In early December while on vacation in the popular Malaysian beach resort of Langkawi, I discovered that some malware had compromised my website/blog. It took me awhile to fully comprehend the severity of the havoc wreaked by this malware – in essence, all my search engine traffic had been hijacked and redirected to the spam website. The story of this hijacking was chronicled in a prior post.
After the realization that my online presence was totally crippled by this insidious bug, I pleaded with My Webmaster to see if he could find a fix. Initially he was stumped, but with dogged determination he discovered both how the hijacking was accomplished and a very simple fix – my FTP was hacked and a lot of white space/blank lines was added to the .htaccess file, followed by some lines telling the web server to forward any clicks coming from search engine results to the spam site.
The fix he said was quite simple – all he had to do was remove the extra code from the .htacess line. In addition, he recommended that I change my rather simple FTP password to something more complicated to make things difficult for potential hackers. For a full explanation of how the malware was removed from my site I suggest you visit his website and read about “The Fix”. A must read! In addition, while troubleshooting this malware issue, we came across another site that also dealt with the same problem (and offered a similar fix). Needless to say, after the nasty little bug was extricated from my site, I was quite relieved.
While discussing why my website was targeted, my webmaster came up with this explanation:
“If the errant webmaster targeted thousands of sites to be hijacked, then even if each site only gets 20 hits/day, that builds up to 10s of thousands of people directed to his site instead. Even if only 1% of those people buy the products, he’s making a lot of money. Furthermore, most of the websites that are hijacked probably have low to mid range Google Page rankings (2-4) like yours, so that he’s less likely to attract too much attention. It’s a shitty, low, repugnant thing to do, but some of these internet marketers and immoral webmasters resort to using such tactics”.
What can you do to prevent your website from being hijacked? I have come up with some handy tips to protect yourself.
- Use Firefox as your browser, minimize your use of Internet Explorer
- Avoid clicking on popup windows – especially those that offer free system or virus scan of your computer or those that offer freebies
- Generate some complex passwords of at least 8 characters for your FTP access, blog log in, e-mail logins etc. Use a tool like PC Tools password generator
- Keep your antivirus, malware, spyware definitions up to date. Remember to use your Firewall at all times.
Be Safe out there!