If you were subscribed to my newsletter, RSS feed or blog before 8am EST on Tuesday, you got hit with about 9 or 10 emails. Someone hacked my blog and created 12 posts promoting their network of websites in order to try and game Google with backlinks. Every time a new post is created it creates a newsletter that automatically goes out. That is why you got all of those weird emails. Although I got a ton of unsubscribes, I stayed calm and took action to not only stop the last few emails, but also to be proactive if it happens again.
Here’s what I did when I found out my blog got hacked:
- Stopped my newsletter
- Let subscribers know what happened
- Remove the hacked posts & delete the hacked account
- Keeping them in trash for review
- Contact my host
- Look up someone to move me to this host
- Tweeted to Gary Ilyes Looking For a Site
Please note the links to vendors in the post should all be affiliate links or ads if the store has a program. If they don’t I will change them out so I can earn commissions for referring you all to the same service providers I either use, used or am thinking about using.
Stopped My Newsletter
I had my newsletter set to send out new posts to the entire list whenever I post to my blog. It’s called a broadcast or blog broadcast and I will no longer have this automated for this exact reason.
The most worrisome thing for me was seeing the unsubscribes happen on my newsletter list. The company I use for it (you can find them here) doesn’t have any support until 8am EST either (via chat or phone) so I was stuck on my own. I navigated their interface and did find the button where it allows you to automate and I turned that off. Around 8:30am I called in and they verified that I now have to manually log in to send a newsletter (so there’s little to no chance of this happening again).
What I also learned is that I may need to change email service providers (ESP) to one who has around the clock support or see if they have an upgraded version with 24/7 phone or live chat support. I don’t mind paying more if I’ll have a peace of mind knowing that if this happens I can have someone to help me. I’ll probably stick with them, but if there are competitors that offer 24/7 phone and live chat support, I may change because I’d rather have that peace of mind.
Let Subscribers Know What Happened
At this point a lot of people have now unsubscribed which stinks. I sent out an email to everyone letting them know I was hacked, to not open any of the newsletters and that I was working on a solution. I also apologized, took responsibility and let them know I’m working on finding a solution and way to help prevent this from happening again. As of this morning I am still getting some unsubscribes which is why I’m posting today instead of Monday.
For some of the people who unsubscribed but also engage with me regularly, I sent a second follow up when I saw them leave, but that isn’t practical and I had to stop. It recovered a couple of them but not all. This is just one of those things that sucks and you just have to do what you can to prevent it from happening again in the future.
Remove the Hacked Posts & Delete the Hacked Account
I was about to delete all of the posts 100% but then realized this isn’t smart (yet). If I would delete everything then it may be harder to trouble shoot. Instead I moved all of them to trash (another option could be to change the published status to something that isn’t live). The one issue with this is that if you have people who auto-tweet from your feed, they’re referrals will land on dead pages. If you are able to, set redirects for those pages to a landing page explaining the content isn’t there and recommend they visit some of your favorite content.
Keeping Them in Trash For Review
I kept the spam posts in my trash folder so that my old host (I changed as of yesterday) could review how they got in, look to see if its happening to other sites and tell me how to prevent this from happening to other accounts. One thing that is important to remember is that this could happen at any host and at any time. However, my host does not offer live chat or phone support at all. 24/7 email support but you cannot get a person to pick up the phone. For me this is not acceptable which is why I have the section below about leaving.
I will still recommend this host to people, but there are specific reasons I am personally leaving and this was the final straw. I found another option which is less expensive, offers more flexibility and other support options which meets my needs. It’s also cheaper…did I mention that? My current one is great, it just doesn’t meet my current needs.
Contact My Host
The next thing I did was open a support ticket with my host. The person handling it is one of the tech support members I do trust and like so I knew I was in good hands. However, when something like this happens and you’re a single person company, SMB or don’t have a tech/IT person, it can be scary. That’s why having someone to talk to and keep you calm on the phone or via live chat is vital. They do not offer this so I left this week for this host.
Look Up Someone to Move Me to This Host (affiliate link)
Once I decided it was time to change hosts I needed to find someone to move my site for me. I created a checklist of things I needed from them which included:
- Do they understand SEO?
- Can they tell me what caching a site is?
- What do they look for code wise to move over?
- Tracking codes
- Email codes and optins
- Will they watch as the site resolves in the countries I get the most traffic from?
- How much do they cost?
