One In Jesus has been hacked twice in the last few weeks — and has never been hacked before. It’s a common problem. Edward Fudge and Cecil Hook had their sites hacked, as have many major corporations. But you’d think that running a standard, popular blogging program like WordPress would prevent such things. But, no, it doesn’t.
It’s a terrible feeling — like being stolen from. These particular hacks weren’t designed so much to crash the site as to provide a launch point for phishing efforts — that is, the site was taken over for the sake of theft.
I’ve now subscribed to a service called Sucuri, which monitors the site for malware and cleans up any hacks, all for $89.99 per year. I’ve also installed a plugin called Bullet Proof Security, which makes several changes to the site making it much harder to hack.
I barely know how to type and post articles. Matters of security and such are way beyond my skill set, meaning I’ve had to learn how to do this the hard way. Don’t learn the hard way. Install the proper security features, especially Sucuri, if you manage your own site.
Also, as is always true, use a strong password — not “password,” “123456,” “admin,” or other such absurdities. I use LastPass, a free password generator and log in utility. I can access LastPass from my iPhone and any computer with an internet connection. It automatically generates random strong passwords and remembers them for me.
I had no idea that protections were even needed for a WordPress site, but evidently they are. Sucuri logged into my site and found two files creating back doors for future hacks — even after the webhost, the free Sucuri malware scan, and Bullet Proof Security had scanned the site and found it clean! And it was indeed clean of active malware, but the backdoors were still there and surely would have been used again.
Since the good people at Sucuri have deleted the back door files, and with perpetual monitoring in place, the odds of a future hack are greatly reduced.
It’s impossible to know just how the backdoor files were slipped in in the first place, but as good a theory as any is that they came from a plug in I installed (get this) to increase security! (Oh, the cruel irony of it all!)
Now, this leaves two points of concern —
First, Norton’s still has the site rated as dangerous, but hopefully, when they get back to work Monday, they’ll have mercy and free the site from Norton purgatory.
Second, I’ve lost a page. I used to maintain a page called “Progressive Church of Christ Blogs and Forums.” And it’s disappeared. There are links to it all over the place, but the old page is gone. I assume it was collateral damage from the hacking. (I hate to think what else might be lost.)
And so I have to rebuild the thing again. … Suggestions would be most welcome.
can you view a cached version of the lost page on from Google
That’s a really good idea. I went looking and it appears to have been lost beyond Google’s caching. But I found a copy on an old back up, and so it’s just a matter of updating the last several entries.
You can also check archive.org for stored versions of the missing page.
Using common / popular software can actually make you an easier target: the bad guys generally aren’t going to spend time finding vulnerabilities in something that hardly anyone uses, because there’s nothing to be gained from doing so. It’s one reason there are a lot more viruses and other malware for Windows than for Mac or Linux.