Three weeks ago I faced a server attack.
A serious attack that affected most of my websites and for a while I actually thought I would lose a large portion of my business because of this. Thankfully I managed to fix it and that’s why you’re now reading this post.
So let’s go into detail about what happened and most importantly – how to secure your online business and websites so that you never face a situation like this.
Even though I have dealt with various sorts of hacker attacks previously, this time it was much more serious. What happened was, by using some vulnerabilities within the software I was running on my server, hackers “infected” many of my websites with malware (software/scripts that can be controlled by hackers).
I luckily noticed it very quickly as when I was checking my server status (which I do almost every day) as I saw that there was more than 40 000 scheduled emails in my mail queue. Spam emails of course. That instantly raised alarm bells for me and I knew that something dodgy was going on.
This is what hackers usually do – they get inside your web hosting account or server (if you have one) and install malware to send out thousands of spam emails to email addresses scrapped over the net. This way they use your resources, your email addresses and hosting account to send out spam emails.
If you’re not careful and do not spot this in time, hackers can use your website for days or even weeks to send out tens of thousands of spam emails.
And this results in your domain name and email address being black-listed by mail service providers (such as Gmail, Yahoo) and even search engines!
I’m sure I don’t have to explain the severity of this as if you have established websites and online shops with a good Google rank; this can completely destroy years of hard work.
First Things First
If something like this happens to you, the first thing you want to do is contact your hosting company and ask them to DISABLE the mail sending function for your account. This effectively stops ANY emails coming out of your account and is the best temporary solution to put in place while you deal with the core problem – the actual malware.
If you have your own dedicated or virtual server running WHM & CPanel, you can do this on your own – by switching off the Mail Exim service. Either way, the idea here is to stop those spam emails being sent out while you clean up your websites.
The next thing you want to do is check those spam emails you have in your mail queue. Again, if you have access to WHM, you can do this by yourself via the Mail Queue feature – if not, just ask your hosting account provider to check these emails for you.
What we’re looking for here are HEADERS within these emails that contain information about where they’re coming from. Usually, they will have links/code that point to a specific place, folder, plugin or software within your website (which has been infected). If you’re not good with code, this won’t help you much though as you won’t be able to clean the files on your own (you can’t simply delete them as then your website could stop working completely).
Even though I consider myself to be quite good with code, I couldn’t really figure it out by myself so I realised that, to not waste any more valuable time, I should find a company who can do this for me – a company that can completely remove the malware from my sites so that I could resume business as normal, asap!
So I just started Googling for phrases like:
- clean up websites
- malware removal service
- malware detection service
- and so on
It turns out there are hundreds of companies doing this and I can definitely see that there’s a huge business here – desperate business owners with infected websites are ready to pay ANY kind of money to get their problems fixed. Talk about a problem resolving business concept, eh?
I checked out probably 10 or 15 of the best looking companies that showed up on Google search. Many of them didn’t have live chat which was an instant turn off for me. I really needed someone to start working on my websites ASAP so was looking for a 24/7 service.
After spending an hour or two searching, I thankfully found a company called Sucuri.net which I really liked, particularly how professional their website looked and the fact that they had live chat support available to instantly deal with my query.
Not only did they have 24/7 sales support, their “clean up” team also works 24/7. Just to be 100% sure, I specifically asked the live chat rep – WILL someone start working on my case right away? And the answer was – YES!
And they weren’t lying… once I signed up and paid the fee, my case was opened within 5 minutes and their technicians started the scanning process almost immediately.
I’m sure there are many other good companies providing a similar service, but I really liked the way Sucuri treated my case urgently so if you’re looking for a company to clean up your website from malware, I can certainly recommend Sucuri.net
And it’s not just a disaster revoke service, not at all! For the yearly fee you pay, you get constant/daily monitoring of your websites and if malware is detected, they will remove it for the fee you have already paid, there’s no need to pay anything extra. Plus you can always ask for a manual removal and scan if you feel your websites have been hacked.
Plus if you want even further protection, they also offer a special PROXY firewall service where you can protect your website in a way that all potential hacker and DDOS attacks are filtered before they even have a chance to get to your website. I’m seriously considering adding this service to at least a few of my biggest websites for further protection.
So back to my disaster situation – Sucuri started working on my sites and it turned out that 6 or 7 were infected, some very seriously, with various malware infected across several areas. They managed to clean most of the stuff within 24 hours or so but then just when I thought this were close to being fixed, the next disaster occurred…
Blue Host SHUTDOWN
Yes, just when I thought it was all over, Blue Host completely shut down my server because they now detected these malware issues themselves. I don’t blame them of course – they want to protect their customers and their servers from being used to send out spam. In cases like these, there’s not much you can do – most hosting providers would do the same – they will shut down your websites and grant FTP access to your IP address so you can resolve the issues in question.
