You Know You’re Famous When Your Website’s Hacked

I wish that headline were true. In all fairness, it’s half-true. This past weekend was, in fact, the first time in my life that I’ve had a website of mine hacked. It does not, however, mean that I’m famous.

Long story short, when I logged in to my website on Sunday to check a few things, I noticed immediately that the title showing in the browser bar was “Hacked by” and whatever tag of whatever group had supposedly hacked me. Now, I’m not a hacker myself, but I am an IT professional with a moderate background in security, so I instantly went into “oh shit” mode and started figuring out what damage had been done, who did it, how, and how to undo it.

Ultimately, it appears that “hacked” is a very large word for what apparently happened. If anyone remembers the ‘script kiddies’ from the 1980s and 1990s — it looks like I got hit by a script kiddie, who exploited some unsecured PHP to modify my database. If that sounds like Chinese to you, don’t worry about it. Essentially it means that nothing regarding usernames and passwords was actually compromised, and no content was changed, added, or deleted. And, other than changing the name of the website, they didn’t do anything else. It was the ‘hacker’ equivalent of scrawling “Kilroy was here” and then running away.

It was, however, my fault. After verifying my backups and making sure there were no unpleasant surprises left behind, I went through and closed up as many easily-exploitable holes that I could find. Frankly, I had been lazy. I know what good security practices are, but those require work, and I always took for granted that I would also be obscure enough not to need to worry about it. This was a nice little wake-up call that it’s better to handle such things pre-emptively — or when they’re still very small — instead of waiting until a disaster happens. Even more fortunately for me, the hack hit literally the day before I was going to create my first Patreon tier accounts on my website. While there is no money that touches my website, I would still hate to have to inform people that their usernames and passwords might have been compromised.

It’s fixed now! And, in my typical fashion, I probably went overboard on closing up those security holes. While no site is ever invulnerable to a skilled and determined attacker, there’s all sorts of little basic things that most of us — myself included — take for granted that can make the difference between “easy target” and “not worth the effort”.

So yes! I feel slightly famous now. Someone, somewhere, saw my website and thought they’d like to advertise on it! And, in the process, reminded me to get off my ass and do things The Right Way prior to my main Patreon launch.

Mr. (or Ms.) Anonymous Hacker from France: I salute you. Also, if you enjoyed the stories, feel free to hit me up on my Patreon page to get some more.

Submit a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Writings and artwork on this website may contain material that is graphic, violent, sexual, or otherwise 'not safe for work'.