I Got Hacked – Here Is What I’ve Learned (Plus Sucuri First Impression)

Facebooktwitterrss

My blog got hacked last week.

I should’ve known something was up when after clicking on a blog comment notification in my email I landed on a page that declared me a Google winner.

Instead of realizing that I got hacked, I blinked a few times, closed the page (I was on my phone), came back to my email and clicked again. This time around, I got where I was going to — the dashboard.

I fired up my computer and went directly to my blog. All good. I went to my email and clicked on the same comment link, then other links. No surprises there. I scratched my head thinking I must’ve “misclicked” on some rogue link that got me to the scam page, and decided to stop thinking more because that had already been a bit too much brain activity. I just logged out and mentally closed the case.

Next morning I was checking my email. I always do that before fully waking. I find it helps me focus and start my day on the right note. 🙂

And focus it did. See, this is a report I normally get in my email from my hosting company’s daily scans.

But that morning something was off.

And when I clicked through, the message got abundantly clear.

I got hacked: warning

How I learned that I got hacked

I don’t know about you, but …

Malware is not my thing. So not my thing that I’ve never felt compelled to learn anything about it beyond installing some software just in case. I’ve run my blog for 8 years, and even found sad refuge in the fact that it’s so tiny that no one would want to mess with it.

Because why?

So I splashed some cold water on my face and began the hard task of educating myself on the subject matter. How bad is it when your site gets hacked?

Holy s*it, it was bad!

I found that not only can you lose your own reputation, but you can also get shut down by your hosting provider and, oh the humanity, blacklisted by Google itself!

Turns out not only did I need to fix it, but fix it quick.

But I only saw the hack once – why?

To be honest, the more I educated myself – the more I was floored by the inventiveness and sophistication of the scammers. I’ve learned they may not even show you, the administrator, what they’ve been doing to your site. The only reason I saw it for the first time was probably because I logged on to my account from my phone. I don’t often do that so the scammers may not have known I was the admin. During my subsequent visits they probably knew who I was already.

Repair costs

SiteGround, my hosting provider, is using Sucuri for their scans and it recommended its services for cleaning and safeguarding my blog. I went to Sucuri and quickly found out that their cheapest plan was $199 per year.

Now, $199 is not an incredible sum of money, but, well, it kind of is for a blog that doesn’t bring in a single penny. Which is why a lot of thoughts were racing around my head.

I had almost quit blogging a few months ago—

Because it wasn’t going anywhere anyway

And now that I was already paying for hosting and the domain and even some other stuff I didn’t even understand …

I had to pay $200 more

All that just for the privilege of running my mouth on a computer screen when I felt like it?

WTF?

Naturally, being a cheap bastard, I did try to find another way

Jumping ahead, I didn’t find it. But between trying and failing I made a few discoveries.

If you consider starting your own blog, you might want to learn some “technicalities.” You can fix that menace yourself, at least in some milder cases.

Sucuri, it seems, is quite honest about the fact that you can get rid of malware yourself. And it even tells you how.

1.1 – Scan Your Site

OK, that I can do. Well, I mean having others do it including Sucuri.

1.2 – Check Core File Integrity

Uhm … huh?

1.3 – Check Recently Modified Files

Mama!

1.4 – Check Diagnostic Pages

Oy!

But that was nothing compared to what you (I) would have to do next. After identifying the threats, you’re supposed to remove them. Manually!

2.1 – Clean Hacked Website Files (8 steps)

2.2 – Clean Hacked Database Tables (7 steps)

2.3 – Secure User Accounts

2.4 – Remove Hidden Backdoors

2.5 – Remove Malware Warnings

OK, that was enough for me, and I didn’t even bother getting to Step 3 – Securing Your Website from Hackers.

I checked some other Malware protection services

Some of them were a little cheaper, but they also seemed kind of shadier. So with a heavy heart, I went ahead and paid $199 just to be done with it. Hey, at least I’ll get $10 back from PayPal (Discover 3rd quarter PayPal bonus).

My site was cleaned within minutes even though I’d read a few reviews that Sucuri could be slow. I had some questions initially, but they were quickly and courteously resolved via chat. No complaints so far.

You can’t get your money back after you submit the removal request 

Sucuri offers a 30-day money-back guarantee, but not if you have used their malware removal service even once, and you won’t know anything about this condition unless you scroll all the way down, click on the tiny terms of use link in the left corner and stumble on the Termination clause on the next page. While I thought that the clause itself was fair to prevent folks from signing up just to remove the malware and cancel the service, the delivery was quite sneaky. We all know how people enjoy reading the small print. That’s a gotcha thing, no doubt.

Other than that, the only thing I wish is that they offered a more affordable plan for small bloggers like me, but oh well.

Should you pay for malware protection and (potential) removal services?

If your website is not a moneymaker, I’m not convinced. Like I said, I’ve run my blog for 8 years, and never had a problem like this before. But it’s important to react quickly, and there are free plug-ins including Sucuri if your hosting provider doesn’t offer a malware scanning service.

If your site does get hacked, you can quickly sign up for a security service and get it cleaned. Better yet, try to learn a few tricks so you can do it yourself. Now, for a commercial website, the math is completely different, and one would be foolish not to protect themselves the best they can.

A couple of questions for my readers:

  • Did anyone notice anything weird on my blog last week?
  • Anyone else have gotten hacked? How do you deal with it?

Facebooktwitterredditpinterestlinkedintumblrmail

0 0 vote
Article Rating
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

4 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
abey

hey love your blog and sorry to hear what happend !! shelling out $200 definitely feels crappy… maybe put some google adds to gain revenue ?

HoKo

Sorry to hear about all this Andy. I use an RSS reader to subscribe and I don’t recall seeing anything weird pop up from your blog over the past week.

Also wanted to provide some words of encouragement regarding the blog – I know you don’t have the largest readership base and don’t post that often but I always really enjoy your content!

Copyright © 2020 lazytravelers.net. 2013-2020 All Rights Reserved. 

Follow

Get every new post delivered to your Inbox

Join other followers

4
0
Would love your thoughts, please comment.x
()
x