How I Cleaned Up My WordPress Site After It Was Hacked and Blacklisted

How I Cleaned Up My WordPress Site After It Was Hacked and Blacklisted

You don’t expect it to happen to you and then wham! Your site gets hacked. It happens to best of us. And I would know because it happened to me just last week.

What’s worse is that my site’s IP address was also blacklisted, which means my site and any site on my hosting account using that IP was marked as spam. I couldn’t send emails without them bouncing, my search engine ranking started plummeting and visitors couldn’t access my site without getting a virus.

What. A. Nightmare.

Luckily, I was able to test my site to identify the problem, find the hack and remove it, and then get my sites off the blacklist.

Today, I’m going to show you the process I used to clean up my site so you can fix yours, too. If you’re not too keen on DIY fixes, that’s okay because I’ll also show you some great plugins that can also do the job.

How I Was Hacked

There are many possible reasons why a site is hacked. It can be as simple as having a weak password that hackers can easily guess or something more complex, such as not having a firewall or security plugin installed.

But you may be wondering why someone would want to hack your site. This may especially be confusing if your site doesn’t generate as much traffic as, say, Twitter or Instagram.

According to WordPress.org and W3Techs, 60 million sites across the web are powered by WordPress and that works out to about 25% of the entire web. Being such a popular CMS makes it an enticing target for hackers, especially when all its code is available to the public, and free of charge.

I know, it’s easy to get a bit squeamish with that in mind, but while WordPress seems to be a favorite for hackers, you can rest assured other CMSes like Drupal and Joomla are also affected.

WordPress Security: Facts and Figures

The difference with WordPress is its security updates. They are rolled out automatically whenever a major security vulnerability is spotted, making it a relatively safe choice for your site. Even so, you are still responsible for the security of your site and need to put in place measures to keep it safe.

According to the US National Vulnerability Database, since WordPress became public, the top security vulnerability has been with plugins available in the directory as well as from outside sources. The second largest concern was with other factors, such as custom scripts.

While there were security vulnerabilities found in the WordPress core, it only accounts for 5.5% of the total known concerns at the time this was written.

This is still a problem since W3Techs also found that over 17.8% of WordPress sites are not up-to-date, meaning recent security patches won’t mean a thing for these folks and their sites are open to attack.

For the rest of us, while most of these vulnerabilities are now completely resolved, seeing the history of WordPress from this perspective shines a strong light on the actual security concerns, which are related to WordPress and don’t have much to do with the platform itself.

Back to Why I Was Hacked…

In my case, I got hacked because a site I hosted on my VPS was not regularly updated. I let it slide because it was a site I set up for a temporary solution. I know, I know, that’s terribly irresponsible and I’m not giving an excuse, just an explanation.

Not only that, I didn’t take many special security precautions. I didn’t install a security plugin, limit the login page to only my IP address or backup my site. In fact, the only thing I did right was choose a username that wasn’t “admin” and set a strong password.

This was all especially dangerous since this one site that I was supposed to delete ages ago ended up affecting several other sites on my server. The hacker used this one site to gain entry into a couple of my other sites. Talk about a headache.

Luckily, I had a security plugin activated on my other sites and the exploit was quickly detected. With an hour, I was able to clean everything up. So yes, I was hacked, but I got lucky this time.

If my other sites didn’t have their security up to snuff I wouldn’t have even known anything was wrong and the hacker could have affected each and every site on the server. Not just my server, but every other site using the same VPS.

Shared hosting also comes with the same danger since many people also share the same server. The only exception is dedicated servers, although, if any one site is infected, it could infect others that you have, even though you’re the only one using your server.

What I Should Have Done to Avoid Being Hacked

Here are some of the best (and basic) things you can do to help keep your site secure:

  • Keep WordPress, scripts, themes and plugins updated
  • Choose themes and plugins from a trusted source
  • House your site with a trusted hosting provider
  • When possible, choose a dedicated server
  • Use a strong password with a username that isn’t “admin”
  • Regularly backup your entire site, including your files and your database

These are great tips to get you started, but there are many more steps you could take to help the overall security of your site.

