This Sunday morning, Slashpix IMed me on gtalk about a shocking thing that happened to my blog. He asked “What’s up with your site?”, with enough curiosity I checked out my blog and wow – this just scared the heck out of me:
Parking Page of Carl Ocab dot com
In the hopes of just a web host slip, I checked every domain on the same hosting account. Eight of them were taken down and all under the name of my dad. Namely carlocab.com and grandstart.com.
I paused for a moment and logged in on MSN to find guys whom I can chat with and get help because this is the first site hackage I encountered. Three people started IMing me and asked about the parking page. One of them was my buddy XMCP who gladly helped me and gave me useful advices on what to do.
After a few minutes, I chatted with Host Gator and asked them why that page was showing up. It took them about 10 minutes to give me a solution – that didn’t work.
They told me that the domains were removed as an addon on cpanel. They said I should install them back, but it seems like I can’t because it’s already added on another account.
The funny thing was, the nameservers was not changed at all. The hacker might have used another host gator account with the same nameserver to put that ugly landing page on my domain. This gave me time to breathe, no files were removed, no files lost so no worries. I just have to nail this hacker and this thing is solved.
After a few IMs with XMCP, he told me to call Host Gator to get more live help and track down the hacker. I told my dad about the situation then he called HG. Again, it took the support 10 minutes to answer the problem and gave my dad a link to a site restore page where we should pay $15 per domain to restore the site.
Actually, if we did pay that it would cost us $120 without getting the problem fixed.
I thought of a quick solution to fix this in less than 24 hours, (I can’t manage to wait for Host Gator to answer or fix this, it’ll take weeks probably) so Google won’t notice the parked site and I won’t lose all of my rankings within the day.
Carl Ocab Dot Com Rebirth
If someone was using it as an addon on Host Gator then I can probably get away with it by changing the nameserver and switching to a new host. I packed away all the WP stuff and look for a more secure hosting plan.
There comes Media Temple. One of the biggest folks in the web hosting world. They hosted sites like ABC news, Nike, Adidas and even Adobe. It didn’t gave me a second thought. I then purchased their Grid-Service package and after 5 minutes, all was set in place!
I switch the nameservers of all hacked sites to Media Temple’s and got it working within an hour. Special thanks to Charles Lau’s post on how to transfer WordPress to another server. It helped me transfer my blog with ease.
After a tiring day, I didn’t have any choice but to learn from what happened.
Never, ever be cheap when buying your web host. Always take the first class because it’s the life of your artwork. It’s the dirt that makes your tree grow. Back up files regularly too.
Personal Or Just A Security Hole?
When we got to church this morning, it kept me thinking if this was intentionally done to us or it was just a cpanel security hole like what happened last year. What do you think?
Usman Money says
I was wondering why I couldn’t open your site yesterday. Good it is back to normal. :D
Carl, I just tried to subscribe to your blog, and discovered that somehow the RSS sign up process is trying to subscribe me to ProBlogging, not your blog. [As it turns out, I’m already subscribed to that one already.]
I’ll try to keep up with your very interesting venture, esp since I spend half of each year in the Philippines. Perhaps I’ll take some of the information from my blog for writers and do a post for you, leading your readers to excellent FREE software for writers.
Colin Klinkert says
I have just setup my new blog on MediaTemple
they seem awesome so far! (Host Techcrunch for Example)
You can subscribe to problogging, it’s the url of my feed under feedburner. If you look at the posts, it’s the same on my blog. But nevertheless, I’m glad you’re already subscribed.
Will be waiting for that post Tom.
I’d say it was probably a more targeted attack. If he was using a mainstream host that just so happens to be yours, there’s a low chance of it being a mass scan. If someone were to scan for vulnerabilities, it would not be cost-effective to buy a hosting account at each host where there is someone vulnerable. Especially since many of the accounts would be canceled quite quickly.
Thanks for the reference though, and glad to have you back!
Yeah probably, but for 12 hours on my domain with a parking page – and 8 other domains with blogs, he could’ve made a big amount of money.
Glad to have you back. :)
Good thing you’re back!
Sly from Slyvisions.com says
Well, it’s nice to see that you got everything fixed in no time. As for that hacker (if there was one), the hell with him. :P
Of course there’s a hacker, I wouldn’t do that for no good reason.
Mike Huang says
WOW! I’m glad everything turned out ok for your full network, Carl. I would never want to see a blog like this go away..
It’s not my full network though. I got my sites scattered on several hosting accounts.
Oh… I’m glad your site was restored. I don’t know what will I do if that thing happens to me (in reality it won’t happen to me because I don’t have hosting I just use blogger). But anyway also glad you didnt lose your rankings
I’m so happy that your site is now back online.. Yeah, I was wondering what happened to your site yesterday.. Anyway, thanks to your free- e-book, very informative indeed.. Happy New Year to you and to your dad..
Thanks and happy new year too!
Muhammad Siyab says
well apparentely the ‘hacked’ homepage has changed to some other style…
Is that a joke? lol.
@Sly: I’m the xmcp mentioned in the post, and I can assure you there was a hacker.
So I’m just curious about what would be your reaction on Hostgator. After all they hosted you for a long time. I think its cool if you would make a eulogy for them… ^-^
That’s scary… and I’m on HostGator.
I guess you know what to do…
… and that made my day! Haha.
Emmanuel Oluwatosin says
I really understand what you might have gone through. I once had the same experience with you and lost all my traffic. Just trying to rebuild the traffic back now. Anyway, it is good to move on with the lessons.
Hey Carl. I noticed you site was parked when I typed it in. I then did a double take and said “what?” . I typed it in again and it was still parked. I then googled “make money online” and clicked you link and it was still parked. Good to know you got everything back up. I hope you catch the guy and best of luck with your new host. In my blog I discuss computer issues and how to protect yourself.
That’s how bad things can happen to hacked websites. Anyway, it’s not that serious compared to other hacks.
The guy who did this won’t probably get caught, host gator ain’t that cooperative much.
that’s so scary!
(i think there’s someone insecure at your fame!)
Wow, good job! I’m glad you’re back,
Have a wonderful new year !
Sly from Slyvisions.com says
Sorry for the misunderstanding but the reason I said that is because you said it yourself that it could have just been a cpanel security hole. I didn’t mean to sound like I thought that you did that to yourself. :)
@Ade: It’s not a hostgator problem; it’s a shared hosting problem.
You transfer a domain to their DNS, and then add it on. But WHOEVER adds it on first gets it. There’s no way to verify your claim.
So all this guy did was break into cpanel to remove the addon domain, then add it on his own account.
Sly from Slyvisions.com says
Sorry for the misunderstanding. I read the part wrong where you said “if this was intentionally done to us or it was just a cpanel security hole”. When I said that if this was really done by a hacker, that was because I was taking into account the cpanel security hole (which I thought was something done by your web host). Anyway, I got it now. :)
No problem buddy!
I believe that crackers find these breaches with search engines (or they are malicious users of the service they intend to hack) so they are familiar with the vulnerability. They then use a known method of exploitation. Its important to get a diligent host who take security seriously.
I have dealt with MT and have to say, they are a better professional host than most. If I didn’t need a reseller I would be with Media Temple for sure.
I hope you reset your password to something around 20 characters, alpha numeric with 5 or 6 characters. This way, crackers will not be able to get your password cracked without a very complex computer.