16.01.2009 UPDATE:
My web hosting provided was doing maintainence, so you couldn’t access this site in the evening of 15.01.2009 to 10:20AM today.
If you have noticed, on January 15th, 2009… this blog, was acting oddly. First, you couldn’t access it and was asked to install wordpress. Then, it was accessible, but with post dating till July 14, 2008. I myself was shocked to see that I was asked to fill in my email address and website name when I access it around 1:15pm that same day. In other words, I was redirected, and maybe some of you have also been redirected too as you might have tried to access this blog during that course of time.
If you are still wondering what happened… well… my domain http://cdason.com was hacked. Yes, you read it right, it was hacked. By who? I don’t know, but Jimmy and Irene, whom was nice enough to provide me a promotional rate web hosting service a year ago told me that they detected someone has gained access to my server, and my blog’s database. Investigations do show that the attack occurred midday, today, January 15th, 2009.
I don’t know what the motive of this attack is, but Irene did say that it might be some random hacker feeling bored, hence randomly picking my site to fill his time. Nonetheless, I do not want to speculate why and who did it. It’s done, and I hope it will never happen again.
If you also notice, some older post here is also not available, well… That is the best Jimmy could retrieve for me. I got to hand it to him, because if it’s not for him, my other post, which dates from July 15, 2008 would be also gone.. and that would be really frustrating. The last back up I managed to do myself was on July 15, 2008. My post after January 6th, and all your comments have also been washed away *SAD*
How do I feel? Ahhh… Iadmit, I felt sad when part of my blog was gone. Indeed cdason[dot]com has grown on me, and it is a part of me. Loosing so much data/post was painful and frustrating. I also have to admit I was angry when I knew this blog was hacked, but there’s no point pointing finger. The internet is so huge, and any bored jackass with computer coding skills could be responsible. Again, I thank Irene and Jimmy for being able to retrieve what data I should have loss in this attack. Somehow, I see that this attack means that my blog is popular because hackers are known to target popular websites. Hahaha… guess, I’m just trying to cheer myself up.
My next course of action? I’m letting this one go. Despite feeling frustrated, and a huge bit of sadness, but I feel relieved that some parts of my blog could be saved and restored (All post before Jan 6th, 2009 was salvaged). I am also hoping to do some clean-up, and restructuring on my blog accounts to ensure this does not happen again.
I guess that all. I’ve been hacked, and this brings the toll of events for Emotional January to 3, with my past being dug out taking first place (post already gone), and the Sarawak flood’s being second(post also gone). Man, I can’t wait for what’s fourth!!
Oh God! Unlucky. Must be a random attack. No wonder i realise most of the new posts were missing.
Did u run monthly backup for your wordpress posts? By the way, you’re using WordPress 2.7 and your password for your wordpress is the same for your server cpanel??
[cdason]
I don’t run monthly back-ups, but now I will. And my wordpress possword is not the same. I didn’t upgrade my wordpress though.
Gosh….i gotta do my backup I guess. I never thought about it or think its important 🙁 Feel sorry for CDason also…
[cdason]
Yah.. you better do your back-up. Not easy to gain back past post.
Two of my blogs were heck few months back also because I didn’t upgrade my wordpress, too old version. They changed many of my posts content with many many link to those xxx sites -.- My original contents all gone. Backup is really really important and Jimmy was saying that your blog might be popular that’s why they target you hahaha…
[cdason]
Lucky mine was not bad as yours, but still.. I’ve learned my lesson. Now, doing back-ups more frequently.. Thanks again Irene.
I mean hack… Kept type wrongly. Good thing u manage to upload it.
[cdason]
Yeah.. Lucky I did. If not, sure I’ll like be frustrated to blog for at least a few days. Blogging is fun, but looking at all your effort gone just like that… Arrgghh..
Emotional January? sounds familiar…….. You too Cyril? 🙁 The virus not only attacked u, but ur blog as well… Tedah. Maybe the 4th one will be the redemption.
[cdason]
Hopefully!!
Whoa..And i didnt get to read all those gone posts even..Sorry 4 ur loss.Thankfully most could be retrieved! Sorry it took so long 4 me to drop by.Only managed to reply comments and go blog hopping..