To learn more about them, you can check out some of our other posts: WordPress Security: Tried and True Tips to Secure WordPress, 12 Ways to Secure Your WordPress Site You’ve Probably Overlooked and A History of WordPress Security Exploits and What They Mean for Your Site.

So with this information at hand, let’s take a look at some of the most common ways hackers breach and compromise WordPress sites.

Backdoor Exploits

This is the nightmare I had to deal with recently. Backdoor exploits are one of the more difficult and brutal attacks to resolve since they can affect multiple sites on your server.

A hacker saves a file on your server with a script that allows them entry into your site and server whenever they want.

Instead of gaining entry into your site like everyone else – through the front-end login page – the hacker gains entry through a, well, backdoor they create.

These added files are often named to look as though they are a part of the normal WordPress core. For example, the file could be called users-wp.php, php5.php, or something similar.

It can be difficult to know when it happens if you don’t have a security plugin installed to alert you to any changes. But there are a few of other things that can hint toward this kind of hack. One is that you may notice a browser error message that comes up when you try to access the front or backend of your site. You may be prompted to confirm the site is safe before continuing to load it.

A Chrome browser error message when trying to visit a site: "Your connection is not private."
If you suddenly receive error messages stating your site isn’t safe to visit when trying to reach your site, you may have been hacked.

When visiting your site, your operating software’s anti-virus may also alert you to a possible threat since backdoor exploits often include placing code in your existing files or creating new files that launch malware and even viruses such as trojans when your site is visited.

You may also notice that emails you try to send that originate from your server get bounced back to you with a basic SMTP 550 error message.

Sometimes you may get a more detailed explanation of what the issue is depending on the email’s server you’re trying to reach. The returned message may list the link to the website that blacklisted your site or IP address.

Later on, I’ll show you what you can do with this information and how to clean up this mess. But for now, let’s explore some other ways your site may be compromised.

Pharmaceutical Hacks

Have you ever visited or linked to your site and noticed there was some weird text full of links you never placed there? This is caused by a pharmaceutical or pharma hack.

The text and links often refer and point to spam sites, and often shady ones that sell various items from knock-off watches and purses to prescription drugs such as Viagra or Cialis.

This happens when a hacker injects scripts into your files, often in your page headers, but this isn’t always the case as they can appear anywhere in a file. The links and text that are injected with the scripts can also be hidden from view.

A Google search of a site that produces spam that's visible with your site link.
Searching your site in Google come up with questionable results if you have been hacked.

A tip-off to a pharmaceutical hack could be that you suddenly see ads while you’re surfing the web closely related to the injected scripts, even though you haven’t been searching for those items yourself.

Go to Google and type in site:yourdomain.com, except replace yourdomain.com with your own site’s URL and browse the results.

The results should only display titles and descriptions that are related to your site. If you see links with a description or title that are spam but your site is attached to it, this confirms you have been hacked.

If you update your Facebook status with a link to your site, you should see content appear from that page. If spam appears in the description or title of the link preview it means you have been hacked and you probably shouldn’t click that button to publish your status.

Before we move onto more advanced techniques to test your site for injected scripts and how to fix it, there’s one more common problem you may face…

Malicious Redirects

When a hacker injects scripts into your .htaccess or other core files that result in your site being automatically directed to another page or site, it’s often a malicious redirect.

Your main site or individual pages can be affected and if you’re using Multisite your whole network could also be in danger.

You'll notice a malicious redirect right away because your site will automatically load up a different URL.
You’ll notice a malicious redirect right away because your site will automatically load up a different URL.

Sometimes the redirect may not even look too obvious if the compromised file still uses your theme’s styling. In such cases, there may be a lot of ads displayed on the page, but otherwise it looks like your site.

On the other hand, your site could be redirected to another site entirely with spam links or even content suitable only for adults.

This is often the easiest hack to spot right away since you can usually see that you’re redirected when you are trying to visit your site or even a specific page.

Luckily, this issue isn’t at all impossible to fix.

Testing and Cleaning Your Site After Getting Hacked

Before you do anything, it’s important that you backup your site. Even though you have been hacked, there could be valuable information on your site that you may need to recover later.

Snapshot is our premium backup solution.
Snapshot is our premium backup solution.