Luckily enough, Sucuri had almost finished the cleaning process so it was just a few hours of downtime before I asked Blue Host to get my server back online.
Unfortunately, that part didn’t go as well as I’d hoped… suddenly there were WHM issues within my server and I could not get my websites back online. Blu Host started to investigate the problem but as it would be at least another few hours that my websites would be down, I made the serious decision to move all of my sites to a new hosting company.
Coincidentally, I had wanted to move to a new, more powerful server for some time already and this provided the perfect timing to do so. There was nothing to lose as my websites were down anyway!
After more than 10 years of using US based hosting companies, this time I thought – what the hell, why not try out one based in the UK? Maybe I would get lucky and find a company with a more personal approach to clients than these super large hosting companies.
So I started another round of Google research to find a UK based hosting company that provides 24/7 support, offers good cloud based VPS service (virtual private servers) and can help me with the transfer process immediately.
I also needed a company that offers WHM and CPanel by default as that would make the whole transferring process much easier as you can make back-ups of websites in WHM and in the same way, import them to your new hosting account.
After checking out a few companies, I settled with WebHost.uk.net.
Again, live chat support played the biggest role here. First of all, when you go to WebHost.uk.net website and lick on Live Support, you get an INSTANT response! No waiting time, just instant support from a live person. And they offer both sales and technical support 24/7, which is CRUCIAL in my opinion when you’re looking for a hosting company.
Not only was their live support instant, they also promised to set-up my server within 30 minutes and help with the transfer process. How cool is that? With Host Gator for example, you have to wait 2-3 days for them to set up a Virtual Private Server but this company offered almost instant set-up.
Finally, I also checked out some of their reviews online.
A quick side note – when you check out hosting company reviews online, be prepared to see lots of negative comments and very low ratings overall, compared to other industries.
This is because most people leave reviews for hosting companies when something goes wrong (and it happens even with the very best companies) and not so much when everything just works as it should.
So what I realised by comparing various hosting company reviews is that you won’t find a company with say 5 out of 5 stars reviews, not even close. Most are 2-3 stars and lower (out of 5) – EVEN for companies I personally found to be very good (Blue Host for example).
Anyway, WebHost.uk.net’s reviews were actually very good – 4 to 4.3 stars on average on various sites, so knowing what I did about the average score for hosting companies, that looked like a very good score to me.
As I was really running out of time by this point, I just made the decision and signed up for the Cloud Linux Plan 4, with a 50GB SSD (much faster than the normal HDDs). This package gives me:
- Quad Core Processor (4 processors)
- 4GB RAM
- 50GB SSD
- 1280GB Bandwidth
- 2 Dedicated IP Addresses
- CentOS 6.x Operating system
- CPanel & WHM
Now, it’s a very powerful package which comes at a cost of course – the price for this package is £127 (inc. VAT) per month but it really is a superb set-up with LOTS of power!
Most of you wouldn’t need such an expensive package and that’s why there are much smaller and cheaper options available:
During the sign-up process, Rachel (the live chat rep) stayed with me the whole time and once payment was made, she instantly started setting up my server.
It took probably 30-40 minutes and I was ready to go!
Well when I say ready to go, what I mean was that I had reached the transfer process, which I needed help with, badly!
Because all my websites together take up about 15GB of space!!! So for me to download it from my old account AND upload to the new one would take several days, which definitely wasn’t an option considering that at this point my websites had already been down for about 10 hours or so.
So I started another live chat session, this time with a tech support guy called George Shaw. I really feel like it was a God-send that George answered my live support request (they have multiple people working at one time)!
George instantly started working on the transfer process and unlike me; he had the knowledge and POWER to do it quickly! He used special, super fast FTP direct access software to move my back up files from the old server to the new one.
In the meantime I was busy changing nameservers for all my websites so that they were pointing to my new server once the transfer was complete.
The file transfer process still took 3 or 4 hours BUT taking into account how massive they were, it still was very quick. And some smaller sites were transferred much quicker, so I started to see my websites go live one by one. Happy times!
Once the transfer process was complete, it turned out that several websites were not working properly due to CPanel/database versions incompatibility issues and other such complicated things.
At this point I was starting to lose all hope and think that this nightmare would never end!!
But don’t forget – I still had George communicating with me on live chat this entire time! For 5 hours+! And he started fixing each website, one by one, and bringing them back to life. These really were complex issues that no ordinary tech support guy would have been able to fix but George did it! He completely corrected all issues with my sites and only then ended his shift. Bearing in mind that it was late Friday night by then, I’m truthfully amazed!