Normally I look for inexpensive, but when you go through things like this you want quality and affordable since you don’t want any more stress to deal with. I went to Facebook to crowdsource and had a few referrals including one who came in perfect. They were able to move me to this host easily and painlessly.
Tweeted to Gary Ilyes Looking For a Site
Gary Illyes is a very active Googler on Twitter who tends to respond. I sent out two tweets that morning asking him how I can submit a list of the sites that the Hackers linked to from my blog. All of the sites use the same banner design, are around the same types of service and are written in the same style. This was something they did deliberately for their own gain and not to benefit a client. If it was for clients like SMBs who normally don’t know better, I would reach out to the SMB directly. This was someone hacking sites opened to get backlinks and for personal gain which is why I reported their network of sites.
There are other things I did like run a scan on my site for malware or malicious code. I also went through (and am about to do it again) to check for any external links that I wouldn’t normally link to. I did find a few and they’re now gone. I haven’t searched through everything yet but I’ll be running a tool to find everything for me. Although it isn’t fun to do, if your blog gets hacked, this is the perfect time to clean everything else up as well.
When your blog or website gets hacked you need to keep calm. It happens. The most important thing to remember is to protect your readers, protect your company and stop anything that is within your control like broadcasted newsletters. If you’re like me and want or need someone to be able to walk you through what happened, check today to see if your current software providers offer 24 hour phone or live chat support. If they don’t or if you cannot reach someone there, it may be time to find new providers.
If you’re reading this, hopefully you found the post useful. If you’re a subscriber and stayed on my list, thank you! Feel free to leave a comment below if you’d like.
8 thoughts on “I Got Hacked, Here’s What Happened.”
Nice Work Adam.
When I saw the multiple emails I knew something was happening and checked to see if I could get a message to you with the notion that you were probably already busy assessing the situation.
You handled what you could control and turned this attack on your business into information and advice for your readers to consider. Your list will build back up because myself and others will mention and recommend you more, now, due to how you handled the situation with calm and integrity.
Hoping you have a restful weekend. – Take Care
Thanks Danny! I appreciate it. Have a great weekend as well!
I saw those posts in my inbox but luckily had not got around to reading any of them – apart from yours alerting me to the hack. Glad to hear you are all sorted now, but I’d love to know what you are using to check there are no more malicious posts or external links lurking in the bowels of your site. I own several websites, one of which has around 13,000 pages indexed – more if you count non-index pages too. Historically i found a few pages had been tampered with and outbound links to dubious neighbourhoods had been added by persons unknown to me. i tried to find them all by hand and they seemed to all occur around a certain time-frame, so hopefully there aren’t any more, especially as I had a trawl through plugins and closed any potential backdoor vulnerabilities, like slider revolution had for a while. But never one to rest on my laurels as they say, if there’s a tool you can recommend to do regular automatic checks that would be very useful. Thanks for sharing this.
There’s a lot of things you can do and different ways to check. For example, if it’s outbound links (they injected links to boost their SEO) use a crawler to go through your site and create a list of all internal and external pointing links. Use the contact form and I can send you a couple.
For malicious code someone recommended Sucuri to me but I haven’t used it yet. One of my vendors did run a report on my blog with it and said it came back clean.
I hope this helps!
Way to rally and share your experience so others can learn what to do! Keep up the good work.
Thanks Mark! It sucked and I lost a bunch of my newsletter list, but I didn’t lose my site, the entire list, etc… Hopefully the post will help others.
I really missed your mail and today while I was checking my spam folder I found this vital information. Though by the grace of God, my site not hacked so far, but I faced a bad situation in which a malware attack and I faced a lot of problems to get back to my resources back. The host company played havoc on my request and I changed the host at once. Blue host was the company, and presently I am running on a wonderful host called A2Hosting. They are giving us a great service then.
This post is indeed a good one to get a first-hand experience of a person who faced such situation, I am amazed to note that you, Contact the host is shown as #5 how come this? I thought the first one we can do is to contact our host and then all other.
Anyways, having a good contact and a good relationship with a techie in hand is always good.
Thanks for this vital information
Thank God you could get back your resources
No worries and glad you got everything on track as well. That was number 5 because that isn’t the most important thing for me. My newsletter list and my community (it’s private for one-off posts I don’t make publicly available) are worth more. Stopping those from dying is my first priority. Whether you contact your host now or in 30 minutes, you’ve already been hacked and the damage was done. Stopping further damage was my top priority.