We Got Hacked – And How We Fixed It
This Sunday morning, Slashpix IMed me on gtalk about a shocking thing that happened to my blog. He asked “What’s up with your site?”, with enough curiosity I checked out my blog and wow – this just scared the heck out of me:

Parking Page of Carl Ocab dot com
In the hopes of just a web host slip, I checked every domain on the same hosting account. Eight of them were taken down and all under the name of my dad. Namely carlocab.com and grandstart.com.
I paused for a moment and logged in on MSN to find guys whom I can chat with and get help because this is the first site hackage I encountered. Three people started IMing me and asked about the parking page. One of them was my buddy XMCP who gladly helped me and gave me useful advices on what to do.
After a few minutes, I chatted with Host Gator and asked them why that page was showing up. It took them about 10 minutes to give me a solution – that didn’t work.
They told me that the domains were removed as an addon on cpanel. They said I should install them back, but it seems like I can’t because it’s already added on another account.
The funny thing was, the nameservers was not changed at all. The hacker might have used another host gator account with the same nameserver to put that ugly landing page on my domain. This gave me time to breathe, no files were removed, no files lost so no worries. I just have to nail this hacker and this thing is solved.
After a few IMs with XMCP, he told me to call Host Gator to get more live help and track down the hacker. I told my dad about the situation then he called HG. Again, it took the support 10 minutes to answer the problem and gave my dad a link to a site restore page where we should pay $15 per domain to restore the site.
Actually, if we did pay that it would cost us $120 without getting the problem fixed.
I thought of a quick solution to fix this in less than 24 hours, (I can’t manage to wait for Host Gator to answer or fix this, it’ll take weeks probably) so Google won’t notice the parked site and I won’t lose all of my rankings within the day.
Carl Ocab Dot Com Rebirth
If someone was using it as an addon on Host Gator then I can probably get away with it by changing the nameserver and switching to a new host. I packed away all the WP stuff and look for a more secure hosting plan.
There comes Media Temple. One of the biggest folks in the web hosting world. They hosted sites like ABC news, Nike, Adidas and even Adobe. It didn’t gave me a second thought. I then purchased their Grid-Service package and after 5 minutes, all was set in place!
I switch the nameservers of all hacked sites to Media Temple’s and got it working within an hour. Special thanks to Charles Lau’s post on how to transfer Wordpress to another server. It helped me transfer my blog with ease.
Lesson Learned
After a tiring day, I didn’t have any choice but to learn from what happened.
Never, ever be cheap when buying your web host. Always take the first class because it’s the life of your artwork. It’s the dirt that makes your tree grow. Back up files regularly too.
Personal Or Just A Security Hole?
When we got to church this morning, it kept me thinking if this was intentionally done to us or it was just a cpanel security hole like what happened last year. What do you think?

Enter your name and email below, then click the "Free Instant Access!" button to get the free report.






Carl Ocab is one of the most successful teenage bloggers on the net. But remarkably, Carl was just 13 years old when he rose to fame with his hugely popular “make money online” website: www.carlocab.com




