We were hacked on Saturday after a DOS attack of 28,000 hits and an apparent intrusion. I never thought it could happern to me. Even after reading about the ills that affected Jay Thompson at his PhoenixRealEstateGuy.com website, I thought about it, did some reading and decided we were fine.
When I saw the spike in page views yesterday, it just didn't occur to me that it was anything but a Denial Of Service attack and there was more to come. I did take a screen shot of the report and sent it to my vendor to have a look but it was too late and the damage showed up this morning.
It's still unclear how they got in and what the extent of the damage really is. Our site is still up and we do have good backups. My support guy is working on it and should have it fixed with a restore overnight.
If you think your blog is safe- its not!
So if you have a self-hosted Wordpress Blog I'd make sure of the following:
- All back-end security is as tight as the butt on a fish.
- Do you have a GREAT back-up? Has it been tested?
- Do you trust the security of your host? Do they have a firewall? What is their intrusion record?
- Who did your initial Wordpress install? Did they properly secure it? Are you SURE?
You should call your support person TODAY and have them check your security. Just DO IT.
And I'll report back if/when we find the origin of the attack and how they got in.