{"id":5923,"date":"2014-07-07T12:43:25","date_gmt":"2014-07-07T16:43:25","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=5923"},"modified":"2014-07-07T12:43:25","modified_gmt":"2014-07-07T16:43:25","slug":"one-of-my-sites-got-hacked-and-its-my-own-fault","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2014\/07\/07\/one-of-my-sites-got-hacked-and-its-my-own-fault\/","title":{"rendered":"One of my sites got hacked, and it&#8217;s my own fault"},"content":{"rendered":"<p>It started with a text message from my wife: &#8220;ZATZ site hijacked by nasty porn.&#8221; This is not exactly the message you want to get at 6pm on July 3rd. I had been planning on beginning my holiday weekend with a prolonged sittin&#8217;-on-the-couch-watchin&#8217;-TV night, but that was not to be.<\/p>\n<p>Instead I&#8217;d be doing porn removal, which took until about 2am.<\/p>\n<p style=\"text-align:center;\"><a href=\"http:\/\/www.zdnet.com\/one-of-my-sites-got-hacked-and-its-my-own-fault-7000031269\/\"><img data-recalc-dims=\"1\" height=\"343\" width=\"200\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/07\/2014-07-03-21-39-45-200x343.jpg?resize=200%2C343\" alt=\"\" \/><\/a><\/p>\n<p>Image courtesy scammers. Image sanitized for your protection.<\/p>\n<p>The thing is, I know better. In fact, sometime in the middle of 2013, I made a decision which led directly to my couchless July 3rd. I pretty much knew it would reach out and bite me, and it did.<\/p>\n<p>Here&#8217;s what happened. In today&#8217;s world, all Web sites are moving targets. It&#8217;s always an arms race between Web site operators and the spammers and scammers out there who want to use them for anything from malware distribution to automated referrals to porn sites.<\/p>\n<p>Because it&#8217;s an arms race, it&#8217;s up to the Web site operators to constantly update their sites, update the server software running on their sites, and update their protection systems. Failure to do all of these leaves the chance that bad guys will find a loophole, and tunnel their way in.<\/p>\n<p>That&#8217;s what they did on my site. What happened is they embedded a redirect message into just the mobile version of the site. As a result, if I visited the site via my desktop browser, everything looked fine. But if you visited the site via a mobile browser (as my wife did on Thursday while at Sam&#8217;s Club, when she was updating our business membership), you&#8217;d find that criminals had gotten into the site&#8217;s code and replaced it with a redirect to the porn site.<\/p>\n<p>This was fully preventable.<\/p>\n<p>And yes, I understand the irony of a cybersecurity expert getting hacked. It&#8217;s like the old story of the barber who never cuts his own hair. While I would never advise anyone to leave a site untouched, there is one difference between Mr. Highfalutin Cyberwarfare Advisor being hacked and a regular Web site operator: I do know how to fix it. That said, mitigation sucks, especially when it gets in the way of a planned night off.<\/p>\n<p>Here&#8217;s how we got to this point. The ZATZ site is no longer actively updated. It was a highly visited site back in the day, but since I&#8217;ve moved on with my career from entrepreneur to advisor, columnist, and educator, the thousands of ZATZ articles are really now just an archive. We don&#8217;t get any advertising income (although some old ads are still running on the site), and I rarely spend any time there.<\/p>\n<p>It is a WordPress site. A few years ago, I moved it from UserLand Frontier to WordPress, specifically because of the high level of support available in the WordPress world. There is one disadvantage of WordPress though: given that a huge number of sites run WordPress, it&#8217;s also a very visible target for hackers.<\/p>\n<p>There are a wide variety of ways to harden a WordPress site, including using a many different security plugins. The ZATZ site was hardened, and it did use the security plugins.<\/p>\n<p>So where did I go wrong, and why was it my fault?<\/p>\n<p>While there are many things you should do to keep a WordPress site from being hacked, there is one golden rule (and it&#8217;s the one I violated): always keep WordPress up to date. This includes updating the WordPress core, any themes you use, and any plugins.<\/p>\n<p>I didn&#8217;t do this. Around August of last year, I made a ruthless prioritization decision: leave the Web sites alone and work on other stuff. I sometimes have to be ruthless about how I prioritize my time, and this was a big one. I knew there was a chance of hacking, but I just didn&#8217;t want to spend a weekend every few months fiddling with the site. I had an overwhelming amount of other things going on, and this just wasn&#8217;t as important.<\/p>\n<p>Full Story: <a href=\"http:\/\/www.zdnet.com\/one-of-my-sites-got-hacked-and-its-my-own-fault-7000031269\/\" target=\"_blank\">One of my sites got hacked, and it&#8217;s my own fault | ZDNet<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It started with a text message from my wife: &#8220;ZATZ site hijacked by nasty porn.