Category Archives: Misc

I Got Hacked – Here Is What I’ve Learned (Plus Sucuri First Impression)

Facebooktwitterrss

My blog got hacked last week.

I should’ve known something was up when after clicking on a blog comment notification in my email I landed on a page that declared me a Google winner.

Instead of realizing that I got hacked, I blinked a few times, closed the page (I was on my phone), came back to my email and clicked again. This time around, I got where I was going to — the dashboard.

I fired up my computer and went directly to my blog. All good. I went to my email and clicked on the same comment link, then other links. No surprises there. I scratched my head thinking I must’ve “misclicked” on some rogue link that got me to the scam page, and decided to stop thinking more because that had already been a bit too much brain activity. I just logged out and mentally closed the case.

Next morning I was checking my email. I always do that before fully waking. I find it helps me focus and start my day on the right note. 🙂

And focus it did. See, this is a report I normally get in my email from my hosting company’s daily scans.

But that morning something was off.

And when I clicked through, the message got abundantly clear.

I got hacked: warning

How I learned that I got hacked

I don’t know about you, but …

Malware is not my thing. So not my thing that I’ve never felt compelled to learn anything about it beyond installing some software just in case. I’ve run my blog for 8 years, and even found sad refuge in the fact that it’s so tiny that no one would want to mess with it.

Because why?

So I splashed some cold water on my face and began the hard task of educating myself on the subject matter. How bad is it when your site gets hacked?

Holy s*it, it was bad!

I found that not only can you lose your own reputation, but you can also get shut down by your hosting provider and, oh the humanity, blacklisted by Google itself!

Turns out not only did I need to fix it, but fix it quick.

But I only saw the hack once – why?

To be honest, the more I educated myself – the more I was floored by the inventiveness and sophistication of the scammers. I’ve learned they may not even show you, the administrator, what they’ve been doing to your site. The only reason I saw it for the first time was probably because I logged on to my account from my phone. I don’t often do that so the scammers may not have known I was the admin. During my subsequent visits they probably knew who I was already.

Repair costs

SiteGround, my hosting provider, is using Sucuri for their scans and it recommended its services for cleaning and safeguarding my blog. I went to Sucuri and quickly found out that their cheapest plan was $199 per year.

Now, $199 is not an incredible sum of money, but, well, it kind of is for a blog that doesn’t bring in a single penny. Which is why a lot of thoughts were racing around my head.

I had almost quit blogging a few months ago—

Because it wasn’t going anywhere anyway

And now that I was already paying for hosting and the domain and even some other stuff I didn’t even understand …

I had to pay $200 more

All that just for the privilege of running my mouth on a computer screen when I felt like it?

WTF?

Naturally, being a cheap bastard, I did try to find another way

Jumping ahead, I didn’t find it. But between trying and failing I made a few discoveries.

If you consider starting your own blog, you might want to learn some “technicalities.” You can fix that menace yourself, at least in some milder cases.

Sucuri, it seems, is quite honest about the fact that you can get rid of malware yourself. And it even tells you how.

1.1 – Scan Your Site

OK, that I can do. Well, I mean having others do it including Sucuri.

1.2 – Check Core File Integrity

Uhm … huh?

1.3 – Check Recently Modified Files

Mama!

1.4 – Check Diagnostic Pages

Oy!

But that was nothing compared to what you (I) would have to do next. After identifying the threats, you’re supposed to remove them. Manually!

2.1 – Clean Hacked Website Files (8 steps)

2.2 – Clean Hacked Database Tables (7 steps)

2.3 – Secure User Accounts

2.4 – Remove Hidden Backdoors

2.5 – Remove Malware Warnings

OK, that was enough for me, and I didn’t even bother getting to Step 3 – Securing Your Website from Hackers.

I checked some other Malware protection services

Some of them were a little cheaper, but they also seemed kind of shadier. So with a heavy heart, I went ahead and paid $199 just to be done with it. Hey, at least I’ll get $10 back from PayPal (Discover 3rd quarter PayPal bonus).

My site was cleaned within minutes even though I’d read a few reviews that Sucuri could be slow. I had some questions initially, but they were quickly and courteously resolved via chat. No complaints so far.

You can’t get your money back after you submit the removal request 

Sucuri offers a 30-day money-back guarantee, but not if you have used their malware removal service even once, and you won’t know anything about this condition unless you scroll all the way down, click on the tiny terms of use link in the left corner and stumble on the Termination clause on the next page. While I thought that the clause itself was fair to prevent folks from signing up just to remove the malware and cancel the service, the delivery was quite sneaky. We all know how people enjoy reading the small print. That’s a gotcha thing, no doubt.

