By Doug Westfall, Publisher – May 2, 2019 – On 3/11/19, I was awakened quite early with the news from one of our readers that our on-line paper was basically gone. Was it Hacked or Hijacked? That was to be found out.
That reader, knowing that the paper’s servers were with GoDaddy had them calling me right away. I didn’t even remember shifting into 1st gear, but now I found myself in 4th gear moving fast. Questions were coming fast, answers not so much. At one time three different home pages could be seen at the same time by three different search engines. Go-Daddy was using one of those engines and apparently that told them that the site had been Hijacked and not Hacked. They confirmed this by checking the data files of the site and found them all intact. No sensitive information was touched or breached. On the other hand though the bad guys were able to go in and compromise the registrar responsible for the domain name setting (DNS). The attackers then made unauthorized changes to the DNS records, thereby redirecting all the traffic to anywhere they wanted. I figure though something went wrong because our site really didn’t go anywhere, not like a while back when Twitter was Hijacked and when you went to log-on that other country’s flag would appear, ours was just a huge mess with little cookie crumbs laying around.
I spent the next couple of hours on the phone with a sales rep at GoDaddy. I purchased what we needed to make our site bullet proof till the next generation of Hackers. I decided to let their techs take care of fixing everything back to it’s old self, except with all the security I’d just bought.
What was unknown until later was that thousand’s of websites using WordPress were also hit. You can pay extra to get help faster, but your work ticket just gets put in another stack of tickets where they also paid extra to expedite. Back doors would shut, side doors would then open. At one time they would send me a list and ask if I recognized these names and can we delete them. One of the cool things with WordPress base sites for people like me who don’t write code is what’s called a plugin. There’s hundreds of them and they let you customize your site the way you want. I had 27 of them, all with back doors and cubby holes where things can hide when you don’t keep them updated and watch their compatibility with your version of software.
My chore when they finally handed me back Administrative control of my site was to go through all the plugins and make sure of their integrity. As of this afternoon www.crescentcitytimes.com is safe to visit, link to and most everything else .
We all have known individuals who find great pleasure in causing grief to others. Can these same individuals sit out in front of your house and use you home network without you knowing? You bet your ass they can. You can make it pretty hard for them though. Do you use credit cards online, or automatic passwords. The grief you’ll have securing your home network will not even compare to the grief you’ll have if hacked. Twelve digit passwords are a pain but a lot harder to crack than your birthday or address or maiden name. Being a little paranoid is okay. You say, why me? I don’t have anything to hide. You do though; everyone has something they don’t want to share knowledge of. You remember the saying that to assume only makes an ass out of you and me. That was me. I thought that I had it all taken care of, but as we found out I hadn’t.
Well, those companies we all buy from could also have become lackadaisical and not have their security in place. You have to do your duty and try to be safe. Having a SSL Certificate is imperative. Look for that little Padlock off to the left of the address. If you don’t see it, don’t take a chance going there. There’s freeware that helps protect you by alerting you of dangerous websites. By the way, SSL stands for Secure Sockets Layer and, in short, it’s the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details. If you don’t understand this stuff, find someone who will patiently explain it all to you. Rust never sleeps and neither does internet technology, good and bad.