&#8221; This is not exactly the [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[6,7,9],"tags":[342,655,1194],"class_list":["post-5923","post","type-post","status-publish","format-standard","hentry","category-networking","category-security","category-software","tag-exploits","tag-malware","tag-web-site"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-1xx","jetpack-related-posts":[{"id":8920,"url":"https:\/\/nccomputertech.com\/techtalk\/2016\/05\/17\/8920\/","url_meta":{"origin":5923,"position":0},"title":"Tech support scammers now utilizing ransomware-like lock screens to threaten people","author":"NCCT","date":"May 17, 2016","format":false,"excerpt":"By Justin Luna | Neowin Some of us may be very well aware of the classic tech support scam stories, where a man randomly calls people, and informs them that they are from \"Windows company\" and that the call recipient's computer has been detected full of viruses. These cold callers\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3106,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/08\/05\/attackers-reported-seeding-cloud-services-with-malware\/","url_meta":{"origin":5923,"position":1},"title":"Attackers reported seeding cloud services with malware","author":"NCCT","date":"August 5, 2013","format":false,"excerpt":"LAS VEGAS -- Malware writers are ramping up their use of commercial file hosting sites and cloud services to distribute malware programs, security researchers said at this week's Black Hat conference here. Traditionally, malware writers had distributed their malicious code from their own sites. But as security vendors get better\u2026","rel":"","context":"In &quot;Networking&quot;","block_context":{"text":"Networking","link":"https:\/\/nccomputertech.com\/techtalk\/category\/networking\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":7380,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/01\/09\/super-cookies-can-track-you-even-in-private-browsing-mode-researcher-says\/","url_meta":{"origin":5923,"position":2},"title":"&#8216;Super cookies&#8217; can track you even in private browsing mode, researcher says","author":"NCCT","date":"January 9, 2015","format":false,"excerpt":"If there's one thing websites love to do it's track their users. Now, it looks like some browsers can even be tracked when they're in private or incognito mode. Sam Greenhalgh of U.K.-based RadicalResearch recently published a blog post with a proof-of-concept called \"HSTS Super Cookies.\" Greenhalgh shows how a\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6733,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/10\/30\/drupal-users-assume-your-site-was-hacked-if-you-didnt-apply-oct-15-patch-immediately\/","url_meta":{"origin":5923,"position":3},"title":"Drupal users: Assume your site was hacked if you didn&#8217;t apply Oct. 15 patch immediately","author":"NCCT","date":"October 30, 2014","format":false,"excerpt":"Users of Drupal, one of the most popular content management systems, should consider their sites compromised if they didn\u2019t immediately apply a security patch released on Oct. 15. The unusually alarming statement was part of a \u201cpublic service announcement\u201d issued by the Drupal project\u2019s security team Wednesday. \u201cAutomated attacks began\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":9804,"url":"https:\/\/nccomputertech.com\/techtalk\/2024\/11\/08\/maximum-iceland-scenario-data-caps-3rd-party-android-stores-nuclear-amazon\/","url_meta":{"origin":5923,"position":4},"title":"Maximum Iceland Scenario &#8211; Data Caps, 3rd Party Android Stores, Nuclear Amazon","author":"NCCT","date":"November 8, 2024","format":false,"excerpt":"https:\/\/youtu.be\/P5MkCwktKz0 Data Caps, 3rd Party Android Stores, Nuclear Amazon \u2022 Google must crack open Android for third-party stores, rules Epic judge \u2022 Google asks 9th Circuit for emergency stay, says Epic ruling \u2018is dangerous\u2019 \u2022 Canceling subscriptions is about to get easier \u2022 The FCC is looking into the impact\u2026","rel":"","context":"In &quot;Software&quot;","block_context":{"text":"Software","link":"https:\/\/nccomputertech.com\/techtalk\/category\/software\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/P5MkCwktKz0\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9446,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/12\/03\/friends-in-bikinis-this-week-in-tech-695\/","url_meta":{"origin":5923,"position":5},"title":"Friends in Bikinis &#8211; This Week in Tech 695","author":"NCCT","date":"December 3, 2018","format":false,"excerpt":"https:\/\/youtu.be\/puMBVNv91ZU - Black Friday was Amazon's biggest sales day ever - Marriott Hack hit half a billion Starwood guests for 4 years - Indian Microsoft scammers busted - Amazon's new machine learning racecar, quantum blockchain, and more from re:Invent - When is Amazon rolling out Prime Health? - UK grabs\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/puMBVNv91ZU\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/5923","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=5923"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/5923\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=5923"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=5923"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=5923"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}