If you were subscribed to my newsletter, RSS feed or blog before 8am EST on Tuesday, you got hit with about 9 or 10 emails. Someone hacked my blog and created 12 posts promoting their network of websites in order to try and game Google with backlinks. Every time a new post is created it creates a newsletter that automatically goes out. That is why you got all of those weird emails. Although I got a ton of unsubscribes, I stayed calm and took action to not only stop the last few emails, but also to be proactive if it happens again.
Here’s what I did when I found out my blog got hacked:
- Stopped my newsletter
- Let subscribers know what happened
- Remove the hacked posts & delete the hacked account
- Keeping them in trash for review
- Contact my host
- Look up someone to move me to this host
- Tweeted to Gary Ilyes Looking For a Site
Please note the links to vendors in the post should all be affiliate links or ads if the store has a program. If they don’t I will change them out so I can earn commissions for referring you all to the same service providers I either use, used or am thinking about using.
Stopped My Newsletter
I had my newsletter set to send out new posts to the entire list whenever I post to my blog. It’s called a broadcast or blog broadcast and I will no longer have this automated for this exact reason.
The most worrisome thing for me was seeing the unsubscribes happen on my newsletter list. The company I use for it (you can find them here) doesn’t have any support until 8am EST either (via chat or phone) so I was stuck on my own. I navigated their interface and did find the button where it allows you to automate and I turned that off. Around 8:30am I called in and they verified that I now have to manually log in to send a newsletter (so there’s little to no chance of this happening again).
What I also learned is that I may need to change email service providers (ESP) to one who has around the clock support or see if they have an upgraded version with 24/7 phone or live chat support. I don’t mind paying more if I’ll have a peace of mind knowing that if this happens I can have someone to help me. I’ll probably stick with them, but if there are competitors that offer 24/7 phone and live chat support, I may change because I’d rather have that peace of mind.
Let Subscribers Know What Happened
At this point a lot of people have now unsubscribed which stinks. I sent out an email to everyone letting them know I was hacked, to not open any of the newsletters and that I was working on a solution. I also apologized, took responsibility and let them know I’m working on finding a solution and way to help prevent this from happening again. As of this morning I am still getting some unsubscribes which is why I’m posting today instead of Monday.
For some of the people who unsubscribed but also engage with me regularly, I sent a second follow up when I saw them leave, but that isn’t practical and I had to stop. It recovered a couple of them but not all. This is just one of those things that sucks and you just have to do what you can to prevent it from happening again in the future.
Remove the Hacked Posts & Delete the Hacked Account
I was about to delete all of the posts 100% but then realized this isn’t smart (yet). If I would delete everything then it may be harder to trouble shoot. Instead I moved all of them to trash (another option could be to change the published status to something that isn’t live). The one issue with this is that if you have people who auto-tweet from your feed, they’re referrals will land on dead pages. If you are able to, set redirects for those pages to a landing page explaining the content isn’t there and recommend they visit some of your favorite content.
Keeping Them in Trash For Review
I kept the spam posts in my trash folder so that my old host (I changed as of yesterday) could review how they got in, look to see if its happening to other sites and tell me how to prevent this from happening to other accounts. One thing that is important to remember is that this could happen at any host and at any time. However, my host does not offer live chat or phone support at all. 24/7 email support but you cannot get a person to pick up the phone. For me this is not acceptable which is why I have the section below about leaving.
I will still recommend this host to people, but there are specific reasons I am personally leaving and this was the final straw. I found another option which is less expensive, offers more flexibility and other support options which meets my needs. It’s also cheaper…did I mention that? My current one is great, it just doesn’t meet my current needs.
Contact My Host
The next thing I did was open a support ticket with my host. The person handling it is one of the tech support members I do trust and like so I knew I was in good hands. However, when something like this happens and you’re a single person company, SMB or don’t have a tech/IT person, it can be scary. That’s why having someone to talk to and keep you calm on the phone or via live chat is vital. They do not offer this so I left this week for this host.
Look Up Someone to Move Me to This Host (affiliate link)
Once I decided it was time to change hosts I needed to find someone to move my site for me. I created a checklist of things I needed from them which included:
- Do they understand SEO?
- Can they tell me what caching a site is?
- What do they look for code wise to move over?
- Tracking codes
- Email codes and optins
- Will they watch as the site resolves in the countries I get the most traffic from?
- How much do they cost?
Normally I look for inexpensive, but when you go through things like this you want quality and affordable since you don’t want any more stress to deal with. I went to Facebook to crowdsource and had a few referrals including one who came in perfect. They were able to move me to this host easily and painlessly.
Tweeted to Gary Ilyes Looking For a Site
Gary Illyes is a very active Googler on Twitter who tends to respond. I sent out two tweets that morning asking him how I can submit a list of the sites that the Hackers linked to from my blog. All of the sites use the same banner design, are around the same types of service and are written in the same style. This was something they did deliberately for their own gain and not to benefit a client. If it was for clients like SMBs who normally don’t know better, I would reach out to the SMB directly. This was someone hacking sites opened to get backlinks and for personal gain which is why I reported their network of sites.
There are other things I did like run a scan on my site for malware or malicious code. I also went through (and am about to do it again) to check for any external links that I wouldn’t normally link to. I did find a few and they’re now gone. I haven’t searched through everything yet but I’ll be running a tool to find everything for me. Although it isn’t fun to do, if your blog gets hacked, this is the perfect time to clean everything else up as well.
When your blog or website gets hacked you need to keep calm. It happens. The most important thing to remember is to protect your readers, protect your company and stop anything that is within your control like broadcasted newsletters. If you’re like me and want or need someone to be able to walk you through what happened, check today to see if your current software providers offer 24 hour phone or live chat support. If they don’t or if you cannot reach someone there, it may be time to find new providers.
If you’re reading this, hopefully you found the post useful. If you’re a subscriber and stayed on my list, thank you! Feel free to leave a comment below if you’d like.