Lazy Man and Money

  • Blog
  • Home
  • About
    • What I’m Doing Now
  • Consumer Protection
    • Is Le-vel Thrive a Scam?
    • Is Jusuru a Scam?
    • Is Beachbody’s Shakeology a Scam?
    • Is “It Works” a Scam?
    • Is Neora (Nerium) a Scam?
    • Youngevity Scam?
    • Are DoTERRA Essential Oils a Scam?
    • Is Plexus a Scam?
    • Is Jeunesse a Scam?
    • Is Kangen Water a Scam?
    • ViSalus Scam Exposed!
    • Is AdvoCare a Scam?
  • Contact
  • Archive

Lazy Man Sites Hacked and the Lessons We Can All Learn From It

October 13, 2015 by Lazy Man 9 Comments

If you’ve been wondering why things were a little quiet around here lately, it’s because yesterday some of my sites were hacked. Fortunately, I’ve put Lazy Man and Money on a separate server that went unharmed. I also have backups of everything made each day to Amazon’s S3 service. So if hackers get to my server, I should be able to restore things back to working condition fairly quickly.

It turns out to have been a pretty minor hack that was easy to reverse. All my data was safe and the sites are back up today.

The disappointing thing is that my provider, Dreamhost, allowed this happen. When I reported it, they went to a cop out excuse that I was running old WordPress software or insecure plugins. It doesn’t explain why all my sites got hacked, even ones that didn’t have WordPress installed.

I had three questions immediately come to my mind. Who did it and why? How would I protect myself from it in the future? What can I learn from the experience?

Who hacked me and why?

This is very difficult to answer (other than the obvious “SecurityBus”). Was it someone who just likes to hack sites for the challenge? Quite possibly. However, I was alerted by Amthrax who, like me, tries to educate consumers in the dangers of multi-level marketing. It instantly got me thinking, “What if an MLM company hired someone to hack me because I’ve been critical of them?” It’s pure conjecture at this stage, but it would make sense.

How would I protect myself from being hacked in the future?

I think the best thing I can do is move things to my own server with more robust back-ups in place Dreamhost has back-ups as well, but I’m starting to trust them less when they are blaming me for the hack rather than investigating their own systems.

What can be learned from being hacked?

I believe hacking will forever be a risk in the digital publishing business. I need to treat it like any small business would. The corner bakery may not have hackers, but they are at risk of a riot (at least here near Oakland and San Francisco) or theft. I have a friend who owns a Subway and he’s been robbed at gun point twice. Seems to be part of the nature of running a Subway in his neck of the woods. It’s unfortunate and I fear for him, but he knows the risks and he’s an adult and wise enough to make his decisions.

I’ve got a homework assignment for every reader here. (Don’t worry, remember I’m Lazy so this will be easy.) Come up with a list of 3 top things that pose a risk to your income. Next to each one, write one or more things you can today to lower or eliminate that risk. Put the list on your bathroom mirror until you successfully put in place all those safeguards.

As Angel said near the end of the Buffy series, “I’ll go start working on the second front. Make sure I don’t have to use it.”

Extra Credit: Leave a comment with your business, risks, and steps you can take to minimize the risks.

Email (and share) This

  • Email
  • Facebook
  • Twitter
  • Pinterest

Related

Filed Under: Entrepreneurism Tagged With: hacking, income, small business

SIGN UP NOW FOR MONEY TIPS AND A CHANCE TO WIN $25 MONTHLY

Comments

  1. Alex | Perfecting Dad says

    August 25, 2011 at 11:36 am

    Are you responsible for updating your WordPress software? I just checked on their front website it says “We’ll install it [wordpress], keep it up-to-date, and keep you online” so then why would it be your fault for running a version with security holes?

    Reply
    • Lazy Man says

      August 25, 2011 at 1:03 pm

      Good question. The answer is a little bit of both.

      When I started with them back in 2006, they didn’t have the option to keep it up to date automatically (or at least it wasn’t the default). Newer websites default to that behavior. So I had most that were updated to the latest version, including the ProtandimScams.com example. A few of the older ones were not. However, everything got hacked, even sites that didn’t run WordPress at all. A WordPress-related hack should not allow access to other sites not running WordPress on the same server. That’s where I have difficulty with their explanation.

      Also, the unsafe plugin can be used to excuse themselves for any security risk at all, unless you run a WordPress install without plugins, which no one does. In fact, Dreamhost recommends plugins that improve server performance (W3 Total Cache comes to mind).

  2. Evan says

    August 25, 2011 at 12:00 pm

    Glad you got everything back. The Wife’s site is a sliver of the empire you have going on and she was hacked by a similar group…my site which also has a tiny % of visitors that you have is constantly being attacked. I doubt it was any particular company, rather, just a group that knows of one way to exploit and searched for sites with that vulnerability.

    Or maybe I am a double agent trying to make you believe that

    Reply
  3. 20 and Engaged says

    August 25, 2011 at 3:26 pm

    A few people have been getting hacked lately. A few of my sites had been hacked previously and it was a pain since I didn’t back the sites up. Thankfully they weren’t live yet. You just scared me into backing up my blog.

    Reply
    • Lazy Man says

      August 25, 2011 at 3:31 pm

      20 and Engaged. My mission is accomplished then ;-).

  4. Kosmo @ The Soap Boxers says

    August 25, 2011 at 7:12 pm

    On the topic of risks, I’m surprised that Aldi’s doesn’t get robbed more than it does. You know that everyone is paying with cash, and there’s generally minimal staff. Maybe they drop cash into a safe really often.

    Reply
  5. kody @ financial money tips says

    August 26, 2011 at 12:05 pm

    Thank you lazy man. i have been wanting to back up my blog for a while now but have never got around to it. After reading this i jumped all over it lol.

    I am not currently using word press. However, i have been thinking about switching over soon because everybody knows they are the best. Right now i am using yahoo sitebuilder. Word press is obviously the better choice for SEO, but i hear they are the easiest websites to hack. Is this true?

    Reply
    • Lazy Man says

      August 26, 2011 at 12:11 pm

      I’m not a hacker, so I don’t know what qualifies for easiest or most difficult to hack. There’s a very good reason why around 99.7% of the bloggers I know use WordPress.

  6. Joao @ credito pessoal says

    September 5, 2011 at 3:27 pm

    My sites in Dreamhost have been hacked too.. The hackers haven´t deleted the content but they have insert spammy links inside my posts. Some of them I had to completely rewrite them due to the amount of crazy links and texts inside. It´s hard to imagine losing years of work, oh God…

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

As Seen In…

Join and Follow

RSS Feed
RSS Feed

Follow Me on Pinterest

Search The Site

Recent Comments

  • Joe on The Cost of Summer Camp (2023 Edition)
  • Lazy Man on Odds and Ends Update
  • Joe on Odds and Ends Update
  • Lazy Man on Odds and Ends Update
  • Josh on Odds and Ends Update

Please note that we may have a financial relationship with the companies mentioned on this site. We frequently review products or services that we have been given access to for free. However, we do not accept compensation in any form in exchange for positive reviews, and the reviews found on this site represent the opinions of the author.


© Copyright 2006-2023 · Perfect Plan Publishing, Inc. · All Rights Reserved · Privacy Policy · A Narrow Bridge Media Design