Three weeks ago I faced a server attack.
A serious attack that affected most of my websites and for a while I actually thought I would lose a large portion of my business because of this. Thankfully I managed to fix it and that’s why you’re now reading this post.
So let’s go into detail about what happened and most importantly – how to secure your online business and websites so that you never face a situation like this.
Even though I have dealt with various sorts of hacker attacks previously, this time it was much more serious. What happened was, by using some vulnerabilities within the software I was running on my server, hackers “infected” many of my websites with malware (software/scripts that can be controlled by hackers).
I luckily noticed it very quickly as when I was checking my server status (which I do almost every day) as I saw that there was more than 40 000 scheduled emails in my mail queue. Spam emails of course. That instantly raised alarm bells for me and I knew that something dodgy was going on.
This is what hackers usually do – they get inside your web hosting account or server (if you have one) and install malware to send out thousands of spam emails to email addresses scrapped over the net. This way they use your resources, your email addresses and hosting account to send out spam emails.
If you’re not careful and do not spot this in time, hackers can use your website for days or even weeks to send out tens of thousands of spam emails.
And this results in your domain name and email address being black-listed by mail service providers (such as Gmail, Yahoo) and even search engines!
I’m sure I don’t have to explain the severity of this as if you have established websites and online shops with a good Google rank; this can completely destroy years of hard work.
First Things First
If something like this happens to you, the first thing you want to do is contact your hosting company and ask them to DISABLE the mail sending function for your account. This effectively stops ANY emails coming out of your account and is the best temporary solution to put in place while you deal with the core problem – the actual malware.
If you have your own dedicated or virtual server running WHM & CPanel, you can do this on your own – by switching off the Mail Exim service. Either way, the idea here is to stop those spam emails being sent out while you clean up your websites.
The next thing you want to do is check those spam emails you have in your mail queue. Again, if you have access to WHM, you can do this by yourself via the Mail Queue feature – if not, just ask your hosting account provider to check these emails for you.
What we’re looking for here are HEADERS within these emails that contain information about where they’re coming from. Usually, they will have links/code that point to a specific place, folder, plugin or software within your website (which has been infected). If you’re not good with code, this won’t help you much though as you won’t be able to clean the files on your own (you can’t simply delete them as then your website could stop working completely).
Even though I consider myself to be quite good with code, I couldn’t really figure it out by myself so I realised that, to not waste any more valuable time, I should find a company who can do this for me – a company that can completely remove the malware from my sites so that I could resume business as normal, asap!
So I just started Googling for phrases like:
- clean up websites
- malware removal service
- malware detection service
- and so on
It turns out there are hundreds of companies doing this and I can definitely see that there’s a huge business here – desperate business owners with infected websites are ready to pay ANY kind of money to get their problems fixed. Talk about a problem resolving business concept, eh?
I checked out probably 10 or 15 of the best looking companies that showed up on Google search. Many of them didn’t have live chat which was an instant turn off for me. I really needed someone to start working on my websites ASAP so was looking for a 24/7 service.
After spending an hour or two searching, I thankfully found a company called Sucuri.net which I really liked, particularly how professional their website looked and the fact that they had live chat support available to instantly deal with my query.
Not only did they have 24/7 sales support, their “clean up” team also works 24/7. Just to be 100% sure, I specifically asked the live chat rep – WILL someone start working on my case right away? And the answer was – YES!
And they weren’t lying… once I signed up and paid the fee, my case was opened within 5 minutes and their technicians started the scanning process almost immediately.
I’m sure there are many other good companies providing a similar service, but I really liked the way Sucuri treated my case urgently so if you’re looking for a company to clean up your website from malware, I can certainly recommend Sucuri.net
And it’s not just a disaster revoke service, not at all! For the yearly fee you pay, you get constant/daily monitoring of your websites and if malware is detected, they will remove it for the fee you have already paid, there’s no need to pay anything extra. Plus you can always ask for a manual removal and scan if you feel your websites have been hacked.
Plus if you want even further protection, they also offer a special PROXY firewall service where you can protect your website in a way that all potential hacker and DDOS attacks are filtered before they even have a chance to get to your website. I’m seriously considering adding this service to at least a few of my biggest websites for further protection.
