We’ve Been Hacked!
And I thought it would Never Happen to Me!
My hobby is photography. Although I have some experience in electronics and computer programming, that is not my interest. I like to take pictures, I like to collect cameras, and I like to shoot film in my old cameras. It was this hobby that prompted me to create a website. At first it was to be a site to show my photography but it grew to include my little collection of cameras as well.
I didn’t want to get into programming a website from scratch. I doubt I had the skill and I could not afford to hire a programmer. And, in any event, I wanted any spare money to go into my hobby. So I was left with choosing one of the many services that offer “canned” websites. I chose to go with the WordPress “Divi” theme because it is so customizable. With this tool I created “flynngraphics.ca” and “thecanoncollector.com”. These are actually different parts of the same website. One day I will have to separate them.
Technically, the website is pretty simple, full of mistakes, and a bit confusing. But it is mine and it accurately reflects the state of my old brain! I have done every picture and every word in it. And I did it with a superficial knowledge of programming and the internet.
I had taken some steps to protect my site from attack. My passwords were strong and I had installed two factor authentication which meant that to get into the site’s back end to edit the content the site sent a code to my cell phone which I had to enter to get in. A hacker would not have my cell so he would be blocked without that code. But it was not enough.
In my Notebooks I see an entry for 18 December 2022 which reads “WP-Problem – last 2 days WP acting up – won’t go into wp-admin – goes to an all text page ….”. I had lost control of my site but I did not understand why. I began searching for answers but I was not well equipped for this. It was the beginning of a self education process that was to go on for the next two weeks.
On the next day, the 19th, after a brief survey of information on the internet, I did a site scan on the Sucuri.com website and was told I had contracted the SPAM-SEO malware. I had no idea how I got it because my site was protected by apps to limit login attempts and by two factor authentication to get into the back end of the site. Over the next few days, as I worked on it, my site URL was taken over completely and flynngraphics.ca was pointed to a retail shopping site in Asia. This was dangerous because it could adversely affect my site’s growing rankings on Google and could lead to it being blacklisted.
I still had access to my website’s files via an FTP connection and so on December 20th following instructions I found on the net I was able to close my site down so that it was removed from the internet. This would limit any damage to my search engine rankings. And then the study began. How to get my website back?
One of the services I have subscribed to is Vaultpress which backs up my site every day. As of the 18th of December they too were unable to access the site and backups had stopped. To be certain I got ahead of the virus attack I selected the 14th of December as the backup file I would use. However, my own attempt to reinstall it failed. Something in the virus code was preventing that. Although the site was “off the air” the virus was still present.
Trying to learn what was happening, I created a new WordPress site at “thecanoncollector.ca” so I could examine the files that underpinned the site. At the same time I continued my reading and got into my DNS Records to make sure my URL was pointing correctly. Nothing helped.
Finally, following advice I found on line, on the 21st I deleted my website files using my FTP connection. I then went into cPanel and installed a new WordPress site at flynngraphics.ca. I then contacted VaultPress and requested that they do a reinstall of my 14 December backup. These guys were really helpful and communicated fully with me through this process.
Finally on December 24th they got my site back up and operating. I had to do some repair work on my DNS settings to get my email working again. So, I was back online. But, and it is a big but, I could not access the sites back end. That meant I could not add to, delete from or change anything on the site. The problem was the two factor authentication. Somehow during the restoration process the authentication app became disconnected from my cell phone which I used to receive the tokens to unlock the site and the codes I was receiving were not working. I could find nothing online to explain this behavior so, again, I was on my own. Vaultpress could not help with it. They said they had not run across this behavior.
For days I read everything I could find online. Nothing worked. Using my test site at thecanoncollector.ca I installed my two factor authentication and then examined the files the app added to the site. There was just the plugin directory for the app. All other files seemed unchanged. So I deleted the directory via FTP. And suddenly the two factor requirement was deleted. This was January 5th. I had been at it for the whole of the Christmas holidays.
To be sure what was happening, I then deleted the app from my phone and then did a new install. I reinstalled the app on the site and my cell phone and two factor authentication was back working. Emboldened by this I went into the files for my real website and deleted the plugin directory for the two factor authentication. And suddenly I was in. I deleted the account in the app on my phone and then I reinstalled the app on the site and on my phone and the two factor authentication was back and working. With a great sigh of relief I went to bed.
So what I have learned? Where to start? More than ever I learned I don’t want to program computers. For me it is mind bending. Especially at my age when my brain is beginning to petrify. I don’t know how I contracted this virus. So I am going to harden my site every way I can: I installed a site firewall, I am creating stronger passwords, I have upgraded my password manager, I am paying more attention to my backups than ever before, I am installing my two factor authentication on a second device so I am not locked out because I lose one of them. And I will do anything else I can discover to protect my site.
Oh, and I want to emphasis the importance of keeping extensive notes. If this happens again I know how to cure it. But unless I have notes, a year from now I will not remember what I did. So, notes are essential.
I want to thank the great people at Vaultpress.com who came through for me. They did the reinstall and they communicated with me every step of the way. And GoDaddy was helpful as well. Their help files are excellent and served as a solid guide. Thanks to all of you. And to my readers, I hope this saga may help some of you who end up facing the same problem.
So now, lets get back to the pictures and the cameras. That’s what this is about.
I am the creator of flynngraphics.ca and thecanoncollector.com. The contents of this website are subject to my claim of copyright. However, to be clear, I have no right to the trademarks or printed material, brochures or manuals that originate with Canon Inc. or other manufacturers and make no claim to have such rights. I am unable to pass on any rights to these materials and trade marks and if you make use of them you do so at your own risk.