More seriously, some hosting providers may shut down or even delete your site immediately after finding out your site has been compromised, especially on shared hosting plans.

There are many quality backup plugins available including Snapshot, VaultPress, and BackupBuddy.

Once you have backed up your entire site, you’re ready to get started.

Even if you’re pretty sure you have been hacked, it can still be helpful to test your site since you may find additional files that have been affected. Once you know where there’s a problem, you can fix it by cleaning up the code.

Here are some sites that provide free scans for hacked files:

  • Unmask Parasites – Lets you know if your site has been hacked. This is a great first step in determining whether there’s a problem.
  • Sucuri Site Check – A slightly more comprehensive scan than the previous link. Also lets you know if your site has been blacklisted.
  • Norton Safe Web – You can quickly find out if there are any threats associated with your site.
  • Quttera – Scans your site for malware.
  • VirusTotal – You can scan your site or IP address for common viruses, trojans, malware and the like. It uses over 50 different scanners to get more accurate results.
  • Web Inspector – This scan checks to see if your site has been blacklisted, but also scans for backdoors, malware, trojans, viruses, phishing, suspicious code and more. A fairly detailed report is generated in about a minute or two.
  • Malware Removal – Malware, virus, script injections, malicious redirects and more can be checked with this site scanner.
  • Scan My Server – Scans for malware, SQL injections, XSS and more while also offering a detailed report, but an email address is required along with adding the provided backlink to your site to verify ownership. The report is emailed to you and takes about 24 hours.

It’s best to use many or all the sites listed above since these options vary in strength and the types of infections that they can search. It’s also important to scan your computer for viruses that may be affecting your browser.

In How to Clean Up a Hacked WordPress Site, Wordfence lists some great commands to use with SSH access to help you find malicious scripts and code.

Start by listing your directory to search for recently modified files:

Don’t forget to replace /home/yourdirectory/yoursite/ with the actual file path to your site. If the search doesn’t turn up any results, enter in another search, but modified to search within the last 10 days:

Again, be sure to type in your actual file path to your site. If results don’t turn up again, continue with the search, slowly increasing the number of days to search within.

You can do this by changing the number 10 in the previous example to a slightly larger value.

You can also use the SSH tool called grep. You can use it to search your files for common values that hackers inject.

Start by entering the following command to list the affected files. Just be sure to replace value with the actual value you would like to search.

You can search for common values such as base64 and bad hacker was here.

Once you have found files that have been hacked, you can search through the actual files with the command below, replacing value with the actual search term you want to use:

Once you have identified the problem, you can start cleaning up your site.

Depending on where the offending code lies, you can manually flush it out:

  • A backdoor file created with only malicious scripts in it – Delete that file.
  • Malicious code found in a WordPress core or plugin file – Delete it and upload a fresh and clean copy of the file.
  • Malicious code found in a legitimate custom file – Remove the malicious code and save the file.
  • If you would rather bypass the daunting cleanup, you can restore your site from an unaffected backup, then update your site, plugins, themes and scripts, and increase your site’s security.

When you think you have located and removed all the malicious code, run through the sites again to make sure you didn’t miss anything. Once you’re confident you have fixed everything, it’s a good idea to contact your hosting provider.

You can let them know you were recently attacked, but you cleaned everything up and would like them to double check your site for additional vulnerabilities. They can help you verify the security of your site, but it’s also important to make them aware of the situation.

Informing your host becomes especially helpful in the event that your site is reported as a threat by third party automatic scanners or general visitors. Since your host is already aware of the situation, they can take the appropriate steps to make sure your site is whitelisted, without you needing to anything else.

As a general rule of thumb, it may be a good idea to contact your hosting provider after you believe you have resolved your site’s security risks. Some hosts may shut down your site immediately after they hear about a threat from your site so it’s important to at least have a backup of your site before getting in touch with them.

Getting Your Site and IP Address Whitelisted

Once your site has been cleaned up, your site or IP address may still be marked as spam. The first step in resolving this is to find out where you are blacklisted.

My top choices for finding out who blacklisted you are Unmask Parasites and Spamhaus. I prefer using Spamhaus the most because it’s not only one of the sites where you could be blacklisted but, more importantly, provides links to the sites where you are blacklisted so you can get apply to get whitelisted.

