That “oh shit” moment
It was around 10pm when the message popped up on my screen “G, I think your site is down ☹ – Sally.” Sally had been involved in the creation of the site and until recently was a reliable companion on my cocktail research expeditions. Then she went on a “mindfulness” retreat, and returned as a vegan teetotaller. Bizarrely she still reads my blog.
The borders around my browser turned red when I went on MartiniMandate.com. A warning from Google informed me that the site was infected with malware and was unsafe. I’d been hacked.
Three questions popped into my head:
1. Is my content gone? MartiniMandate is my personal blog. I’d toyed with using the content for a book and have been in discussions with publishers. I’d written over 80 posts, a personal diary of some really good times with good friends (and sometimes with perfect strangers) I’d hate to lose the lot.
2. How do I get the site back up? I didn’t want to give in to the hackers and abandon my blog even if the content was lost.
3. What happens to the site’s Search Engine Optimisation? I had employed FirstFound, a friendly bunch of northerners who kept my site ranking high on various search terms. This is a cumulative process and it takes months to climb the search engine rankings. Would my search engine rankings disappear?
I turned to the the web looking for advice. Big mistake. It was like trying to self diagnose a medical condition on the web; you discover that what you have is probably fatal and that you will die a horrible death. Tonight.
I called a techie friend in New York for help. He was not optimistic. He and his wife had a business on the web and had ploughed all their profits into Search Engine Optimisation. After three years the business had a seven figure turnover – before it was hacked. After several months and thousands of dollars they were able to recover their site – but their three year investment in SEO was lost. Disheartened, they shut down the business. He pointed me to a couple of professional outfits who specialise in site recovery and suggested I talk to my web hosting provider.
Every self-respecting entrepreneur needs a hobby
Martini Mandate started out as fun way to stay in touch with friends during my travels – I had decided to take some time out after selling a business. Since I seek out cocktail bars in most cities I visit, I made the “search for the world’s best martini” my objective for the site. Originally it was a simple DIY blog on WordPress (a popular blogging platform). Over time I professionalised the site, hiring a programmer to tweak my design and employing SEO specialists. A designer friend created a logo. It remains a vanity project. I never monetised the site but traffic grew over the years. I even received several offers to acquire the company!
The next morning I made a round of phone calls. The chaps who used to run my IT department were sympathetic and generous with their offers of help. But this was new to them as well and they have day jobs. Some of the hacking recovery services I was referred to looked promising. However, the “we’ll recover your site for $200 (plus an annual subscription to our hacking protection service) within 24 hours or your money back” guarantees turned me off. My web hosting provider was helpful – they backed up the site every month. I’d lose a few weeks work but they could recover the site using their last backup. However, I still had to go through a process to get Google to unblock my site first. Just ploughing through Google’s legalese made by head hurt. I also had a nagging suspicion that I didn’t really understand what it was I was supposed to do. My SEO guys offered to clear my site’s name with Google.They also discovered that the site had been hacked over a month ago – it took that long for Google to detect the breach.
After some back and forthing, FirstFound agreed to do the complete site recovery for me for a few hundred pounds – an absolute steal. Several months later MartiniMandate was back up and running.
The hacker’s hypothesis
How did I get hacked? Most modern websites use a range of plug-in programmes to perform common tasks. Even a fairly straightforward website like MartiniMandate uses a dozen plug-ins. The plug-ins get updated from time to time. The problem is that the updates may not be compatible with the rest of the site – especially since I had done some customisation. I sensibly (or so I thought) decided to not update the software in the interest of site stability. It turned out that the hackers discovered I was running some old software with a known security vulnerability and exploited it.
But why? There is nothing to steal on my site. My cocktail recipes are pretty special but I give them away to improve my karma. It turns out the hackers weren’t targeting MartiniMandate per se. They just sweep the web searching for a vulnerability and take over sites. If they detect credit card numbers or personal data they will steal it. Before it was detected, my malware infected site saw a sudden surge in traffic. The hackers were directing more traffic to my site. I have a lot of outbound links on the site. The hackers would redirect the traffic I was sending to say Expedia.com, and send it to a spoof site that looked like Expedia but whose URL was subtly different (Expidia.com for example). Any personal or sensitive data you entered on the spoof site would be stolen. It seems like a long and convoluted process to steal a few credit card numbers. But if you are a grown up in underpants sitting in front of a screen in your mother’s basement…
Getting hacked is not fun. Apart from any financial losses you may incur, you do feel violated and angry. It turns out that a few simple steps can protect you. Make secure backups – I was automatically backing up my site to DropBox but the backup was also infected by the malware. Keep all your software up to date – and run some simple tests to make sure your site’s functionality hasn’t suffered. My passwords are now more complex and I change them regularly. There is a new malware detector on the site. Martini Mandate now has the equivalent of new locks on it’s doors. Nothing will protect me from a determined hacker, but the casual robot will just move on to the next door.
What to drink when you discover you’ve been hacked
You’ve been robbed and you need a drink. A glass of wine won’t do at a time like this. You need something to drown your sorrows. You could pour yourself something simple, like a whiskey on the rocks. However, the ritual of making a favourite cocktail is by itself comforting. Religions discovered the importance of ritual in soothing the soul. The catholics do a particularly good job.
My go to drink is a straightforward martini. I pop a martini glass in the freezer (it only takes about 20 seconds to chill and frost over nicely). Although I keep a bottle of booze in the freezer, in these circumstances I put ritual ahead of convenience. I pull out a fresh bottle of gin and stir it with ice. Add a few drops of vermouth and stir for a good few minutes until the viscosity of the liquid changes – you will notice the liquid becoming subtly heavier. The drink will be at -4 celsius by this point; perfect for a martini. Garnish with a lemon twist. I use a vegetable peeler to get a nice long piece of rind off a lemon. Use a sharp knife to scrape off any remaining white pith on the lemon rind. Squeeze the rind, shiny side down over the drink. The lemon oils will squirt over the surface of the martini imparting a subtle citrus tang. This is a good time to send bad juju to the hackers. Drink.