Monday, March 5, 2012

My Blog was Hacked Part 1

Just in the last week Google deleted my blog. You can read about it here. When my blog was deleted I was alerted by Google that there was unusual activity on my blog.  Then, my comments got all wonky. First they were there. Then they were gone. There. Gone. There. Gone.  

 I just assumed something was wrong with Blogger and went on trying to figure out how to remedy this. (It's still entirely possible the comments issue is a bug.)

 Finally, the straw that broke the camel's back was I had just posted my tutorial on how to make a quatrefoil lampshade, when the post just disappeared and was replaced with a completely different post. You can read a remark I made on the original post at the top of the page here.

At this point, I wasn't just brushing it off anymore and decided I would try and see if anyone else had experienced this online. There were many people complaining their Blogger and Word Press accounts had been hacked. Their comments disappeared and/or things just got moved around on their blog. Some had consulted a professional to only be advised that more than likely they had been hacked.

 Now why in the world would someone want to hack a DIY/decor blog on Blogger? Yeah, I asked myself the same question. Turns out there are reasons for it. Some do it to steal your page ranking on Google. Others do it for kicks, it's a game to them. Yet others are politically motivated.

 Rather than explain myself, there is a perfectly good article here, written by Sarah Kimmel who writes for Technology for Moms. The article mainly covers issues for Word Press Blogs. And you will definitely be amused, or not, to find an interview with a 17 year old hacker who hacks blog sites for fun and political demonstration. You can go over to TNW (The Next Web) and read the interview between the minor hacker and blog owner!

Not everyone is as lucky as I have been. Google may delete their blogs permanently. Or, the hacker may cause them to lose years worth of work and/or money if their blog was a business. I've actually read a few horror stories on that today.

Apparently it's not all that unusual to have your blog hacked whether it's on Blogger or Word Press. I have read that Word Press users tend to see this a lot (just read some of the comments on the articles I posted above and you will see what I mean). The owners tend not to be techie and don't apply security updates when they come out or many times the Word Press users are using an outdated version.

Although there are no guarantees of having a stealth blog, there are some tips we can all do to make our blogs more secure.

1) If you are on Word Press, frequently update your plug-ins. 

2)Whether you are on Blogger or Word Press make sure you choose a password that is strong. One way to do this is to not use anything personally identifiable in your password. On top of that, use a mix of characters, upper case and lower case letters, along with numbers in the same password.  I hated hearing this and thought it was fine just to use a few characters and a long password that I could easily remember and apparently it wasn't enough. 

 Grab a file and write your password down, storing it in the file close to the computer for a while until you have entered it enough that you no longer need to look at it to remember it.

3) Don't store your password in your browser. You know that little pop up box from your browser that asks if you would like have your browser remember your password? Well forgo that. It turns out there are vulnerabilities in storing your password in that way.

If you have Firefox as your browser you can download an add-on that will safely store your passwords for you. Go here and browse under Privacy and Security and choose the add-on that best fits your needs.

4) Change your passwords at least every 2 weeks.

5) Do not use the same password for more than one location. This may be a good reason to use an add-on called Privacy Suite from Firefox. It securely encrypts your information and passwords. You store it on your computer, the company has no access to them. All you do is put in one master password and allow it to fill in your info for you. This add-on also has other security features as well. You can read FAQ here.

That's it for now. I'm thinking about writing a part 2 to this within the next 2 weeks and doing an interview with an internet security expert. Have a nice weekend everyone!:) And don't forget to update those passwords and plug-ins!

***This post is by no means all inclusive. Use this information at your own risk. I'm relaying what I would do as I learn it. Your use of this acknowledges that.

Update** Please really think before storing your password in your browser. My mother's bank account information was accessed this way recently because she stored her password in her browser. They purchased 2,000 dollars worth of merchandise to her account.

**I seem to have lost all of my comments, again. Not sure why I have the wonkiest commenting system on Blogger, but if any of you needed me to get back to you about something, you can re-post here now that I have gotten rid of intense debates. Perhaps the change back to blogger caused me to lose the comments. Sorry!

Click here to see the Linky Parties this blog participated in.

No comments:

Post a Comment