In order to perform a check, you can’t go directly to the Spamhaus site. A scan needs to be performed manually. Luckily, it’s super easy and just requires you to type in a link similar to the example below:

Just type in this URL into your address bar, but replace 123.456.789.10 with the actual IP address where your site is hosted. Visit the page and your results are listed for you.

An example IP address has been detected as blacklisted by Spamhaus and a link to the site where the IP has been blacklisted is provided.
Spamhaus directs you to the exact site that blacklisted your IP address.

If your site has been blacklisted, your IP address is displayed in red next to links of the sites that blacklisted your site’s IP address.

Open the links in a new tab, then follow the directions to apply for your IP address to become whitelisted. Each site has different instructions so be sure to follow the directions carefully.

You can usually apply in just a few clicks and once your applications are submitted, it can take up to 48 hours for your site to be processed.

Most of the time, you won’t get notified once the process has completed. This means you need to create a manual Spamhaus search after waiting a while to see if your site has been placed on the safe list.

Keep in mind that you can often only apply to be removed from the blacklist once so you need to be sure your site is clean and that you have completely resolved any threats. Otherwise, your site and IP address could risk being permanently blacklisted.

If you have been blacklisted by Google, the application process is a bit more involved and can take 12 to 24 hours to process. Luckily, they do have the instructions for requesting a review readily available.

Once your site and IP address have been reviewed and whitelisted, you’re done, right? Not exactly. There are still some critical steps left you need to take.

But Wait, You’re Not Done Yet!

After you have successfully cleaned up your site, you need to update WordPress along with any themes or plugins you have installed if any of them aren’t up-to-date already. You also need to be sure to keep a regular tab on your site to make sure you consistently keep it updated.

Another security measure you should take right away is to change your password. It’s also a great idea to have everyone in your network update their passwords as well if you are running Multisite.

Next, it’s time for you to change your WordPress security keys. What this will do is cancel any active cookies which keep you logged in for an extended period of time. Once you change them, hackers won’t have continued access to your site.

You can generate new keys using WordPress’ Random Security Key Generator. Then, replace your old keys with the new ones in your wp-config.php file.

The code you need to replace will look similar to this example:

You can also install the free ConfigServer Security and Firewall in the root of your server using SSH access. Setting it up is easy.

First, make sure you log into the root or your server since this won’t work otherwise. Then, enter the following lines, one by one:

Next, enter the following line:

If you don’t return any errors, then your firewall is good to go, but you just need to enter one more command to make sure there aren’t any conflicting scripts installed.

Once you’re done entering these commands, your new firewall is setup, but there’s one more step you should take for the security of your site and that’s to investigate how your site was hacked. As the adage goes, “Well aware is half there.”

Knowing how your site’s security was compromised can help you prevent future threats.

You can do this by checking your site’s logs. There are also helpful tools out there to help you make sense of your logs as they relate to your hacked site such as OSSEC which is free.

If you find bugs, you can also help the WordPress community by sharing your findings through opening a trac ticket as Rachel McCollin describes in her post: How to Contribute to WordPress (and Just Generally Be an Awesome Person).

Plugins to Help Test and Clean Your Site

If you would rather stick to using plugins to test and clean up your site, you have no shortage of options.

Here are the top plugins you can use for single and Multisite installs of WordPress to detect infected files, then clean them up. They’re all well-maintained so you can be sure they can help you save your site and time.

  • Wordfence

    Wordfence

    Wordfence is my first choice when it comes to security plugins. Both the free and premium versions do a fantastic job of detecting and protecting your site from virtually every threat out there. The service’s database regularly updated so when new threats are invented you are quickly protected.

    Some of the best features in Wordfence include its ability to detect when files have been changed or created, giving you the option to restore them to their original version or delete them in a single click.

    When my site was hacked, I noticed things weren’t right when Wordfence sent me an alert. Luckily, Wordfence has the ability to scan files outside of your WordPress installation and that’s the feature that ended up saving me. Wordfence was able to detect that my other unprotected site was hacked.