Hi, my name is Carl Ocab or as many call me, the “Kidblogger”. I’m a 16-year old kid from the beautiful archipelago Philippines.
December 30, 2007
7:09 pm
Carl, I just tried to subscribe to your blog, and discovered that somehow the RSS sign up process is trying to subscribe me to ProBlogging, not your blog. [As it turns out, I'm already subscribed to that one already.]
I’ll try to keep up with your very interesting venture, esp since I spend half of each year in the Philippines. Perhaps I’ll take some of the information from my blog for writers and do a post for you, leading your readers to excellent FREE software for writers.
Good luck!
Tom
December 31, 2007
7:11 am
I have just setup my new blog on MediaTemple
they seem awesome so far! (Host Techcrunch for Example)
December 31, 2007
12:02 pm
Hey Tom,
You can subscribe to problogging, it’s the url of my feed under feedburner. If you look at the posts, it’s the same on my blog. But nevertheless, I’m glad you’re already subscribed.
Will be waiting for that post Tom.
December 30, 2007
7:30 pm
I’d say it was probably a more targeted attack. If he was using a mainstream host that just so happens to be yours, there’s a low chance of it being a mass scan. If someone were to scan for vulnerabilities, it would not be cost-effective to buy a hosting account at each host where there is someone vulnerable. Especially since many of the accounts would be canceled quite quickly.
Thanks for the reference though, and glad to have you back!
December 31, 2007
12:08 pm
Yeah probably, but for 12 hours on my domain with a parking page – and 8 other domains with blogs, he could’ve made a big amount of money.
December 31, 2007
2:46 am
I was wondering why I couldn’t open your site yesterday. Good it is back to normal. :D
December 31, 2007
3:20 am
Ya, welcome back Carl Ocab Dot Com! Maybe these guys were just F*^%$ up with your nice, presentable and money-maker site. Shame on them!
Nhick
http://www.itrush.com
December 31, 2007
12:08 pm
… and that made my day! Haha.
December 31, 2007
4:01 am
Good thing you’re back!
December 31, 2007
4:09 am
Well, it’s nice to see that you got everything fixed in no time. As for that hacker (if there was one), the hell with him. :P
December 31, 2007
12:09 pm
Of course there’s a hacker, I wouldn’t do that for no good reason.
December 31, 2007
4:20 am
WOW! I’m glad everything turned out ok for your full network, Carl. I would never want to see a blog like this go away..
-Mike
December 31, 2007
12:11 pm
Thanks Mike.
It’s not my full network though. I got my sites scattered on several hosting accounts.
December 31, 2007
6:52 am
I’m so happy that your site is now back online.. Yeah, I was wondering what happened to your site yesterday.. Anyway, thanks to your free- e-book, very informative indeed.. Happy New Year to you and to your dad..
December 31, 2007
12:11 pm
Hi Joliber,
Thanks and happy new year too!
December 31, 2007
7:07 am
well apparentely the ‘hacked’ homepage has changed to some other style…
December 31, 2007
12:30 pm
Is that a joke? lol.
December 31, 2007
8:22 am
@Sly: I’m the xmcp mentioned in the post, and I can assure you there was a hacker.
December 31, 2007
10:40 am
That’s scary… and I’m on HostGator.
December 31, 2007
12:32 pm
I guess you know what to do…
December 31, 2007
11:24 am
Quick thinking!
Glad to have you back. :)
December 31, 2007
12:26 pm
Hi Carl,
I really understand what you might have gone through. I once had the same experience with you and lost all my traffic. Just trying to rebuild the traffic back now. Anyway, it is good to move on with the lessons.
December 31, 2007
1:23 pm
Oh… I’m glad your site was restored. I don’t know what will I do if that thing happens to me (in reality it won’t happen to me because I don’t have hosting I just use blogger). But anyway also glad you didnt lose your rankings
December 31, 2007
1:35 pm
that’s so scary!
(i think there’s someone insecure at your fame!)
December 31, 2007
5:19 pm
Wow, good job! I’m glad you’re back,
Have a wonderful new year !
December 31, 2007
5:33 pm
So I’m just curious about what would be your reaction on Hostgator. After all they hosted you for a long time. I think its cool if you would make a eulogy for them… ^-^
December 31, 2007
6:04 pm
Sorry for the misunderstanding but the reason I said that is because you said it yourself that it could have just been a cpanel security hole. I didn’t mean to sound like I thought that you did that to yourself. :)
December 31, 2007
6:30 pm
@Ade: It’s not a hostgator problem; it’s a shared hosting problem.
You transfer a domain to their DNS, and then add it on. But WHOEVER adds it on first gets it. There’s no way to verify your claim.
So all this guy did was break into cpanel to remove the addon domain, then add it on his own account.
December 31, 2007
6:47 pm
Sorry for the misunderstanding. I read the part wrong where you said “if this was intentionally done to us or it was just a cpanel security hole”. When I said that if this was really done by a hacker, that was because I was taking into account the cpanel security hole (which I thought was something done by your web host). Anyway, I got it now. :)
January 1, 2008
12:12 am
No problem buddy!
December 31, 2007
9:27 pm
Hey Carl. I noticed you site was parked when I typed it in. I then did a double take and said “what?” . I typed it in again and it was still parked. I then googled “make money online” and clicked you link and it was still parked. Good to know you got everything back up. I hope you catch the guy and best of luck with your new host. In my blog I discuss computer issues and how to protect yourself.
http://mysafepc.net
January 1, 2008
12:22 am
That’s how bad things can happen to hacked websites. Anyway, it’s not that serious compared to other hacks.
The guy who did this won’t probably get caught, host gator ain’t that cooperative much.
December 31, 2007
9:28 pm
I believe that crackers find these breaches with search engines (or they are malicious users of the service they intend to hack) so they are familiar with the vulnerability. They then use a known method of exploitation. Its important to get a diligent host who take security seriously.
January 1, 2008
6:51 am
I have dealt with MT and have to say, they are a better professional host than most. If I didn’t need a reseller I would be with Media Temple for sure.
I hope you reset your password to something around 20 characters, alpha numeric with 5 or 6 characters. This way, crackers will not be able to get your password cracked without a very complex computer.
January 1, 2008
6:59 am
CENSORSHIP
January 1, 2008
11:24 pm
Ya know, I’ve always seen your website “Carlocab.com” come up on the search engines when I’m doing SEO research. I’m usually to busy to investigate and/or stop by, but I did today and I’m a bit fond of what I found. I like the site. I’m just glad I decided to come on a day when your site is actually up and running. Interesting topic here.
Joe Golden
Administrator
http://www.thelegalhustle.com