First Street Pets hacked!

First Street Pets was hacked! How did this happen, what steps did I take to address it, and how can you prevent your website from being compromised? #petwebsite #godaddy #petsitter #petbusiness #wordpress

Hacked!

Ironically, I just finished making a video and writing an article on How to create a website for your pet business including all the ins and outs and security … all the while my own website was being hacked! I want to share that experience with you, why I think that happened, and steps that you can take to prevent it from happening to you.

This all started maybe three weeks ago or so when I got an email from Godaddy which is the company I use for my website, domain name, and all that. They notified me that there had been a security breach and that I would have to log in and change my password. I went ahead and did that had a look around to see what was going on. The first thing I noticed was that someone had been trying to log into my account. There were pages and pages of failed logins! The hackers must have been using some kind of a bot that maybe randomly generates passwords? I’m not really sure how this works.

After what looks like hundreds of attempts, they were successful in accessing my website! What does that mean? I quickly discovered that when I typed in an exact url for a given page, it went to that page; for example, What you didn’t know about the history of dog food. However, if I clicked a link, it redirected to another page for ED meds! Horrified, I started searching my site on Google and that was exactly what I saw. Search results would show First Street Pets but the text under it was about buying meds from an online pharmacy.

What to do?

This was all new to me so I wasn’t really sure what to do. I waited a few days because, according to GoDaddy’s email, they had removed the malware from the site. I thought it may just take a little longer for Google to re-index the site, but a couple weeks later it was still looking that way and my analytics were way down. I was getting about half as many hits as I normally do because obviously when someone searches about dog collars they’re not looking for ED meds! I’m sure when they saw that in the Google results they weren’t going to click on it because they’re not looking for spam, they’re looking for the information that I’m providing. It was time for a call to GoDaddy.

Some people don’t like GoDaddy and I’m not sure why. They aren’t the cheapest, but they provide great customer service and that’s important at a time like this when you have a big problem. I’m an early bird so when I call at 5AM I have a much shorter wait time than others who call during business hours — a little hack there for those of you who are early birds or night owls. The customer service rep explained to me why this happened and I’m sharing with you what he told me so you can prevent this from happening to your website. If you are creating a new website or you’ve had one for a while, here are some things you can do and be aware of.

WYSIWYG vs. WordPress

If you’re using the basic WYSIWYG (what you see is what you get) site from GoDaddy, Wix, Square Space, or any of those other companies, the kind where you just add your pictures and your text and hit go, you are much less likely to be hacked. As it was explained to me, the reason is that it’s very hands-off for the content creator. These apps are the crock pots of web design: set it and forget it. You create your content, put it out there for your business, and the company takes care of everything on the back end. They update the software, maintain security, and manage everything so you don’t have to. That’s what you’re paying for. This doesn’t mean that you’ll never have a problem, but it is less likely to happen than with WordPress.

WordPress, on the other hand, has a much higher learning curve and requires more management. The benefit of this platform is its higher functionality and ability to be customized. This is why it is recommended for blogs, e-commerce, and websites above the basic level. Because it’s a lot more hands-on, it is the users responsibility to check in regularly and make sure things are running smoothly. Software plugins must be updated to the latest version. Incompatible or unused plugins should be removed from your site. As the GoDaddy rep explained to me, any outdated plugin can provide a security breach for a hacker.

You’ll want to check frequently — daily or at least a few times a week — to see if there are unauthorized login attempts. Had I done this, I would have seen all the login attempts and taken immediate action. Because I wasn’t aware of the problem, the problem got worse. My site was compromised, my search engine results changed, and I lost traffic. Even though I may be working on my site every day writing scripts for videos, collecting images, or just brainstorming, I’m not necessarily logging in, or at least I wasn’t at the time this happened. Now I’m treating it like my banking, just checking in several times a week and making sure all is well.

Next steps

More secure server

After identifying the problem, the rep and I discussed next steps. I updated and removed plugins as suggested, then I agreed to move my site to a more secure server. It cost a little more but provides a higher level of security, a firewall, and includes SSL. Because the breach had such a significant effect on First Street Pets, I decided this is worth it. As part of the package I purchased, they will comb through everything on my website and remove any malware.

Correct search engine results

As part of the package GoDaddy will also reach out to Google and other search engines to notify them that there was a security breach on my site and to correct the listings. The concern is that, if my listings all look like spam and clickbait, Google will remove my site from search results. I don’t know how to fix this myself, so I’m happy to let them handle it.

Comments and emails

As of now, a few weeks after recording the video above, my website is back to normal. One thing I need to continue monitoring, in addition to my site health, is comments and emails. Hackers are more sophisticated and persistent than ever, and they have numerous ways of breaching a user’s security and getting what they want for identity theft or other nefarious purposes. I get thousands of comments on my blog, none of them legit, so I am trying to figure out how to just disable that function. These comments reference ed meds, porn, or are just gobbledygook that makes no sense, but they all contain links to malware. You probably know by now to never click a link in email, text, or random comment.

I helped my boyfriend update the website for his business, and it originally had a cool little chat popup where a potential client could enter an email message. It turned out to be not so cool when the hacker bots discovered it and flooded his email box with spam. We removed the popup so clients can call or email through the Contact Us section which seems to be less suseptible than a fill-in-the-blanks form.

I hope this information will help you keep your website safe. If anything does happen, you can address it right away to minimize damage. I wih you great success in your pet business!

Be the first to comment

Leave a Reply

Your email address will not be published.


*