Other than that, the only thing I wish is that they offered a more affordable plan for small bloggers like me, but oh well.

Should you pay for malware protection and (potential) removal services?

If your website is not a moneymaker, I’m not convinced. Like I said, I’ve run my blog for 8 years, and never had a problem like this before. But it’s important to react quickly, and there are free plug-ins including Sucuri if your hosting provider doesn’t offer a malware scanning service.

If your site does get hacked, you can quickly sign up for a security service and get it cleaned. Better yet, try to learn a few tricks so you can do it yourself. Now, for a commercial website, the math is completely different, and one would be foolish not to protect themselves the best they can.

A couple of questions for my readers:

  • Did anyone notice anything weird on my blog last week?
  • Anyone else have gotten hacked? How do you deal with it?

Facebooktwitterredditpinterestlinkedintumblrmail

Bermuda Travel Will Resume on July 1, 2020: Here Is What You Want to Know

  Bermuda travel is supposed to resume on July 1. It’s not the only tropical paradise you can go to; Antigua and Barbuda is open right now, and other Caribbean destinations are supposed to open in July too. But Bermuda is incredibly beautiful, and, while it’s not an all-season destination, it’s going to be tropicalContinue Reading

Masks on a Plane: It’s Up to Airlines to #MASA — Make AirTravel Safe Again

UPDATE: Based on some responses I’ve received from researchers, I can’t consider this diagram accurate for the time being. I keep talking to people, so this might or might not change. Just to clarify: this revision doesn’t mean that my opinion about using masks for preventing the coronavirus spread has changed, but I won’t resortContinue Reading

There Is One Tropical Paradise Americans Can Visit Right Now

  Antigua reopening has been in the news for the last week. If you are a tired and vacation-hungry American, this is one country you can visit right away. Actually, there are 2, but Mexico doesn’t really look like a safe place to be in right now (later about that). Antigua and Barbuda has recordedContinue Reading

How Convenient, Mr. Zuckerberg!

  Facebook CEO Mark Zuckerberg has lashed out against Twitter’s decision to add fact-checking labels to its platform (bolding below is mine). I just believe strongly that Facebook shouldn’t be the arbiter of truth of everything that people say online. Private companies probably shouldn’t be, especially these platform companies, shouldn’t be in the position ofContinue Reading

First Lie-Flat Seats Were Installed by … Think You Know the Answer?

  If you, like most plane geeks, believe that the era of lie-flat airline seats was ushered in by British Airways in the late 1990s, I don’t blame you. British Airways indeed started the whirlwind rush to transition the front cabin from cradle seats to flat beds. Still, technically speaking, British Airways was not theContinue Reading

What’s Wrong With the Reopening of America in the Midst of COVID-19? Denver 1918, That’s What!

People are hurting. Businesses are hurting. The economy in general is hurting. COVID-19 has locked us inside our homes and apartments and out of the workplaces, beaches, bars, and shopping malls. We are scared, bored, helpless, and miserable, and our patience is wearing thin. Wouldn’t it be nice if someone – anyone – could giveContinue Reading

Buying Christmas Gifts? Hey, You Suck at Buying Gifts, And Everyone Hates You

  Every now and then I receive guest post requests from other blogs or websites. I almost never take them up on their offers. Not because I don’t like when someone’s doing my job for me (hey, what’s the name of my blog, again?). But the problem with guest posts is that most of themContinue Reading

World Cup Is Over for Tim Howard and the Team USA, But…

World Cup 2014: Petition started to rename Washington-area airport after Tim Howard http://t.co/LlCWTQIhmL via @njdotcom — starflyergold (@starflyergold) July 2, 2014 Rename the nation’s main airport after the goalkeeper of a soccer team? The soccer team that lost? That guy had got to do something really amazing, like breaking the World Cup record with 16Continue Reading

Sadly, My Optimism About Thailand Being Safe Might Have Been Premature

In my recent post: Coup d’etaut in #Thailand: Should You Cancel Your Trip? I said no you should not. Unfortunately, the unfolding of events on the ground two days after the #thaicoup as well as an exchange with a person who travels to Thailand quite often, has made me think that maybe I spoke too soon. First,Continue Reading

Copyright © 2020 lazytravelers.net. 2013-2020 All Rights Reserved. 

Follow

Get every new post delivered to your Inbox

Join other followers