Mediation Channel hacked: a cautionary tale about security, safety online

security onlineMediation Channel got hacked.

While I was enjoying a much-needed vacation earlier this summer, hackers broke into my WordPress-based sites, including this site and ADRblogs.com. They left no immediately detectable trace that alerted me like the first attack this blog sustained in April 2008. Instead, they buried spam injection link code deep in files on my site, which created links out to spam sites.

Unlike that first attack, these digital vandals did considerable damage. I only discovered their footprints by chance this past Friday, long after they’d broken in. I spent Labor Day weekend cleaning up after them and had to do a complete reinstall of WordPress and my site’s content. It was a wretched way to spend a long holiday weekend. (In fact, if you click here, you can see the special message I’d like to deliver to the scumbags who hacked my sites.)

I’m sharing my woes with you, readers, to remind you that nothing on the web is entirely secure. It doesn’t matter how well prepared you may be, what precautions you take, how careful you try to be. It doesn’t matter whether you blog or use Gmail, Twitter or Facebook. Nothing online is 100% safe. When even the New York Times, technology-savvy conflict resolution proponents, or well-known bloggers like Robert Scoble can get hacked, it’s only a matter of time before it happens to you.

I’m not going to repeat the already excellent advice that people like Lorelle on WordPress have offered. If you have a WordPress blog yourself, you should also read Matt Mullenweg’s tips on securing your WordPress installation. And Google Webmaster Central Blog recommends to site owners some best practices against hacking – advice which I urge everyone to heed.

But I’m going to emphasize two key points for those of you who lead part of your lives online. It boils down to two things: prevention and preparation.

Prevention.

First, do what you can to prevent an attack.  If you’re using WordPress, upgrade as soon as a new release of WordPress is available, since these new releases address vulnerabilities that hackers can exploit. If you’re using widgets or plugins to add functionality to a blog, obtain them from trusted sources only and update them as soon as new releases are available.  Use strong, unguessable passwords for all accounts, control panels, FTP, and email, and change those passwords regularly. (Here’s a link to ideas for choosing secure passwords.)

Log in regularly to blogs or social media accounts you’ve set up to make sure that no one has hacked into them. Avoid if you can simply abandoning your online accounts; failure to monitor them means that you’ll be the last to know if any of them gets hacked. For example, if you try Twitter and decide it’s not for you, delete your account or change your account settings to protect your updates from public view.

Monitor news about technology and social media by following some of the many excellent blogs out there so that you hear about security issues quickly. I’ve already mentioned Lorelle on WordPress for WordPress users, but also consider Mashable, which covers news about social media, Web Worker Daily, the New York Times Bits Blog, Ars Technica, or Lifehacker, which regularly discusses strategies for security online.

Preparation.

When it comes to online disasters, be as well prepared as you would be for real-world ones.  You must prepare because no prevention measures are 100% foolproof.  It doesn’t always matter how strong your passwords are, how conscientious you are about updating software, or how strong the security measures are that you take. Prepare as if disaster will certainly strike.

Prepare a list of all the online accounts and sites you have. Then go through that list and ensure that you have back-ups of everything you care about. (In the case of WordPress, back up your database and download copies of your files by FTP. Also download an XML backup of your posts from your WordPress admin panel.) It’s what kept my own recent brush with hackers from being the unmitigated disaster it might have been. Have a plan in place and everything that you need organized and at hand so that if the unthinkable happens, you’ll be ready.

Back-ups aren’t just for blogs by the way. You can back up your contacts and profile information on LinkedIn, or information on social media accounts like Twitter and Facebook. And definitely back up the contents of your hard drives – don’t forget about them.

* * * * * * * *

This is the dark side of social media. Be safe out there, friends. And be ready.

11 responses to “Mediation Channel hacked: a cautionary tale about security, safety online

  1. Diane, I am really sorry to hear about your brush with “scumbags”! It will be poor solace to say that you are worth hacking but it is a backhanded compliment. I am grateful for the reminder about changing passwords etc and have only recently invested in 1Password which is working really well for me. I also use TimeMachine which is a wonderful backup system for the whole system. Still doesn’t take care of the other stuff.

    Just going to check out the tips for WordPress and back up my database 🙂

    Amanda

  2. I would add one other thing, have another domain name that you own that you can forward to and run your backup there.

    For example, when bizop.ca was hacked, I had uploaded my backup, and redirected bizop.ca to fraudlaw.ca, for several days.

    It worked very well, and I had time to deal with the hack. Which was the result of me leaving an old wp script online even though I use mt.

  3. Thank you for the excellent advice, Diane.

  4. Amanda, Michael, and John, thanks for your support. Michael, that’s great advice – one which I wish now I’d thought of. I’ll add that to my repertory of hack-recovery tricks.

    Amanda, I really appreciate your kind words! Great point about passwords – there are all kinds of tools out there to help you create strong ones. I would add, don’t rely on passwords alone to protect you. I had strong passwords, and that wasn’t enough to stop the hackers. Protection takes place across a number of levels – updated software, strong passwords, security measures, and hypervigilance. And that’s why it’s so important to prepare for recovery.

  5. Diane,

    I am terribly sorry to hear about the hacking of Mediation Channel. I am sure all or most of your readers are at least as angry as I am about it, although not quite as angry as you must be.

    On the brighter side, you’ve managed to turn this very unfortunate event into a learning experience for the rest of us. I think all bloggers (including yours truly) would be well advised to read and heed your advice.

    Thanks again for sharing!

    Phil

  6. Thanks, Phil! It’s great to know you’re on my side.

    You know what they say about lemons and lemonade! It just made sense to take this opportunity to remind everyone how important it is to take precautions and be prepared.

  7. Scary story. Thanks for keeping us updated. Good luck with recovery efforts.

  8. Diane,
    I am sorry to hear about the trouble that you had to go through with your blog. Blogging can be a lot of work (joyous, but still work) without having to go through this kind of hassle.

  9. Wow – I’m sorry to hear about this. I’m amazed at the things people spend their time doing. I received a BURN IN HELL tweet the other day. . .I let ’em know it was too late. . . sizzle. 🙂

    I love your response to the hackers and ask your permission to plagiarize it in the future if necessary.

    Take care.
    Debra

  10. Diane,

    I am so sorry you had this happen to you. Thank you for sharing your unfortunate experience with us to help us protect ourselves.

  11. Steve and Tom, I really appreciate your concern and support! Knowing I’ve got you guys in my corner makes all the difference.

    Debra, glad you liked my message for hackers! I’d send along the same greetings to whoever it was who told you to burn in hell. And by all means feel free to apply liberally as needed. (Just don’t tell the other mediators I said that.)

    Julie, thanks for your message. I know you’re new to blogging, so just be careful and follow the advice of those I linked to in this post. I appreciate your kind comment!