With a touch of self-deprecation and a major flip of the bird to those who caused me to tell this tale, I present a short story about the importance of using protection. (At least when it comes to your website). Warning! Reading this may cause (in order of severity): anxiety, nausea, loose bowel movements, the urge to learn web development.
So a while back you may remember that I had a falling out with GoDaddy – our first blog host. Due to our site being down for hours at a time without notice from our host, I moved it to Blue Host which has been slightly better, but still not that great. I probably should have known that using a company with an obvious political reference in their title was a bad idea, but alas, I still haven’t learned. At least our site works … most of the time. What soured the relationship though was the fact that like many other services related to a web site, they start you out with one price, then after you’ve gotten all comfortable and committed, that price goes up. Believe me, it’s a pain in the ass to move a WordPress site, so they are very correct in thinking that a few more dollars per month probably won’t sway most people and they’ll pay up.
So after the 3 month honeymoon when I noticed the extra Blue Host charges on the credit card, I immediately called and told them I didn’t want these extra services I was now paying for. The customer service rep seemed astonished! CSR: “Really – you don’t want protection for your web site?” Dumb IT Guy: “Pfff – no. I have a small blog that only a few people read. I don’t need protection”. So when I hung up after my 45 minute call, I was pretty jazzed that I was saving 4 bucks a month and showed them who was boss.
Fast forward to a few day ago. We’re getting ready for our next trip, and I start making a few improvements to our site, which as I mentioned above uses a platform called WordPress. I admit I know very little about WordPress. I can code a site in C# (C-Sharp) from scratch, but this WP stuff is still a foreign language. I feel it’s mostly a scam for wannabe developers to write simple code, call it a FREE theme, and get people to pay exorbitant amounts for the FULL version (that you really don’t need anyway). Same goes for plug-ins, which are the little WordPress code snippets that do cool stuff on your site. You want the free version – that only comes in chartreuse. A hundred bucks if you want black and white so you can see it.
Anyway, I digress. As I’m playing with some customizations on our site, Tami tries to get on to see what I’m doing. She searches for bourbon and chocolate, but Google doesn’t show our site at all. At first I thought – no big deal, I really don’t care if people find us in a search. But as I slept on it, I developed a kink in my neck that reminded me the next day that something was amiss. The next morning, as I started sipping my first cup of semi-caffeinated nectar that slowly kicks my brain into gear, I began reading about the various reasons Google wouldn’t show our own site when we search for the name of it. I figured it’s probably just because Google hates WordPress as much as I do. But as I read, I discovered my theory contained mistakes.
What Google actually hates is a web site that talks about bourbon and chocolate, but points to another one in India that sells Viagra and Cialis. And that’s what ours was doing (in the eyes of the Great Google Crawler-bots). As it turned out, our site had been infected by the ‘Pharma Hack’, which uses a ‘cloaking’ technology (developed by the Romulans) to present a different website to the Wizard of Google than what is presented to the general public. In English – that means that what you and I see is the normal site. What Google sees is an ad to buy fake viagra from an online pharmacy in India. As an I.T. guy who keeps up on malware attacks, I was completely caught off guard, and also oblivious to what was going on here. I would now need to become very familiar with the code behind our website in order to best the hackers. But why would they want to do this in the first place? Well – the fake pharmacy in India gets free search engine ranking by causing hacked sites to display links to their site without even knowing it. And I can see the logic behind it: Search for bourbon and chocolate, see a link to a fake pharmacy selling ‘uppers’, and most people would immediately whip out their credit card and buy! (Pause for sarcasm to sink in…) But bringing down some crackpot hacker assclowns set me on a mission. And yes – I hope the clowns are reading this.
In the subsequent 24 hours I learned a great deal of info that most of you will also want to familiarize yourself with as soon as possible! I learned what rogue code on a web site might look like. I learned how to search my php database. I learned how to connect to my site with an SSH shell so I could use some ‘grep’ commands. I learned about Google Search Console and that the hacker’s product descriptions of Viagra and Cialis should have had better notations or I still might not have know I was being hacked. And as I took apart our blog site piece by piece thinking I would likely have to delete the whole thing and start over … I learned the importance of protection.
As of now though, I’m happy to report that in those 24 hours of digging I finally uncovered the files that included the hacked code. After I finally got a thumbs up from the Google site scan, I opted back in to the firewall software that would have saved me this trouble in the first place. Now I’m not a conspiracy theorist, but I do consider the odds when unlikely events occur. So could an incredulous rep at Blue Host, who has saved me a total of 8 bucks now, be a hacker in his spare time? Or, does he have a good friend across the isle at the call center who works for a fake pharmacy and gets a list each day consisting of those WordPress sites that opted out of the firewall service? I suppose I’ll never know. But either way, when the brutes show up each month to collect my 4 bucks for protection, I’ll be reminded I’m in good hands!
And now that this little adventure is seemingly behind me, I can help Tami load up The Enterprise for our second mission. If all goes well and we can still afford to pump diesel into our rig, we’ll have another 10k miles logged when we return to AZ just before Christmas. And we are certainly looking forward to seeing some of you along the way!
Happy Trails … and Touché Hackers! Touché.
-G&T
Wow…that is some crazy crap!! I was really trying to keep up with you but I finally figured out that if anyone would come out on right side, it would be you! All I can say is “winner”!!
Can’t wait to hear about your new adventure!
Thanks for the vote of confidence Laurie! It was more determination than knowing what I was doing … but either way the outcome was the same I guess. Always love your comments!