    I was able to delete most of the problem files and restore the rest. For good measure, I deleted the excess files that weren’t related to WordPress just to be sure there were no more backdoors hidden away.

    Wordfence also comes with a firewall along with many more outstanding features.

    You can see our review called Securing Your WordPress Site: Wordfence Security Review or get instructions firsthand on how to clean your site from Wordfence’s own post called How to Clean a Hacked WordPress Site with Wordfence.

    Interested in Wordfence?

  • VaultPress

    VaultPress

    VaultPress is a security and backup plugin rolled into one. You can grab a free copy from the WordPress directory or upgrade to the premium version.

    It was created by Automattic, the same folks behind WordPress.com, so you can be sure your site is in great hands when you install and activate this plugin.

    Regular backups help protect you by giving you a restore point that can easily get your site back up and running after an attack, but you are also doubly protected with many security features if you upgrade.

    The premium version includes features such as daily scans for suspicious code, viruses, malware, trojans and you name it. It’s also easy to clean your site if you do get hacked.

    Interested in VaultPress?

  • iThemes Security

    iThemes Security

    iThemes Security (formerly known as Better Security) is a great plugin that does a great job of protecting your site. It keeps up with the hackers and their latest offences so this plugin can patch up any known exploits, backdoors and other similar vulnerabilities as they come up.

    The free version is great for protecting your already clean site, but if you want to know when files change and have the ability to perform more powerful scans, you need to upgrade to the premium version.

    The good news is iThemes Security is also a backup plugin so if you find out that your site has been hacked, you can quickly restore your site to an earlier, clean version without needing to upgrade.

    For a full review of the free version, check out our post: Securing Your WordPress Site: iThemes Free Security Plugin Review.

    Interested in iThemes Security?

  • Sucuri Security

    Sucuri Security

    Sucuri Security is a great free plugin that not only has the ability to strengthen your site’s security, but it also scans for malware and similar threats, checks if your site has been blacklisted and even includes clean up actions if your site does get hacked.

    You can also rest easy knowing that this plugin notifies you if something looks fishy. There is also a firewall feature available if you upgrade, but works well on its own.

    Interested in Sucuri Security?

  • Acunetix WP Security

    Acunetix WP Security

    This plugin is all about increasing the security of your site, but doesn’t help you if you get hacked. Still, it’s a great plugin for taken certain security measures that other plugins may not include.

    For example, Acunetix WP Security can hide your version of WordPress, secure your file permissions, change your database prefix and disables front end error reporting among quite a lot of other features.

    It also doubles as a backup plugin so you can easily recover your site if it has been hacked, even though there aren’t any more advanced features when it comes to fixing your site after it’s been hacked.

    It’s a great plugin to add to your security arsenal once your site is back to normal.

    Interested in Acunetix WP Security?

  • Theme Check

    Theme Check

    The Theme Check plugin can help by verifying the validity of the code used in a theme you would like tested.

    It compares a theme’s code against the latest WordPress standards. If something is off or looks suspicious, this plugin can let you know.

    It’s a great tool to have around and is especially useful to test out themes before you decide to go all out and use them on your site.

    Interested in Theme Check?

  • Plugin Check

    Plugin Check

    Similar to the previous option, Plugin Check validates the code used for plugins on your site.

    You don’t even need to install the plugin to verify that its code is sound. This is particularly a great feature since even installing a plugin with vulnerabilities or malicious code can cause your site to be compromised.

    It may not be able to detect all malicious code, but it’s a great step toward searching for any offending code in the plugins you would like to use.

    Interested in Plugin Check?

Got Hacked? It’s Not the End of the World

Now you’re armed with the information, tools and plugins you need to kick those hackers to the curb and clean up your site.

Cleaning up your site after it’s been hacked is one thing, but you also need to work on keeping your site secure to prevent future attacks.

To learn more about security measures you can take to help protect your WordPress site, check out some of our other posts: WordPress Security: Tried and True Tips to Secure WordPress, 12 Ways to Secure Your WordPress Site You’ve Probably Overlooked and A History of WordPress Security Exploits and What They Mean for Your Site.

Do you know of any other great security testing and cleaning tools or plugins that I haven’t mentioned? Do you have any other security tips for cleaning up a hacked site? Share your hacking horror stories in the comments below.

