So I was minding my own business at home (Okay, I’m not gonna lie. I was arguing with someone on the internet.) when I checked my mail on my phone and noticed I’d received a few mails to my gaijingunpla address. People were having problems getting on my site. (Thanks to everyone who contacted me. I really appreciate it) Using my iPhone I tried to access my site and was redirected to a site about home tutoring. I’m not the sharpest knife in the drawer but I’m pretty sure I didn’t need home tutoring. Oh my! I’ve been hacked!
The redirect was actually to an app extension on that site so my phone tried to open it with my japanese dictionary app, while my iPad asked if I wanted to open with Google Drive. How bizarre. When I tried to access from a PC I got this.
I immediately contacted my web guy (I’d say webmaster but that would just inflate his ego even more) and while I had him on the phone he tried to access from his end and he confirmed what I suspected. Hacked. My web guy is very good and he quickly dove into the matrix and proceeded to do battle with the evil forces determined to bring down a small-time site about plastic model robots whose market audience is mostly male adults who refuse to grow up. He worked furiously.
Knowing time was of the essence he first downloaded a backup of Gaijin-Gunpla’s entire wordpress and then went for the FTP to make sure we could save the images. My site without images would be lost. I had already contacted my host to inform them of the hack and had them reset all passwords, the new passwords I immediately gave to my web guy and he started the long task of downloading everything.
While I waited for some news, good or bad, I looked again at the current state of my site using Google’s Safe Browsing diagnostic.
The malware was coming from two different sites but fortunately nothing had been passed on to any people viewing Gaijin-Gunpla.com That was good to hear. Very anxious I went to bed and actually fell asleep quite quickly.
The next morning when ‘my web guy’ was updating me he informed me that my site was very sick, that there was a lot of bad lines of script hidden throughout the code. The best option, he stated, was to basically delete everything and start again by reinstalling WordPress. The ‘delete everything’ caused me more than a little concern. What if data was lost? What if even reinstalling didn’t solve the problem? What if over three years of my life suddenly disappeared down the drain? I resolved not to think about it and asked him to continue doing whatever he thought necessary. He pulled up his sleeves and went straight to it. As you can see, he was successful and Gaijin-Gunpla is back up and still going strong. Once we were back up I set to the task of changing the passwords for everything which is a pain in the ass when you have to do it on your computer, iPhone, and Ipad and then started running virus scans on my PC at home and Mac at work. Did a key-logger somehow get onto one of my devices and pick up my password? Was there a security gap in WordPress that somehow was exploited? We don’t know how it happened but I’m going to try my best to make sure it doesn’t happen again. If I lost my site, would building Gunpla bring me the same joy or would the sense of loss be enough that I gave up the hobby altogether. Fortunately for me, I don’t have to find out!
Now back to that Plamo talk.