So back to my disaster situation – Sucuri started working on my sites and it turned out that 6 or 7 were infected, some very seriously, with various malware infected across several areas. They managed to clean most of the stuff within 24 hours or so but then just when I thought this were close to being fixed, the next disaster occurred…
Blue Host SHUTDOWN
Yes, just when I thought it was all over, Blue Host completely shut down my server because they now detected these malware issues themselves. I don’t blame them of course – they want to protect their customers and their servers from being used to send out spam. In cases like these, there’s not much you can do – most hosting providers would do the same – they will shut down your websites and grant FTP access to your IP address so you can resolve the issues in question.
Unfortunately, that part didn’t go as well as I’d hoped… suddenly there were WHM issues within my server and I could not get my websites back online. Blu Host started to investigate the problem but as it would be at least another few hours that my websites would be down, I made the serious decision to move all of my sites to a new hosting company.
Coincidentally, I had wanted to move to a new, more powerful server for some time already and this provided the perfect timing to do so. There was nothing to lose as my websites were down anyway!
After more than 10 years of using US based hosting companies, this time I thought – what the hell, why not try out one based in the UK? Maybe I would get lucky and find a company with a more personal approach to clients than these super large hosting companies.
So I started another round of Google research to find a UK based hosting company that provides 24/7 support, offers good cloud based VPS service (virtual private servers) and can help me with the transfer process immediately.
I also needed a company that offers WHM and CPanel by default as that would make the whole transferring process much easier as you can make back-ups of websites in WHM and in the same way, import them to your new hosting account.
After checking out a few companies, I settled with WebHost.uk.net.
Again, live chat support played the biggest role here. First of all, when you go to WebHost.uk.net website and lick on Live Support, you get an INSTANT response! No waiting time, just instant support from a live person. And they offer both sales and technical support 24/7, which is CRUCIAL in my opinion when you’re looking for a hosting company.
Not only was their live support instant, they also promised to set-up my server within 30 minutes and help with the transfer process. How cool is that? With Host Gator for example, you have to wait 2-3 days for them to set up a Virtual Private Server but this company offered almost instant set-up.
Finally, I also checked out some of their reviews online.
A quick side note – when you check out hosting company reviews online, be prepared to see lots of negative comments and very low ratings overall, compared to other industries.
This is because most people leave reviews for hosting companies when something goes wrong (and it happens even with the very best companies) and not so much when everything just works as it should.
So what I realised by comparing various hosting company reviews is that you won’t find a company with say 5 out of 5 stars reviews, not even close. Most are 2-3 stars and lower (out of 5) – EVEN for companies I personally found to be very good (Blue Host for example).
Anyway, WebHost.uk.net’s reviews were actually very good – 4 to 4.3 stars on average on various sites, so knowing what I did about the average score for hosting companies, that looked like a very good score to me.
As I was really running out of time by this point, I just made the decision and signed up for the Cloud Linux Plan 4, with a 50GB SSD (much faster than the normal HDDs). This package gives me:
- Quad Core Processor (4 processors)
- 4GB RAM
- 50GB SSD
- 1280GB Bandwidth
- 2 Dedicated IP Addresses
- CentOS 6.x Operating system
- CPanel & WHM
Now, it’s a very powerful package which comes at a cost of course – the price for this package is £127 (inc. VAT) per month but it really is a superb set-up with LOTS of power!
Most of you wouldn’t need such an expensive package and that’s why there are much smaller and cheaper options available:
It took probably 30-40 minutes and I was ready to go!
Well when I say ready to go, what I mean was that I had reached the transfer process, which I needed help with, badly!
Because all my websites together take up about 15GB of space!!! So for me to download it from my old account AND upload to the new one would take several days, which definitely wasn’t an option considering that at this point my websites had already been down for about 10 hours or so.
So I started another live chat session, this time with a tech support guy called George Shaw. I really feel like it was a God-send that George answered my live support request (they have multiple people working at one time)!
George instantly started working on the transfer process and unlike me; he had the knowledge and POWER to do it quickly! He used special, super fast FTP direct access software to move my back up files from the old server to the new one.
In the meantime I was busy changing nameservers for all my websites so that they were pointing to my new server once the transfer was complete.
The file transfer process still took 3 or 4 hours BUT taking into account how massive they were, it still was very quick. And some smaller sites were transferred much quicker, so I started to see my websites go live one by one. Happy times!
Once the transfer process was complete, it turned out that several websites were not working properly due to CPanel/database versions incompatibility issues and other such complicated things.
At this point I was starting to lose all hope and think that this nightmare would never end!!
