Hacked: Lessons Learned and Relearned

Hacked!A couple of weeks ago while I was on vacation my WordPress site was hacked. It started first with a weird email from Wordfence trying to tell me something but it was so garbled I knew either it was in serious need of an update or something worse had happened. When I got to my site, I found something worse had happened. What was weird was I could only see the hack on one device. So when I contacted my hosting provider, they of course said it was my PC (I was on an iPad).  The reason for contacting them was early evidence seemed to point to something hacking into my site from the host. This would mean the host server was hacked. As I didn’t have my laptop with me with my usual tools to look at things securely (such as turning off all JavaScript and Flash in the browser so I could minimize the chances of compromising my laptop. My wife had her work laptop but I was not going to compromise it. So I just decided to leave my site down. This is not something a commercial site could do. Imagine the sales Amazon would lose if it were down for an hour. But my site isn’t an e-commerce site. Instead it is just a blog.

The early answers from my provider were I should scan my PC to make sure it isn’t affected. Agreed, always a good measure. I run antivirus that is pretty highly respected and a malware prevention program but as we all know, the vulnerabilities they don’t know about they can’t protect you from and even then they are not foolproof. I knew the hack was on the site and not my PC. I had logged in local and looked at the code and there it was “Hacked By Explo!T3r”.  Don’t do a Google Search for that as you will be surprised how many sites have been hacked by the same or similar group and are still hacked and un-repaired and may not even know, but Google knows. Okay, search but don’t visit their sites just in case. And the worse part about it was it was all tangled up the cache so I would have to make sure to wipe my cache once I cleared up the mess. I backed up my site as it was so that I could download it and do a file by file comparison with a previous backup to see what was changed or infected. Additionally I scanned it with both antivirus and malware scanners to see if there was something evidently evil about it. Nothing found.

A senior engineer at my hosting provider asked me when was my site working. I hadn’t logged in in over a week so I told him when I was last on the site. And they said they would restore a backup for me from that time period. Now, I wasn’t aware they were backing up things also. I know I have to run manual backups and I download them to a cloud provider so I have “off site” backups so to speak. I know I could automate this process and I have in the past but the free plugins that do backups have some limitations and being that my site isn’t for commercial gain, I have to keep things low to no budget. Plus that is in keeping with my open source spirit. So when I finally got back from vacation I looked and my site was really down now. Database Connection error. I guess their backup didn’t massage my database before backing up. So I knew what I had to do.

First I checked the modified date on all files on my site and decided I would wipe the site and roll in the last manual backup I ran. When did I run this backup? The end of June. I have violated my very own rule. Backup and backup often. Also backup before going forward. So I lost all of my July posts, which was a shame as they were really good and have brought a lot of traffic to my site.  Don’t worry my “Social Media for Small Business” series will return and soon have some additional entries.

So after restoring my site to the June backup and changing my passwords to the most complicated passwords I have ever used the site is back up and running. I looked through the code and the hack modified entries in my database so either they compromised MySQL for my site, did a SQL Injection hack, used an account with author privs that had a less than awesome password, or even an exploit of one of the recent vulnerabilities that were fixed by the latest update to WordPress 4.2.3

Here are some lessons learned:

1. Backup and backup often (I failed my own rules here).

2. Update often. (I didn’t have any pending updates of plugins or WordPress so I was technically as good as I could get).

3. Complex passwords. I use complex passwords but I had an account that did not. Wordfence offers a scanner that checks password complexity.

4. Compare backups. There is a lot to learn by comparing files from one backup to a newer one. What has changed since the last backup?

5. Verify your .htaccess files are set correctly.

6. This one will be controversial. Country blocking. Wordfence (paid version) has an option to block by country. I had turned this off because my site seemed slow and I was looking to see if my .htaccess file had become unruly with too many entries. However if you have a topic on your blog that might be controversial (my entries about my Faith), then you know you may offend someone. While I want my site open for everyone, there are some countries where the majority of hackers come from so blocking their countries (determined by IP address ranges and domain suffixes) will save you some headaches.

Look at my WordPress Security Essentials to see the things I do and should have done to protect my site. In this case, do as I suggest, not as I do.

Why it is so hard to talk about our Christian faith

The Cross 400px

This is the start of my Grace series:

When I started this blog I was torn. I felt lead to create a blog that involved me writing about my walk with Christ. But the Tech side of me wanted a place too. I thought the solution was to create one place. Now don’t Google it as it will just embarrass me but there are a lot of web addresses with variations on Faith and Technology out there. A smarter person would have researched this more perhaps but faithandtech.com is what I wanted to call my site so no one had any reason not to expect the content they find here.

As I seem to build a slow following on Social Media, I began to feel uncomfortable posting things about my faith. Sure posting such things on a Sunday morning was one thing, posts like, “Go visit God’s House today, he is looking forward to seeing you” etc got me a few followers and a few retweets but not much. And sometimes I would post sentiments about my faith or links to Bible verses I ran across in my devotional reading. I usually did this in the early mornings when no one would really see them. Why? I didn’t want to turn people off from following me. What?!?

You see it is so easy to be scared in this modern day to share our faith. We don’t want to be persecuted or made fun of because of our beliefs. As we are often, myself included, unable to walk as faithfully in our journey as we should, sometimes we don’t talk about our faith because our actions and words don’t reflect our faith anyway. If being a Christian were a disease, a doctor would have trouble finding our symptoms. I have let God down so many times. I am not ashamed of my faith; instead I am ashamed I have not walked faithfully. And what makes it harder is that instead of Christians being persecuted in person as in so many countries around the world, we are allowing the media and other groups slowly put us in a box by removing opportunities for us to share our faith. Do I think America is a country that should be Christian, yes, but it isn’t going to happen. Prayer has been removed from our schools. We can’t display the Ten Commandments in places for fear of offending someone. It is so hard to share our faith when we worry about offending someone. But first of all, the best way to share our faith is to live it. Have it be woven into our every moment. A couple of days a go a pastor on the radio talked about how our Work and Faith are not one and the same. Basically as soon as we walk into our company’s front door, the Lord does not exist there. We spend so much more time at work than we do home and we certainly do not spend much time at Church. Jesus is our savior and we owe God everything for even letting us exist. Do you spend time praying every day? Do you spend time reading the Bible every day? Think about how often you think about Christ in your every day living? Do you go whole days without thinking of the Lord once? Only when we are close to God can we boldly speak about our faith and is our faith active in us. If you have no support system, it is hard to step out into the Light and explain who you are to others. God is with us.

I realized I was more concerned with followers on Social Media than I was with sharing my Christian beliefs. Because of this I allowed the devil to convince me not to post about God on my blog and on social media. My plan is to not let that happen again. If God wants me to have a following on Social Media, it will happen and nothing will stop it. If he does not then nothing I can do will make it happen. What is really important is to be faithful to Christ. That is the most important thing.

God gave us grace before we were even born, this is Prevenient Grace. God loved us and loves us. He wants a relationship with us.

We can not walk with Christ if we do not seek him out. This is Justifying Grace. It is us seeking God and seeking forgiveness of our sins. It is about us seeking to maintain that relationship with him once we allow it to happen. When we actively walk with Christ it is so much easier to share our faith and love with others.

I plan to start sharing my faith, working hard to stay faithful and to be Bold about Christ.