21 Responses

    Steven

    A similar hack happened to us on our VPS a couple of years ago. We had Wordfence Premium but it didn’t prevent the attack. We have used Sucuri (not the plugin) ever since, and the small amount you pay for their Firewall and monitoring services provides us peace of mind. Support is great and your sites are cached too! For backup we configured in WHM to copy the entire sites plus databases to Amazon 3 times a week. Backup storage is pretty cheap these days.

    Our solution above also eliminates extra resource draining plugins i.e. backup, cache and protection. Not saying its perfect, but having been through the nightmare once…… enough said!

      Jenni McKinnon

      Hey Steven,

      Thanks so much for sharing your experience with those plugins and thanks for sharing the suggestion as well. Those are great points to consider for sure.

      In my case, the hack happened outside of my site that had Wordfence installed, so the plugin could only alert me to it instead of also protecting me. That’s the sad part. If I had taken the proper security measures on the site that got hacked and also if I had at least installed a security plugin like Wordfence or Sucuri, I likely wouldn’t have gotten hacked at all.

      It was my own negligence that allowed the hack to happen so I wouldn’t say it’s Wordfence’s fault for not protecting me, but in your case, it’s a different story. Luckily for me, Wordfence includes tools to clean up your site after it’s been hacked so that’s a plus.

      Either way, I’ll definitely look into Sucuri a lot more now and consider it for my sites. Thanks for all that great info. :)

      Cheers,

      Jenni

    mickie_n7

    I had to clean up such an attack just last week. I’ve narrowed the cause down to either the Visual Composer vulnerability that was exposed, or a weak password. Either way, the only real solution was to wipe the directory completely and restore from the last known good backup. There was garbage files everywhere that would’ve taken hours to clean-up otherwise.
    Some great tips here. Backup and prevention are super-important.

    Valentin

    I’ve read this article yesterday. I’ve had my blogs hacked couple of times, just because I left them unattended for long time. But you know – you never think about it, until the damage is done.
    Few days ago I saw a strange error_log file in one of my cPanel accounts. Why strange, you would ask? Well, because it was in a folder with the images of a simple html site. And because the file was 1.3GB in size :D
    Without much of a thinking I’ve deleted my blogs and put a static index page on one of them, just to let people know. I have all of them backed up and I will restore them soon, changing users, passwords, salts, etc.
    I have bought the iThemes Security plugin back in February, but I was not smart enough to put it on my own sites :D This won’t be the case anymore :)
    Great post, thanks much for it!

      Jenni McKinnon

      Hey Azeem,

      Uh oh! Hope you’re able to resolve it soon. If you haven’t already, contact your hosting provider as they may have detected malware, viruses or similar issues with your site then blocked it to protect others on the server.

      If you can, checking your error log may also offer valuable info on what happened.

      Good luck!

      Jenni

    Valentin

    Hello Jenni,
    Thank you for including us in your article. Great work!

    Also, Steven, we appreciate your kinds words. We would like you to contact us and share more about your experience. Can you email us at [email protected] to explore this? Thank you!

    Allen

    Thanks for the helpful information. My little group of sites got hacked recently with various symptoms
    (1) the “pharma” bug you’d mentioned
    (2) email addresses in the user table were altered by appending a character or 2 on them
    (3) There was added .php files with weird names that could be used to transfer files sprinkled through the file system.
    (4) at the end of index.php, footer.php, etc.. they added a statement to create an “assert” and followed that with a huge string that contained a “onfr64”. I’d seen a reference to this string on another site
    referring to an attack.
    (5) One site is so bad that I can’t even log into it – it just sits there and looks at me afterward.

    Funny thing: Except for the obnoxious messages about beautiful Russian girls, the sites are actually still “functional”.

    At this point, I’ve learned my lesson about keeping up to date, strong password.. etc. but my best solution going forward is not to try and fix, but to recreate the sites fresh (they’re pretty simple apartment sites) – then, I’ll start behaving like an actual admin.

    Thanks again!

      Jenni McKinnon

      Hey Allen,

      Oh no! I’m so sorry to hear that. Getting hacked certainly isn’t a pleasant experience. I’m glad you were able to sort it out and I definitely know what you mean about starting fresh. Sometimes it’s just way easier to just start your site from scratch.

