We’ve used a lot of different email providers, but Google does the best job with respect to blocking spam and offering a whole lot of other services.
Sign up for Google Workspace and get 10% off with this link: https://c.gle/AF5yWjDS0mL5UghFRUWWHc0XHgHd1cwXjFiozaKJmqNRh00c-p4nzlaObjypH2LOf1edCtB5UtVRVbP8Y5pQBziYl7OoTKsScqTFflEYppvXY7r4UMVZCM9FZdG1L5r__R1Jg97MPXaBQYaRsFPvZIx6
Recently one of my clients’ sites got hacked.
I went to update something on the site and discovered that the page title was a long string of code. and other odd characters had popped up in the site content.
It’s a WordPress site, so I quickly logged into the admin area and went to the site settings. The “Site Title” had been changed to a long string of code. Since the site title shows up on every page of the site, it was ruining every page. This was a site where SEO had recently become critical due to changes with Google’s algorithms and thr client was watching the traffic stats every day.
I quickly replaced the hacker’s code in the site title and moved on to the rest of the site.
I started looking at pages (there are a couple thousand pages on this site). I was seeing this character on various pages: Á and was puzzled as to why hackers would do something like that, but on one page I went into the editor and deleted out all of them I could find. Easy enough. Then I hit the Update button. Disaster! Everything following where I had deleted one of the stray characters was gone! Before panic set in, In I tried to fix a 2nd page. Arrgh! The same result. I moved onto a 3rd page, but this time copied the HTML to dreamweaver and made the fixes. I copied it all back and clicked on Update. Success! I updated a few more pages, and fixed the first 2 that I had broken with text from a recent database backup I thankfully had. Whew!
Over the next few days I noticed more and more stray characters and odd code that had crept in. What could be causing this?! After slogging through fixing a dozen or so pages I got the bright idea to google that Character and found info that led me to check the Character set. Not something you normally have to mess with in WordPress, but a quick view of the source code told me that the character set had been changed to UTF-7!
OK, so what is the character set? It’s a short line of code that tells your browser what set of characters to use. For example a whole different set of characters would be needed if you wanted your site to display content in Japanese, Russian, or Greek. Or if the coding of the page had been done in a different language. For the web, the standard is UTF-8, especially if PHP coding is used. ( UTF stands for Unicode Transformation Format )
So the dang hackers had somehow change the character set to UFT-7!
It only took me a few minutes to go into my database and change the character set back to good ole UTF-8, and presto! All the stray characters had vanished. Turns out that “ ” (the HTML code for hard space) was the Á character in UTF-7. Other codes such as the one for Bullet • were also being rendered incorrectly.
Yay! Useful lesson learned.
Then it was back to trying to secure my site against future attacks… That’s for another posting.
The sad story of a domain name that never was owned by the right people.
Once upon a time, maybe 10 years ago, a small folk band hired me to build them a website.
Jubilant Bridge. Harmony driven acoustic music on guitar, harpsichord and vocals. Anyway, there was trouble right off the bat when they registered the domain.
They went to Godaddy and registered jubilantbridge.com, like I advised them to, but there was a problem. Due to some never identified internet glitch, they ended up with the domain name of some small company in Alaska and the owners of that company somehow got jubilantbridge.com. After many fruitless phone calls to Godaddy, the 2 business owners finally just talked to each other and agreed to cooperate. The domains got pointed to the appropriate servers and all was well.
I built the website, set up the hosting, and things were good for a number of years.
Eventually I got a call from the band saying their site was kind of old and stale and they had someone else who was going to build them a new site and move the hosting. I was disappointed, of course, but cooperated with their efforts. They discovered that the company in Alaska had gone under, but managed to contact the owner and got the domain name transferred to a small ISP/hosting company in anticipation of moving the site.
At about that same time, my preferred hosting company got sold to a new startup. They asked me to move everything to new servers. I didn’t bother moving the Jubilant Bridge site because they were no longer clients. I figured their new site was still being developed and when the old server got unplugged, they’d have to move anyway.
A year or so later I got a call from the band asking if they can come back. Their “new site” had never come to pass. I discovered that the old site was still sitting on the old server and was still working!
