One of My Sites Was Hacked

Drilling into sitesSeems like the hackers are after me at the moment: 2 weeks ago my Twitter account was hacked and last week one of my static web sites was hacked.

Last week’s hack was particularly embarrassing.

I’d sent someone the link to my Web Services site. On the web design page there are some links to sample sites and the hackers had installed a Trojan on one of those.

So when my prospect clicked on the link to the affected site they were greeted with one of those big, shout-at-you messages warning them that my site was trying to install a Trojan on their PC.

Not a good way to get new business. 🙁

Fixing the site was easy – and done in less than 10 minutes. All I did was to delete every file on the server and re-upload the entire site.

As soon as the clean site was up I changed my FTP and hosting provider passwords and, so far, no further problems.

So the next question was: how did they get in?

I raised the question with my hosting provider, but they were not that helpful. However, they did suggest that one of the scripts on my site might have been the entry point.

The only scripts on that site are for the contact form and the statistics. The contact forms are done using scripts, so I downloaded the latest version of my contact form builder and re-did the contact forms on all of my sites. That took me most of Saturday – a lot longer than fixing up my hacked site did!

There’s nothing I can do about the scripts for my statistics – they haven’t produced any upgrades.

This particular site is for a JV business venture that I’m doing with someone else and, therefore, it wasn’t hosted at Hostgator, along with my other sites.

However, the hosting provider it’s hosted with doesn’t support SFTP so, for the moment, I’ve moved it onto my Hostgator account.

With the growing sophistication of hackers, and the increase in online crime, it’s difficult to understand why a hosting provider would not support SFTP. In fact I think it’s both negligent and irresponsible on their part.

Needless to say, I will not be renewing that contract when it comes up.


Martin Malden

About the author: Martin has been working online since 2006 and focuses on two areas: 1) affiliate marketing and 2) designing and building websites based on WordPress. He has his own WordPress agency, and serves clients in Hong Kong, Australia and the UK.

What do you think?

Comments on this entry are closed.

  • Bumby Scott Mar 17, 2010 @ 7:34

    I use bad behavior and am part of project honeypot they have protected my site very well. Have you given them a try?

    Always Bumby

    • Martin Mar 17, 2010 @ 9:34

      Hi Bumby,

      I already use Bad Behaviour on all my WP sites, but I’ll have a look at project Honeypot – I don’t know that one, so thanks for the heads up. 🙂

      The site that was hacked wasn’t a WordPress site – it was a standard, static HTML site.

      Thanks again,


  • Tamara Holmes Mar 21, 2010 @ 14:20

    I am so sorry you are getting hacked again! I really hate it when that happens. We must be their number 1 targets these days. First my Twitter account, then my website. Then your Twitter account, then your website. Are we having fun yet? Thanks again for getting my site back up & running so quickly.
    .-= Tamara Holmes´s last blog ..The biggest food recall in history =-.

    • Martin Mar 21, 2010 @ 20:30

      What a star you are..!

      I take it as a sign of success – our sites are getting noticed so much now that we’re considered worthy of hacking.. 🙂