Your website has been hacked.

So I was checking my affiliate networks the past few days and noticed that I was only making a couple dollars a day and I found this quite odd.  I couldn’t figure out why my commissions were all so low, so I decide to check Google Analytics to see how much traffic one of my websites was getting.  Sure enough, I check it and I am only getting 2 visitors a day instead of 100+ organic search traffic.  At first I think I might have for some reason gotten nuked by Google and Yahoo, but I have instead actually improved in search rankings by a huge margin.  Then I decide to click on my website, and there it is, the moment every webmaster fears.

My website was hacked by somebody that redirected all search engine traffic to a site that downloads a virus and then tries to sell you software to remove that virus, when repairing computers I have run across this Smithren strand of viruses before.  I can’t figure out why I can directly access my site, but any time I type the name of my site directly in to my browser I have no issues.  Then I start troubleshooting to see how to fix the problem, I’ll go through the steps I did for troubleshooting now.

  1. Login to your control panel and view when your files were last modified, if any .html files were modified check to see if they added a meta redirect.  Ex: “meta refresh=meta http-equiv=’refresh’ content=’0; url=http://www.example.com/”
  2. Check the last time that somebody logged into your control panel (previous to your current login), see if you remember logging in then.
  3. Check the last time somebody uploaded something via FTP (Ah Ha!), this was where I noticed the issue.
  4. Check if your domain is pointing to your name server, and see if any 301 redirects have been added.
  5. Check to see if there is anything weird in your .htaccess file, this was my issue.  Somebody used my FTP server to overwrite my .htaccess file with their own which simply said “if it is any of these search engines: “listed the search engines”, redirect to their website”, I won’t show the actual code because I don’t want to spread the knowledge around.  Once you see that your .htaccess is redirecting elsewhere, simply empty it out.

Now you have fixed your problem temporarily, but what else can you do?

  • Check to see if your .htaccess file is public by typing http://www.example.com/.htaccess, it should return a “403 access denied” error.  If it doesn’t, that is a big issue, change it to a hidden passworded file in your control panel.
  • Change the passwords for your FTP accounts
  • Change the password to your control panel
  • Contact your web host to find a way to better secure your websites in the future (and most likely their own servers as well, they will want you to report these things)

Then all you have to do is go around ranting and raving about how much money you lost and how much time it took to fix the problem, and then continue on with your day.

Website security is a big issue, the best place to learn more about it is a web hosting forum.  If your website gets hacked it is very possible that people will report it to spam watch sites and the search engines and you could easily lose all the time you spent on search engine optimization.

Comments

  1. Sarah Cook says:

    Man, that really stinks that your website was hacked! And that you lost money!! How frustrating!! Thanks for the reminder that we all need to be on our toes and aware of all of the details of what’s happening with our sites!

  2. Augie says:

    When I was back in college, this guy pretended that his site got hacked, just for publicity. He had this site which basically discussed how bad the school was. It was amazing how much people talked about the fact that the site got hacked.

    Your situation appeared to be real, but it’s an interesting concept if you want to create buzz.

    That’s horrible that you lost the money. When I started reading your article, I thought you were going to say they changed your affiliate ID. But they were total script kiddies and were trying to install viruses.

    L0zers. ;-)

  3. James says:

    Well I am all for creating link bait and buzz for my blog but if I wanted to fake it I would’ve said that this blog had been hacked rather than a website I am not linking to ;)

Speak Your Mind

*