To All Indian Bloggers,
Beware of Hackers. They are not afraid of any laws. Even if you file a FIR against the hackers,they will remain unpunished. No action will be taken against them.
So we are going to present you an Interview with Jignesh Rathod whose website techforworld.com was hacked by some notorious Pakistani Hackers.
|After Being Hacked|
|IBC||On which date your website was hacked?|
|Jignesh||My website was hacked on 2nd March 2013 evening on the very moment I was updating files on FTP.|
|IBC||On which platform your website was built?|
|Jignesh||My website techforworld.com is built on WordPress platform.|
|IBC||How you came to know that your website has been hacked?|
|Jignesh||I was making some changes on my WordPress website TechForWorld and suddenly logged out from my WordPress Admin log-in. I tried logging in again but could not log-in. I became sure something has gone wrong. I immediately opened the home page of the website and it was showing the ‘defaced’ page by a hacker. Hackers had deleted some of my files and modified some of them, so I could not also use WordPress password recovery feature.|
|IBC||What steps you immediately took after your website has been hacked?|
|Jignesh||Jignesh:I immediately called my domain hosting company so they can take steps to save from further attacks on the server and other websites hosted. Then I immediately changed all my passwords including FTP and my control panel. I always use strong passwords for all accounts. Then I downloaded all website files and scanned all for malwares/viruses.|
|IBC||Have you already taken any backup for such situation?|
|Jignesh||Backup is the best security! It is backup who saved me and helped me to get my website back immediately- within a few minutes. Thankfully I had latest backup of all WordPress files and MySQL database. I have a habit to backup all data every week and I always recommend it to everybody.|
|IBC||What steps you have taken now for the security of your website? What's your advice to other webmasters?|
|Jignesh||First I decided to keep antivirus updated regularly on my personal system. Along with anti-virus, I also installed a special anti-malware software.
I already used stronger passwords, but decided to change them from time to time for more security.
I updated WordPress version and all WordPress plugins. I also deleted plugins which I was not using.
I also applied some advanced tactics to make WordPress files more security: Like changing file permissions, securing important WordPress files, preventing browsing of website directories, etc. READ MORE
To webmasters, first I would suggest when your website is hacked, do not panic. Remember that WordPress websites are easy to hack and so many websites are hacked everyday. It happens: Especially when you have not applied couple of extra security shields.
Best thing I suggest is to keep backup of all your WordPress data and MySQL files. Do not be lazy on backup otherwise you may lose your hardwork done for long time.
And the most likely reason of my website being hacked is FileZilla FTP client! I had using this software for last two days to upload files to my website. I found that FileZilla stores your passwords in plain text at the folder ‘C:/Users/[User Name]/AppData/Roaming/FileZilla/' in Windows, which is accessible to all users. Hackers manage to steal your FTP password using that file by executing scripts or malwares. Use a secure FTP client or it's best to use your Control Panel.
|IBC||Which country hackers have hacked your website?|
|Jignesh||Seeing from the logo replaced on my homepage, they were Pakistani hackers.|
|IBC||What they were demanding?How much amount?|
|Jignesh||When I emailed them, interestingly they asked me for some big amount of money. I understood that all hackers to it only for money! But ultimately they are losers. I do not think hacking as a smart way to earn money as a website owner sooner or later has all the control over his website.|