So all in all, I can’t say enough how impressed and thankful I am for the service received from Webhost.uk.net and while it’s of course only been three weeks since then, I’m very happy with the service and support they provide.
Once again, I would like to give a BIG thanks to Rachel & George who helped me with the whole transfer process and brought my business back to life.
Lessons to Be Learnt
Now, when I look back at this whole mess I was in, I realise that partially it was my own fault. Well okay, mostly my own fault.
You see, hackers mostly target outdated software and plugins as they are more vulnerable. They infect your website via ‘holes’ within old software and yes, I have to admit that I was not completely up to date with everything and some of my sites had old software installed (hadn’t been updated) and that’s what most likely caused the malware infection in the first place.
So the no.1 lesson to take from this is – ALWAYS keep your websites, plugins and scripts UPDATED!!! I have now scheduled maintenance checks on all my websites, every week, so that I can instantly update my software as soon as a new version is released.
Secondly – backups. You really can’t treat back-ups lightly. You want to be 100% in control of your businesses and do REGULAR back-ups for all websites you have AND store them in various places, not just your hosting account!
Yes, I did have back-ups set-up in my previous hosting account but at one stage I thought I would lose them all (when WHM in Blue Host went down). So it’s super important to have multiple back-up locations.
From now on, I will keep back-ups of my websites in 4 places:
- My server
- My computer
- Time capsule (which automatically takes them from my computer)
- Dropbox (which automatically takes them from my computer)
Make it a WEEKLY routine to back-up all of your websites and store them in at least 3 places – your hosting account, computer and some form of cloud data storage.
To even further increase my back-up system, I also signed up to the R1Soft back-up solution from WebHost.uk.net. It’s a more advanced back-up system which means you can have complete websites restored in less time plus there are many more advantages to using it.
So lesson no.2 – have a systematic back-up policy in place and store your back-ups in at least 3 different places.
Thirdly – prevention of hacker attacks.
I could have avoided ALL OF THIS, if I had an account with Sucuri.net in place. It’s as simple as that. As when you have your websites constantly monitored (they do daily scans), such malware infections can be quickly spotted and removed WITHOUT all the drama I went through!
And it all works on auto pilot! You just enable server side scanning in Sucuri, add your website’s FTP details and their software will scan your website every day looking for malware infections. If they find something, you’ll receive an email and you can then request immediate malware removal which will be carried out instantly by their 24/7 technicians.
Besides that, Sucuri also looks for outdated software (like WordPress versions) and plugins and informs you when you need to upgrade your scripts. This is very handy as it means you don’t have to manually check this every week.
Lesson no.3 – have an account with Sucuri.net or a similar company to constantly monitor your sites for malware infections!
You can of course use any other, similar service but my experience with Sucuri has been so great that it’s the company I recommend you use. They worked very hard and efficiently to clean up all of my websites in a very timely manner and I can’t thank them enough for that!
So here you have it – the 3 KEYS to securing your websites against hacker attacks:
- Keep your website software updated at all times.
- Have a super safe back-up system in place.
- Constantly monitor your websites for malware infections.
This may not 100% guarantee that your websites will never be hacked but at least it provides a basic security network which will work in 99.9% of cases. Plus even if the worst happens and you are attacked, you’ll then have secure back-ups in place to restore your website quickly and easily – the opposite of what I had to go through.
And it doesn’t matter how big or small you are – trust me, you want to secure yourself against any potential damages as the cost of fixing them can be severe. Even if you have just one blog, website or self-hosted online shop – you still want to do this! It may cost you $100 a year for Sucuri’s service but the fee is well worth it considering what they provide. And then the back-ups and updated software doesn’t cost you anything, apart from your time.
Speaking about how big your business is – don’t think that hackers only go after large companies/websites – not at all! Malware infections to send out spam emails are not manually created. Hackers simply use special scripts that scan the internet, thousands of websites each day, to find those weak spots and install scripts. The whole process is entirely automated and they do not specifically target large businesses.
With everything considered – it’s better to be safe than sorry, right?
I hope this guide will help some of you avoid the 2 day nightmare that I went through.
So please, learn from my mistakes and secure your websites now.
If you have any comments or questions about the processes outlined in this post, please post them below and I will personally answer all your queries.
Click Here to Leave a Comment
Is there a reason why you do not host with gdaddy? I see you recommend registering a domain with them but not hosting.
Mostly because I believe everyone should do what they do best – in beginning Go Daddy was just a domain registrar and not a hosting company. Somehow I feel more secure with companies that specialise in hosting services alone.