      I’m glad you enjoyed this post and that it served as a reminder to you. I think we could all use a reminder to improve our site security strategies every now and again. I know I could hahaha!

      Cheers,

      Jenni

    Vsajewel

    Hi Jenni,

    I really like your post and all the detailed information…I can’t even imagine how long it took you to write this! I’m a relatively new blogger and use a free WordPress.com account…so I’m guessing that outside of 2 Step verification that most of this doesn’t apply…is my assumption correct. I’ve been researching a topic I’m thinking about writing a post on involving hacking and security which is how I ran across yours.

    Roughly 5-6 years ago my family’s home computer network was hacked. We had a farily complex network for a home environment that my teens sort of commandeered and tweaked for their own uses…mainly using peer-to-peer sites. The hackers infiltrated virtually every device on our network and my best guess based on what we discovered towards the end, was that our computers were enslaved as part of a botnet that was serving malicious Spam to thousands of other victims. This best guess took us over a year and a half to arrive at. We worked with several good consultants along the way. But we needed someone inhouse to coordinate and manage the process and that someone ended up being me. There was a huge learning curve for me…my entire family really. The whole experience was a nightmare…one I’d not wish to see anyone else ever have to endure.

    In the end, at about the 2 year mark, we were finally to able get rid of the hackers completely. Previous attempts were piecemeal and ultimately ineffective. A year or two later I got drawn into the blogging world but it was a slow process. One of my main goals was to write about what we’d experienced and hopefully prevent others’ from similar scenarios. There’s a huge learning curve for online writing too…(you probably know that already…but it was news to me!) I did end up publishing a long 2 part post (via Squidoo…a helpful blogging community for newbies). But ultimately I unpublished them a few years later when Squidoo folded and turned their users over to HubPages. It was really poorly written by my standards today and needed a lot of work just to meet Hubpages standards.

    I just never seem to run across or read anything about this or even find similar stories when I occasionally search for them. I’m contemplating rewriting both parts…but trying to decide if there would be any value for readers today. After Heartbleed I feel like that opened my eyes up to how much the Internet has changed from just a few years ago. I don’t really know if teens still use p2p and torrenting technologies much. I assume that everyone who has a home network knows the proper steps to keep it secure today. I just don’t know if there’s a need for the information frankly, and since you did welcome a broad range of comments I decided to create an account just to ask you (and perhaps your followers?) advice on this.

    As you may have noticed, I haven’t really mastered saying things briefly…and doubt I ever will…that’s just not me. So this would be a fairly involved endeavor. But I do feel I have a unique perspective that could potentially be valuable or helpful for others…I’m just not sure. What do you think?

    Thanks again for taking the time to write this great article and for reading my long comment too :-)

      Jenni McKinnon

      Hey,

      I’m so sorry to hear that you had to go through that. That’s just so awful!

      In my experience, there are more than likely going to be a new batch of people every year that don’t know about a given topic. I hear about people being new to WordPress, web development and internet security all the time.

      Think of it this way, every year, a new batch of high school graduates are introduced more fully into a career path and many of them choose a career in web development, WordPress and internet security. Every year, you have thousands of potential readers. That’s not even mentioning people who want to switch career paths, people who want to get more familiar with new technology and people from all around the world looking for a career on the internet. There’s tons of people out there who could benefit from learning about what you went through.

      Especially so because it’s a lot easier to learn with an example sitting in front of you rather than having to sift through pure theory (which most people are going to find dry and boring).

      Also, I saw this post published about someone’s experience getting hacked: http://www.bbc.com/news/technology-35629890

      Perhaps coincidentally (or not, hahaha) this post was published only a day after you posted this comment. So really, if I can’t convince you to share your experience, this article on the BBC should prove that this kind of info is as relevant now as it was 5-6 years ago when you went through your unfortunate experience.

      At the end of the day, it all depends on whether you’re willing to commit the time to sharing what you have experienced.

      All the best of luck to you (and hopefully, to your soon-to-be new blog as well)!

      Cheers,

      Jenni

Comments are closed.