But don’t forget – I still had George communicating with me on live chat this entire time! For 5 hours+! And he started fixing each website, one by one, and bringing them back to life. These really were complex issues that no ordinary tech support guy would have been able to fix but George did it! He completely corrected all issues with my sites and only then ended his shift. Bearing in mind that it was late Friday night by then, I’m truthfully amazed!
So all in all, I can’t say enough how impressed and thankful I am for the service received from Webhost.uk.net and while it’s of course only been three weeks since then, I’m very happy with the service and support they provide.
Once again, I would like to give a BIG thanks to Rachel & George who helped me with the whole transfer process and brought my business back to life.
Lessons to Be Learnt
Now, when I look back at this whole mess I was in, I realise that partially it was my own fault. Well okay, mostly my own fault.
You see, hackers mostly target outdated software and plugins as they are more vulnerable. They infect your website via ‘holes’ within old software and yes, I have to admit that I was not completely up to date with everything and some of my sites had old software installed (hadn’t been updated) and that’s what most likely caused the malware infection in the first place.
So the no.1 lesson to take from this is – ALWAYS keep your websites, plugins and scripts UPDATED!!! I have now scheduled maintenance checks on all my websites, every week, so that I can instantly update my software as soon as a new version is released.
Secondly – backups. You really can’t treat back-ups lightly. You want to be 100% in control of your businesses and do REGULAR back-ups for all websites you have AND store them in various places, not just your hosting account!
Yes, I did have back-ups set-up in my previous hosting account but at one stage I thought I would lose them all (when WHM in Blue Host went down). So it’s super important to have multiple back-up locations.
From now on, I will keep back-ups of my websites in 4 places:
- My server
- My computer
- Time capsule (which automatically takes them from my computer)
- Dropbox (which automatically takes them from my computer)
Make it a WEEKLY routine to back-up all of your websites and store them in at least 3 places – your hosting account, computer and some form of cloud data storage.
To even further increase my back-up system, I also signed up to the R1Soft back-up solution from WebHost.uk.net. It’s a more advanced back-up system which means you can have complete websites restored in less time plus there are many more advantages to using it.
So lesson no.2 – have a systematic back-up policy in place and store your back-ups in at least 3 different places.
Thirdly – prevention of hacker attacks.
I could have avoided ALL OF THIS, if I had an account with Sucuri.net in place. It’s as simple as that. As when you have your websites constantly monitored (they do daily scans), such malware infections can be quickly spotted and removed WITHOUT all the drama I went through!
And it all works on auto pilot! You just enable server side scanning in Sucuri, add your website’s FTP details and their software will scan your website every day looking for malware infections. If they find something, you’ll receive an email and you can then request immediate malware removal which will be carried out instantly by their 24/7 technicians.
Besides that, Sucuri also looks for outdated software (like WordPress versions) and plugins and informs you when you need to upgrade your scripts. This is very handy as it means you don’t have to manually check this every week.
Lesson no.3 – have an account with Sucuri.net or a similar company to constantly monitor your sites for malware infections!
You can of course use any other, similar service but my experience with Sucuri has been so great that it’s the company I recommend you use. They worked very hard and efficiently to clean up all of my websites in a very timely manner and I can’t thank them enough for that!
So here you have it – the 3 KEYS to securing your websites against hacker attacks:
- Keep your website software updated at all times.
- Have a super safe back-up system in place.
- Constantly monitor your websites for malware infections.
This may not 100% guarantee that your websites will never be hacked but at least it provides a basic security network which will work in 99.9% of cases. Plus even if the worst happens and you are attacked, you’ll then have secure back-ups in place to restore your website quickly and easily – the opposite of what I had to go through.
And it doesn’t matter how big or small you are – trust me, you want to secure yourself against any potential damages as the cost of fixing them can be severe. Even if you have just one blog, website or self-hosted online shop – you still want to do this! It may cost you $100 a year for Sucuri’s service but the fee is well worth it considering what they provide. And then the back-ups and updated software doesn’t cost you anything, apart from your time.
Speaking about how big your business is – don’t think that hackers only go after large companies/websites – not at all! Malware infections to send out spam emails are not manually created. Hackers simply use special scripts that scan the internet, thousands of websites each day, to find those weak spots and install scripts. The whole process is entirely automated and they do not specifically target large businesses.
With everything considered – it’s better to be safe than sorry, right?
I hope this guide will help some of you avoid the 2 day nightmare that I went through.
So please, learn from my mistakes and secure your websites now.
If you have any comments or questions about the processes outlined in this post, please post them below and I will personally answer all your queries.