I got hacked!

Someone defaced my site Friday evening and I had a really fun weekend (not).  Click Read More for the story.

I could show you a page of what the front of my site looked like, but that would just give more credit to the fargin’ sneaky bastage who had a good time defacing my site.  Let’s just say it said something like “Hey, you’ve been hacked!” and it was flying a foreign flag that I didn’t recognize.

I don’t want to go into details for obvious reasons, but suffice it to say that I’ve learned a lot about SQL injection attacks and the various ways to protect against them.  We’ve now got at least three layers of protection that we didn’t have last week, and we’re working on more.

I do want to say some very nice words about my hosting provider, Liquid Web.  It’s times like these that I’m glad I’m paying to have my sites hosted on a server at Liquid Web.  I spent literally hours on the phone with these guys, learning all about what to do, what not to do, etc.  I’ve spoken to and emailed several of their support people.  They told me what I should do to protect against these attacks, asked me to approve it, then they just did it for me.  Not one complaint the whole time — nothing but help.  That’s been my experience with these guys for several years now.  They have the best support of any hosting company I’ve ever used, and I just wanted to say that.

The backups worked, of course. ;) 

----- Signature and Disclaimer -----

Written by W. Curtis Preston (@wcpreston). For those of you unfamiliar with my work, I've specialized in backup & recovery since 1993. I've written the O'Reilly books on backup and have worked with a number of native and commercial tools. I am now Chief Technical Architect at Druva, the leading provider of cloud-based data protection and data management tools for endpoints, infrastructure, and cloud applications. These posts reflect my own opinion and are not necessarily the opinion of my employer.

2 thoughts on “I got hacked!

  1. StorageGuy201 says:

    Curtis, can you share what are some of the things you can do to protect your servers/sites from such attacks since you already went through the process recently.

  2. cpjlboss says:

    I don’t want to share publicly what I did to protect my site for security reasons. However the smartest thing I did was contact my server company (liquidweb.com) and ask them what I should do. Twenty things later, I’m feeling more secure.

Leave a Reply

Your email address will not be published. Required fields are marked *