[cdason]
It’s oke Mar, noticed your blog is also kind of ‘dry’. Must be hard having no broadband. Hope everything goes well though.
Irene: That’s Link Injections…not really hacking. Can be done easily with older version of WordPress via WP-CONTENT folder as normally most bloggers give all rights to visitors (CHMOD 777). WP 2.7 fixed this issues but still exploits can be done. So, running occasional backup and changing password periodically helps.
Another thing is, be careful when engaging in social websites like friendster or even instant messengers. You might click some malware links and got “spied” and tracked for all your passwords.
[cdason]
Wah Keeman, you know quite alot on this.. Must give me tips. I think what you explained above is what just happened to my site!
Oh, i’m sorry to hear that but glad it was detected and resolved quicly.
So I’m presuming that you didn’t post that strange untitled post of yours I read from Google Reader yesterday. The post was your…banner. I thought it was a bit odd. But then I thought you might have accidentally posted while you’re doing some design or modifications on your blog.
But dang, you have reminded me to back up mine also! I haven’t done it in ages. :s
[cdason]
Yeah.. not me.. Despite everything almost being able to be retrived, still feel sad I lost the couple of post and COMMENTS. The comments are the ones I’m sad to loose actually.
You should download that wordpress plugin, where you database is automatically backed up for you and the file is e-mailed to your account for safekeeping.
[cdason]
Is there suck software?? Care to give me a link to it?
How come I try to comment cannot ah… aiyo… cyril. Twice already. Anyway… U too? Emotional January… familiar ajak. 🙂
[cdason]
Somehow, your post keeps on getting detected as spam. I’m also wondering why. Lucky I checked my spam comments, if not, I wouldn’t know you’ve dropped by. Anyway, I will look into it so that you don’t get ‘spamed’ listed again.
P. Ramlee : Cobaannnnnn!!!!!
[cdason]
Ahahahaha.. EXACTLY!!
keeman, they even created multiple user accounts in my wordpress that time, if I didn’t check the users page, I wouldn’t have known -.-“. There’s even once, the hacker posted their message in the first page of our site with all those Arabic characters -.-” Which mean you don’t get to see your site but being greeted by those messages.
[cdason]
Yours sound a hell lot serious than mine!! Thankfully Jimmy made back-up 😀
Hi Cyril,
Sorry to hear that. Usually it’s the work of hackers who randomly pick their target.
[cdason]
Yeah… I guess so… hope not a target anymore. *CROSSING FINGERS*
Irene: Wow, you sure faced serious problems. Must be the exploits on older versions of WordPress.
Cyril: Oh well…upgrade your wordpress occasionally. Hehe. Use autoupgrade plugin if you’re lazy.
[cdason]
Yeah, from now on woards, I’ll be upgrading it frequently. Don’t want to get hacked again.
Dropping by.. I feel sorry for u but so lucky that u can get back some of the posts. It’s pretty scary when got hacked. :S Cheer up k?
[cdason]
Thanks. I’m okay…After all, I managed to salvage most of my post 😛
Wow. I’m sorry to hear that, Cyril! I’ve never experienced a hacker attack before but I’ve definitely experienced a few database corruptions which lead to loss of a few weeks worth of posts. Thats why I keep backups every fortnight or so now.
Glad you could salvage most of your posts! I’ll definitely be a pain of you’d lost all of them.
I’m curious though, what version of WordPress you had running prior to the attack?
[cdason]
I was using the old 2.5 wordpress. Now, upgrade la.. and I keep back-up the minute I make an update.
it really hurts..huhu
[cdason]
yeah.. it does..
the guy could have hacked you thru a backdoor program(trojan or spyware normally).
i suggest even your secret answer to your question for email be so different and unrelated to your question it would boggle the mind of the would be assailant..
i remember one of my pals had on his walls all this numerics and alphabets all jumble up.i ask him about it and he told me, those are my passwords to my sites..you can look but you will never figure it out…he change his password once a week..perhaps you should do the same too…
[cdason]
Yeah… now, I do frequent back-ups.. and I’ve changed all my passwords.. Hopefully I’m not that ‘lucky’ again.
[…] started backing up my blog every now and then since my domain was hacked a year ago. That time, I was still on the domain CDASON.COM. While I don’t want to speculate why my […]