I am sorry for any kind of inconvenience you might have faced in past 3 days. My blog got hacked on 27th feb and I was not able to do any updates on my blog. Now everything is alright and you can feel free to browse through my blog.
Today I have very shocking story to share with you all. It was 27th Feb 2011 and time was 11:04 AM. I entered my blog’s URL in my browser’s address bar and when I pressed the enter key, I was amazed to see strange message instead of my blogs homepage. I tried to open the blog in different browsers but they all were displaying the same message. The message was something like this “You have been migrated to stronger Java framework. Click run to install Java framework.”
Firstly I thought HostGator is doing some kind of upgradation to its servers but when I used my FTP the earth moved under my feet as all the data was deleted from my account. Someone hacked my blog 🙁
Then I immediately used live chat support of HostGator and they confirmed me that my blog got hacked. I asked them to recover my blog immediately but they assigned me a ticket and asked me to be patient untill I receive the email from Security administrators. I waited for 11.30 hrs to receive the first reply from a security admin and I got one more shocking news from him. This was the reply of security admin:
Unfortunately, our backups have already run today, and they over-wrote the backups we had for your account. I’m afraid that you will have to upload the content from your backups. I’m sorry, but we just don’t have any backups of your account at this time.
Now I was wondering how would I recover my uploads as I had only database backup with me. The security admins removed all the malware from my server at around 1.30 AM and asked me to do a fresh installation of WordPress. After successful installation of WordPress, I restored my database backup and fortunately I also got the uploads till 2009.
At this moment I have restored all my posts and comments and uploads till 2009. I have lost the uploads for entire 2010 year. Now I have to upload images for all the posts for 2010 manually. It is really a hectic task which can take 7-10 days.
Why my blog got hacked ?
I’m still not able to find out why my blog got hacked. My hosting provider told me that someone managed to guess my password and got access into my account.
I again feel sorry for the inconvenience caused. I’ll start updating my blog as usual once I recover the loss caused by the hack.
If you are a security person, please share your tips to secure a WordPress blog so that my readers can benefit from it. I’ll also be sharing some security tips in the future.