If you've been wondering why things were a little quiet around here lately, it's because yesterday some of my sites were hacked. Fortunately, I've put Lazy Man and Money on a separate server that went unharmed. I also have backups of everything made each day to Amazon's S3 service. So if hackers get to my server, I should be able to restore things back to working condition fairly quickly.
It turns out to have been a pretty minor hack that was easy to reverse. All my data was safe and the sites are back up today.
The disappointing thing is that my provider, Dreamhost, allowed this happen. When I reported it, they went to a cop out excuse that I was running old WordPress software or insecure plugins. It doesn't explain why all my sites got hacked, even ones that didn't have WordPress installed.
I had three questions immediately come to my mind. Who did it and why? How would I protect myself from it in the future? What can I learn from the experience?
Who hacked me and why?
This is very difficult to answer (other than the obvious "SecurityBus"). Was it someone who just likes to hack sites for the challenge? Quite possibly. However, I was alerted by Amthrax who, like me, tries to educate consumers in the dangers of multi-level marketing. It instantly got me thinking, "What if an MLM company hired someone to hack me because I've been critical of them?" It's pure conjecture at this stage, but it would make sense.
How would I protect myself from being hacked in the future?
I think the best thing I can do is move things to my own server with more robust back-ups in place Dreamhost has back-ups as well, but I'm starting to trust them less when they are blaming me for the hack rather than investigating their own systems.
What can be learned from being hacked?
I believe hacking will forever be a risk in the digital publishing business. I need to treat it like any small business would. The corner bakery may not have hackers, but they are at risk of a riot (at least here near Oakland and San Francisco) or theft. I have a friend who owns a Subway and he's been robbed at gun point twice. Seems to be part of the nature of running a Subway in his neck of the woods. It's unfortunate and I fear for him, but he knows the risks and he's an adult and wise enough to make his decisions.
I've got a homework assignment for every reader here. (Don't worry, remember I'm Lazy so this will be easy.) Come up with a list of 3 top things that pose a risk to your income. Next to each one, write one or more things you can today to lower or eliminate that risk. Put the list on your bathroom mirror until you successfully put in place all those safeguards.
As Angel said near the end of the Buffy series, "I'll go start working on the second front. Make sure I don’t have to use it."
Extra Credit: Leave a comment with your business, risks, and steps you can take to minimize the risks.
9 Responses to “Lazy Man Sites Hacked and the Lessons We Can All Learn From It”
Next: Here’s The Best Comment in 5 Years of Lazy Man and Money