. I debated whether blogging was worth the trouble. I think that’s what I posted in February’s IWSG. As a bridge to success, my blog failed. What good is a writer’s platform that keeps crashing?
I resigned myself to the fact that blogging could not possibly help my writing or editing business more than it hurt me. I was sick almost every day. Worse, my blog might hurt others who tried to read my posts by spreading the infection. Finally, I realized that the next hacker might leave porn on my site where kids would see it. This is a children’s book blog, after all. I couldn’t just abandon it in such a state. Grrr!
Back to unhacking. WordPress forums’ advised deleting all my unessential plugins, inactive widgets, and themes, but none of those actions worked. Neither did changing my blog character-set back to UTF8 from the UTF7 that some hacker inserted. I used online decoders for a bunch of base64 gobbledegook. I found one hacker’s file and deleted it. Woo-hoo! Too bad it wasn’t one of the new ones. Sigh.
Next up, I tried to learn the coding and sql database languages to find the formatting errors that made my email titles read: “</title>Hacked by aAn<DIV style=”DISPLAY: none”><xmp>” short version or “+ADw-/title+AD4-Hac
As a last ditch effort, I deleted all the database files left behind by plugins and themes I had already deleted along with every image file that had changed since December. One of those must have held the bad code. At last my email titles stopped showing garbled text. Since then, I’ve been able to see my site on desktop, tablet, and phone.
So far, so good. I messaged the first hacker via Facebook to find out if he could still get in to my site.
He said,”See your server (grin emoticon) all the sites Down
If you click the link, you’ll see a long list of website defacements reported by a hacker’s organization. That’s a lot of hacked websites. I panicked — until I realized the ip address was for Arvixe, not my new host. My files are visible, but they’re not my current files at Fast Comet. At first I thought I should delete the Arvixe files, but why? Any changes a hacker makes will just get deleted off the server when my contract expires. And for now, my old files are serving as decoys while I continue to harden my new files.
Bottom line: For the near future, I’ll probably only post for IWSG, and I’ll probably blog alone to avoid the risk of my blog partners signing on in an unsecure hotspot and starting the whole cycle again.
Oh, to answer Alex’s question about how I tracked down the first hacker, I just searched the “hacked by …” message on Bing, and the hacker’s Facebook page showed up in the list. I searched for the other hackers the same way, but only the first responded to my requests for help. He said the last hacker injected code into my database. The first hacker even sent a list of commands to deny entry to my database in the future. Of course I thanked him.
The last message he sent was: “ (heart emoticon) you will my mom (kiss emoticon)” and “you Welcome ^^”.
There you have it, the one bit of sunshine shining through the darkness.
I submitted my reconsideration report to Google to get off their blacklist. Once that’s done, I hope I’ve paid my last troll toll. But I don’t want to step on the bridge again until I know for sure. And that might never happen. However, if this information helps even one person avoid getting hacked, it was worth the time it took to post it. One long leap for me, one small service for other writers. Can I count that as turning my insecurity into a security?