Another important thing – Go Daddy doesn’t use CPanel (last time I checked) which means in case of migration (when you need to change hosting for some reason), it will be quite difficult compare to CPanel to CPanel migration.
HI, Thanks for the great information, are you still with webhostuk.net,and if so are they still good ?
Yes, I’m still with Web host UK.
Haven’t had any problems with them so far (knocking on wood).
Their service is fast and support is ALWAYS available quickly on Live Chat, 24/7.
So can definitely recommend them.
Cheers Andrew :),
I will move from Hostgator to Web host UK this week. if you have an affiliate link please send me.
I have been a regular reader of your posts for a few years now and even purchased easy auction..
I have to say that I only look at you Blog for information as I find it covers everything I need to know!
this is my first time posting, and the reason is I have spent months and months just reading reviews and trying to find a decent web host,and still haven’t signed up with one yet!….my question is are you still with webhostuk.net,and if so are they still good ?
many thanks Michelle…ps keep up the good work!
Yep, I’m still with webhostuk – they have been very good (knocking on wood) – no probs so far! 🙂
[…] discussed this phenomenon before in my hosting provider article so won’t delve into it again […]
[…] recently wrote an article about protecting your website from hackers and I’ve received a lot of interest and questions from you about this and about website downtime […]
Hi Andy, sorry to hear you had to go through all his, has made me start looking into options to help protect my hosting account more.
I was wondering I read a lot of your posts and remember you mentioned you mainly only bigcommerce these days for ecommerce stores – I’m guessing this attack didn’t affect them as they provide hosting for the shopping carts I think if I remember right?
So anyone with an all in one hosting solution wouldn’t need the above or am I getting confused? 🙂
Yes, that’s correct.
Only my self hosted sites were affected by this, not hosted shops (Big Commerce). With hosted carts, shopping cart company take care of such attacks, firstly by having good firewalls in place and other security systems. This is yet another advantage of hosted shopping carts and why I recommend using them instead of self hosted carts.
I have also being following your blog for a while now, and can sympathise with your malaware attack as I went through this a few years back and have been using the services of sucuri myself for the last few years. They do a great job for the price and peace of mind that help is not faraway if ever needed.
I would also like to mention another website to help you and your readers and is one that helps to prevent attacks, DDOS, bots wasting bandwidth, etc and it is called cloudfare, they also have a great feature where your website is always online even when your server is down, as well as many other feature such as website compression and speeding your website up. Visit https://www.cloudflare.com/overview , They have a free version available that would be ideal for smaller websites and also paid versions (Starting @ $20 a month) that you can scale up the bigger your websites become, It’s simple and easy to use. I would recommend all your readers to at least research this company and the service it offers.
Thanks for your comment.
Yep, I’m aware of CloudFlare – it actually came free with my Blue Host account but for some weird reason they couldn’t set it up for me…
Anyway, I’m using basically same service from Sucuri now called CloudProxy – it basically does the same thing as CloudFlare, for $10 a month.
Very informative and thanks for sharing this Andrew and it will help readers to avoid situations and act proactively.
You’re welcome Yousaf!
And I really hope people will learn from this and IMMEDIATELY implement these three steps to secure their websites. Not tomorrow, mot day after but immediately. As a week from now it already may be too late…
Thank you for your email and your great article, all written to your usual high standard.
I do have a concern though about the security of my information with you and in particular the security of a number of payments that i have made to you. These hackers can be surreptitious about their real motives and whist sending out spam emails is one thing, interrogating your files for another less obvious reason is quite another. Are you absolutely sure that my details and that of all your clients have not been compromised?
I have, as a matter of good practice changed ALL my passwords for all my payment methods, something that i do every two to three months as i use the internet a lot!
Thanks for your email.
No, don’t worry about that – no sensitive data, user accounts for products were hacked. All memberships I run are strictly protected by specialised software PLUS I don’t have access to my customer credit card or PayPal login details so even if they would get to this part of my websites, they wouldn’t find anything.
It was strictly infections to send out spam emails.
Thank you for another informative blog post Andrew, I was wondering why I couldn’t access the EAB site the other week, although I emailed you and as always was very happy with the speed of your reply.
It’s sad to hear you went through this but so glad you recovered from it, we had something like this a few years back with (luckily) an old website so it didn’t matter too much and we lost the lot.
But it’s great that you have shared with us the best steps to go down to avoid this.
Glad I can help! 🙂
I really hope it won’t happen again, as those 2 days I thought I will get a nerve breakdown or heart attack.
Please try not to get a heart attack as many of your followers/fans will die. 😉
Keep up the good work and good health.
I will! 🙂