A few weeks ago, I started my working day to discover that two of my sites had been blacklisted by Google, and all of them were redirecting to some ’orrible malware site. Some charming person (it could be anyone from a spotty fifteen-year-old script-kiddy to a big organised operation in Eastern Europe or the Philippines) had seen fit to hack into my server in the US and insert malicious code into my html files.
Congratulations boys. The entire audience of some totally obscure, tiny fan sites could be yours!
Why bother? Yes, I must admit the thought went through my head a few times as I laboriously re-uploaded all the files in all my ten websites, changed all my passwords several times, and went through the painful process of uploading two installations of Bulletin Board software. As did a little imaginary bullet through the head of an imaginary hacker.
It’s incredible isn’t it? No matter how much effort you go into building a snowman, some twerp comes along and kicks it down.
Anyway, I missed a couple of files the first time around and had to go through the whole process again a few days ago, at which point my brain began to leak out my ears and the top of my head explode. Thankfully, my host in the States, Dreamhost, were helpful as always, and this time—fingers crossed—all the sneaky code snippets have been removed. Of course both times I had to go yet through another process to get Google to reassess the sites and take down their warning signs.
So, if I you host any websites, allow me to give you a bit of advice. Number one, use SFTP instead of FTP when uploading files to your server. The latter sends unencrypted code (with helpful pointers like ‘username’ and ‘password’ included) across the netwaves, and can be intercepted, as I so annoyingly found out. The former sends it encrypted. It should be as simple as selecting an option from a drop-down in your FTP client.
Number two, update all your software installations—WordPress, phpBB, whatever. Make sure you have the latest versions, which should have the best security. Get rid of outdated plugins and update the ones you do use.
Number three, change all your passwords and make them harder. Mine had got far too simple over the years, and I was repeating myself. You may have to use some kind of ‘one password’ solution, and you may never actually remember any of them again, but don’t use single, actual words, and throw in some numerals and possibly symbols.
While you’re doing all this, backup all your files so you have clean versions in case anything goes wrong. Hopefully, you will now avoid having to go through the tedious time-wasting rigmarole I’ve been subjected to.
Unbelievable isn’t it? Modern life is making code-monkeys of us all.