I got hacked!

Someone defaced my site Friday evening and I had a really fun weekend (not).  Click Read More for the story.

I could show you a page of what the front of my site looked like, but that would just give more credit to the fargin’ sneaky bastage who had a good time defacing my site.  Let’s just say it said something like “Hey, you’ve been hacked!” and it was flying a foreign flag that I didn’t recognize.

I don’t want to go into details for obvious reasons, but suffice it to say that I’ve learned a lot about SQL injection attacks and the various ways to protect against them.  We’ve now got at least three layers of protection that we didn’t have last week, and we’re working on more.

I do want to say some very nice words about my hosting provider, Liquid Web.  It’s times like these that I’m glad I’m paying to have my sites hosted on a server at Liquid Web.  I spent literally hours on the phone with these guys, learning all about what to do, what not to do, etc.  I’ve spoken to and emailed several of their support people.  They told me what I should do to protect against these attacks, asked me to approve it, then they just did it for me.  Not one complaint the whole time — nothing but help.  That’s been my experience with these guys for several years now.  They have the best support of any hosting company I’ve ever used, and I just wanted to say that.

The backups worked, of course. ;) 

Written by W. Curtis Preston (@wcpreston), four-time O'Reilly author, and host of The Backup Wrap-up podcast. I am now the Technology Evangelist at Sullivan Strickler, which helps companies manage their legacy data

2 comments
  • Curtis, can you share what are some of the things you can do to protect your servers/sites from such attacks since you already went through the process recently.

  • I don’t want to share publicly what I did to protect my site for security reasons. However the smartest thing I did was contact my server company (liquidweb.com) and ask them what I should do. Twenty things later, I’m feeling more secure.