I woke up one sunny Monday morning to find that all of my websites have been hacked. Well, not all of them, but 8 of them! Something to do with terrorists replacing my home page with messages of blood. I thought about sending them a message saying, “I’m A positive”. Luckily my wife told me it wasn’t funny at all and I decided not to tantalize them.
So how do I get out of this mess?
I contacted my hosting provider and apparently it is very simple. All they have to do is install the backups. Little did I know my host only keeps one backup every 24 hours, and they only keep one copy. Guess what? My back up copy has been infected by the malicious messages as well. So now I am sitting here with 8 websites, some of them my clients’, and messages of blood and hate.
The moral of the story, is of course to keep several backups, but I didn’t and had to deal with it.
How did I retrieve 8 websites from the hackers?
The short answer is: I didn’t. The hackers have a Facebook page where they brag about their latest hackings. So I went to Freelancer.com to hire a specialist in this field. He was able to recover some of the files, but not entirely. I focused on my clients’ websites first, whilst mine was sitting there being picked off by Google. Yep, Google punished the hell out of me. I used to be in the top 10 for a number of keywords and now all you can find me for is ‘ImYourBiz’ which is pathetic. Months of work down the drain.
Back to the websites. So I focused on my client sites first and had to rebuild most of it manually. I worked for about 15 hours per day to fix all their sites back to its former glory. To think that with one click I could have restored everything if I had the backups.
How to protect yourself from hackers
Unfortunately this happens to the best of us. If it can happen to the US government, Google, and the BBC, it can happen to you and me. However there are a number of ways to protect your website from hackers. Not all of you will be lucky enough to have a guy like me sorting it out for you.
cPanel – Simply go into your cPanel and go through the backup wizard. This is a manual process, but it is quick and easy. Restoring your website from one of these backups is incredibly easy as well. The only drawback is that it is manual.
DropMySite.com – these guys work a little bit like drop box. You can try it for free and they backup your site as many times as you like. I would recommend setting up a daily schedule and deleting files older than 10 days to save on space every now and then.
Backomatic.com – these guys are the best I have seen. I am in the process of trying them out so I don’t know much about their customer service. However, their payment module is very flexible. You have complete freedom over how much space you want to use, your backup frequency etc. The best thing about them is the fact that I can backup my entire Web Hosting Management and the sites that are on there. I currently host 16 websites there and they are all backed up every night.
UPDATE – May 7th, 2013: I don’t use BackoMatic.com anymore. They didn’t back up all of my sites. In fact when I went to retrieve a backup because a client’s website was lost, it wasn’t there.
SiteAutoBackup.com (BEST) – I had a couple of issues getting everything set up, but their support was incredible and now it runs like clockwork. Their pricing is very reasonable as well. I would recommend trying out their free trial. They can do everything Backomatic can do, but this time it actually works.
Backups are a great tool, but it would also be good to prevent your website from being hacked in the first place. Here are a couple of tips you can employ.
Cloudflare.com – these guys redirect all your traffic through their screening process and block any known threats. If they have hacked another site before or have been reported of malicious attempts, these guys stop them from ever gaining access to your site. It also has the added benefit of making your site a bit quicker.
Wordfence WordPress plugin – This is a free plugin, but there is also a paid version. These guys will notify you, via email, if anyone is trying to hack your website. You can then quickly log into to WordPress and block them from having access to your site – a very cool feature. They also notify you when there is an update for a plugin, since out of date ones invite security risks.
If your website has been hacked and you need some help. Please let me know I will help you to take the best course of action.