Working for a fairly large webhost, I often see people who got “hacked”, and their websites destroyed. I often laugh, because people don’t often get “hacked”, but often simply have their password guessed, which gives the “hacker” full access to your site, account, and files.
98% of the time, that’s the case. Given, there’s always the chance that someone got root access to your server, and really did “hack” you, but that’s very rare in today’s day and age.
So, I often laugh, until it happened to me back mid-June. I noticed I couldn’t load the stats pages for any of the sites in my hosting account (of which there are quite a few), so I contacted my host.
Their response was “The page won’t load because it’s 0kb”, a file size of zero? That stats package has worked for years on some of my domains, I thought that was odd.
So I uploaded a new version, and went on about my business.
Hours later, I realized I should go through FTP, and look for other files that had been modified recently. Sure enough, every index.html and index.php file, in every domain, in every subdirectory had been modified.
The “hacker” (read: bored kid in some random European country) added some code to all my pages that was supposed to redirect a visitor to a spam site. Luckily, he did it wrong, and none of my visitors were affected.
Needless to say, I was bullshit. I spent a few hours going through, and removing all of the code, by hand. I got annoyed, and finally asked one of the guys who works for me, for help. He wrote me a nifty little bash script that I could run. Luckily, my host gives me SSH access, and I managed to run it against my entire account, and clean out the rest of the modified files, without issue.
The reason I got hacked? Simple. I had a stupid, easily guessable password. Exactly what I laugh at our customers for.
So, I panicked. I went in, and first changed my hosting and FTP passwords. I then thought about how to change my MySQL password.
The problem with that is complex, but follow me. If I change the password on the MySQL server, my sites will go down, until I update them one at a time.
If I change my password in the sites, they’ll go down until I change it on the server. Follow?
So I opted to create a new MySQL user, with a new password all together. I then (using the same find and replace code from earlier) updated my username in all my scripts, then my password, and voila, back up and running.
I then began thinking about how to protect myself, should this (or something worse) happen again. I looked for scripts that I could run on the web server, to backup my sites and databases, but couldn’t find anything that would work. I then stumbled upon HandyBackup, which runs on my computer at home.
It simply connects to your account via FTP, and downloads all of your files to your computer. This is great, assuming you’ve got storage space to keep all those backups around. If you upgrade, you can also have it burn to DVD automatically, but that’s costly, and not very effective.
So, each night of the week, I have the application connect, and download all of my changed files. On Saturday night at midnight, it connects and downloads all of the files (changed, or not). So, at worst, I’m a week out from a complete restore of files. And any file that’s changed, I’m only 24 hours (at most) out from a clean working version.
It takes up quite a bit of space, because I host a lot of sites, however I think it’s worth it. It’s also helpful for when you accidentally break some code on a page, and didn’t think to save a copy right then. You just jump to your backup, and voila.
If you run any website that you “make money” from, or that “is my business!!”, you should take it upon yourself to do the backups, and not rely on your host to do it. While most hosts do it anyway, some charge you to do the restore. (My company doesn’t, but the company I host with, does.) You know what they say, if you want something done right, do it yourself.