My website was hacked!

Try ‘googling’ the above phrase and you’ll be amazed at the result.  No wonder, it happened to me too.  No, not this site.  You see, as part of my media communication job, I have clients for whom I have done websites.  While I outsource the actual programming, my brief is to ensure that the site ‘communicates’.

Two months ago, one of the sites belonging to a big client was hacked.  If you’ve never been hacked (actually you will be someday ), pray that you don’t.  Ha!  Easier said than done.  The feeling is creepy.  You feel an interior cold that has nothing to do with the ambient temperature.  In my case, the fellow sought to remind me of “Matrix” and he succeeded.  The screen boldly screamed “HACKED!” and words were falling down the screen in a ‘Matrix’-like form.  Boy, was I scared!  I was rooted to my seat and all I can remember muttering was: “What is this?”, “Impossible”, “This can’t be happening”… and so on.

My client did not find it funny.

True, I had long handed over the job, for more than a year now, but in many senses, the site was still my responsibility.

That site is on shared hosting.  I will spare the hosting company name for now.   I logged into ftp and saw that the fellow(s) had replaced the main index file with one of their own.  I deleted theirs and my site was back - momentarily.  Little did I know I was ‘fighting’ with someone.  In no time, they had replaced it again with theirs, and before I knew what was happening, he deleted ALL the files on my server!  Funny?

I quickly logged into Cpanel, checked the log and saw his “footprints”.  Of course he left other footprints in ftp and through one of the logs, I traced the bastards to a hacking site called hackteach dot org.  Though the site is in Arabic, I saw enough to recognize my client’s url there with the devils celebrating over another ‘victory’.  Poor me, lucky them!

Don’t ask me what was in it for them.  Fun?  Victory?  Display of prowess?  Right now I don’t much care.

Through the log, I managed to see the IP address of the hacker and traced him to his domain registrar and host.  Each domain registrar and host has an “abuse” email for reporting and so I did, with the following email:

Dear Sir / Madam,

I will like to bring to your notice the activities of a website hacker using
your domain.  His name is Ahmed Rageh and he is using the following domain
http://www.egyspider.eu which is registered and hosted with you.  Please see below the result of the traceroute:

IP address: 213.186.33.87
Host name: egyspider.eu
213.186.33.87 is from France(FR) in region Western Europe

*TraceRoute to 213.186.33.87 [egyspider.eu]*
*Hop**(ms)**(ms)**(ms)*
*IP Address**Host name*120711
72.249.0.65 -271127
64.129.174.18164-129-174-181.

My server host denied all culpability.  They said their server was secure and that it was my php files.  I managed to get the site back online.  But three weeks later, another hacker struck!  My site had become hell’s playground!

This time the hacker left his hotmail email address on the defaced site.  I decided now that this was no time for heroics so I went on my knees (don’t laugh).  I wrote him in a way that admitted I was at his mercy.  This particular hacker surprised me with a reply, the subject of which was “Sorry for hacked”.  Here it is:

“sorry

i can’t help you as i don’t now how to protect the website
the bluehost is good company
but you are not Protect your site well
you can protect your site by your self
i think that you can do it
Goodbye”

Ouch, he mentioned the name of my host.  Never mind.

Was he sorry?  He seemed so.  All I know is that he did not do it again.  But I was not to leave it at that.

I have moved the site away from Shared hosting to a VPS (Virtual Private Server) and some good fellows belonging to an “Ethical Hackers Club” are helping me put things right.  First they scoured the grounds, found all sorts of debris, cleaned up, and now are helping to lock my php doors.  They’re good guys.  Should you need them, you’ll find them here:  http://yehg.org/

Lesson?  Not if, but when…