Site Navigation

Feb 29, 2012

FYI: My How-to Sites Hacked... Fixing

Just wanted to drop a quick note to the readers of this blog. My blog has not been hacked, so if you are linked to there are no worries, everything should work fine. However, thanks to Bill Jirsa, I found out all of my content at and my other hosted sites has been hacked. My web host had an intrusion in January 2012 and I was unaware of the extent of the damage.

Unfortunately, my real job take precedence so I'm am trying to repair things in my copious spare time. :) I just reinstalled the back of early this morning and now am getting 404 errors on the site. So if you run into any problems let me know.

As hacks go it seems to be fairly harmless. Occasional redirects to some racy sites. So what the hackers did was append a short bit of HTML/JavaScript code to every HTML file on the server. So your web site does not break. Everything continues to look fine and seems to work fine. However, every 10 or 20 times a page is clicked, instead of loading your page, it redirects the user to the hackers desired site. Very clever. Because most of the time, a user is gonna think that was just some sort of glitch and not really notice what happened. PHP pages were also targeted, but I think that was less successful as it broke a lot pages thus making it easy to detect.

Update 03/2012: is back up and fixed.

Update 10/2012 - How to Fix your Site: I have been getting a lot of hits on this blog entry in the last month and I'm guessing folks are looking for information on what to do if your site gets hacked. If that is you, check out this write up by Web Monkey: What to do if your Site gets Hacked which refers to this write up by Martin Sutherland. Also, Matt Smith has a nice writeup here.

In my case, I simply had to delete everything and restore from backup. Always make sure you have some kind of back up of your site. If you don't, it makes things a heck of a lot more difficult to fix.

Also note, that I have completely rewritten the backend for and that site is now completely fixed.
Post a Comment

Favorite Links Feed