We set about building a new site and launched it after a few months. Anticipating problems, I built it at the domain jubilantbridge.net.
When we went to launch the new site, we discovered that the ISP controlling jubilantbridge.com had gone out of business and nobody was answering their phones. We had no control over the domain. But, thankfully, it was still pointed to the old server, so I set up a redirect there to the new site and things were fine, for a while. I figured that the .com domain name would expire in a few months and I could simply grab it on backorder and regain control. Not long after that, though, someone finally unplugged the old server. There was still no choice but to wait for the domain to expire. So we waited. After all, who would want this domain name: jubilantbridge.com?
Apparently, a chiropractor in the midwest did. Someone had eventually acquired the assets of the defunct ISP, including domains, and instead of contacting people who probably wanted those domains really badly, they sold them to whoever wanted them and this one ended up in the clutches of a chiropractor in the midwest. That’s where it still sits to this day. The band has contacted the chiropractor and asked nicely, but they aren’t getting any response.
I think they would have a good chance at taking the legal route, but the cost is just more than they want to pay.
What a disaster!
A client of mine bought a “custom CMS” from another company. It was based on WordPress, so I didn’t worry too much about it. I thought that it being based on WordPress would mean I could fix whatever problems might remain when they turned it over to me. Boy was I wrong!
Sure it was based on WordPress, but because it had been outfitted with software intended to help add custom database entries that don’t conform to WP standards, it was stuck frozen in time. I couldn’t update the wordpress core or any of the plugins. Sure, I expected a custom theme that couldn’t be updated, but I was expecting to be able to add new plugins and update old ones. Without that capability, they’ve removed everything that makes WordPress awesome. Everything that makes a WP site last much longer than sites based on other CMS’s. So basically, my client got a great looking, outdated, broken WP site. And since I was told it was WordPress, I didn’t think to tell the client that he should insist on a security plugin and a SEO plugin. Once it was delivered, and launched, I set about to add precisely those plugins, which caused the whole site to crash. I had to remove those plugins immediately and break the news to the client. We couldn’t add those basic plugins, or any others. The site was stuck as it was; based on a year old version of WP.
A year and a half later, we have been lucky with some simple IP blocking to prevent access to the backend. This is the entirety of the security that keeps the site from being hacked. Thankfully, the site is not interactive enough to require users to login or create accounts.
When Google announced their requirement for mobile compatibility, we couldn’t use any simple plugins (Yes, I tried them.), so I had to hand code the CSS files to make the site work and look good on mobile devices.
I also managed to hack a couple of simple plugins to that add some minor functionality improvements. (One for social sharing and another to toggle some content on the home page.) Now I live in fear that Google will come out with new rules or the client will discover some other new gizmo that would be easy to add, if it were a real WordPress site, but require serious hacking on this site. Or worse, the site might get hacked and crash and burn.
I worry that 3-5 years down the road, barring any unforeseen website tragedies, that the client will need a new site and we won’t be able to transfer the data correctly to a new WordPress (or whatever) site.
The worst part was learning how much the client paid for the “Custom CMS” and realizing I could have done better for less than half that price.
The lesson here, is to trust your web guy. If he’s not delivering, Ok, then look elsewhere, but beware of the really high priced “custom” alternatives. In this day and age, if it can’t be updated and if you can’t add new plugins, or modules, or whatever, then eventually you will have to replace the entire site all over again. Unless your business is to push the envelope of the Internet, stick with the tried and true and easily updated. It’ll last a whole lot longer. It’s much easier and cheaper to buy a new theme every few years than to replace your whole site.
Recently a client of mine had her website go down. She called on a Saturday morning, frantic and confused. She thought I had taken the site down, since she had just launched a brand new one. I hadn’t touched it. But it was an older out-dated site, so I checked to make sure it hadn’t been hacked. Sure enough, the site was down. I checked and the server was running fine, All the files were still there and hadn’t been changed. Naturally, I checked the Domain, thinking she must have let it expire by accident. But it wasn’t expired. In fact it had more than a year left until it would need renewal. The domain status was “ClientHold.” I was stumped, so I shot off a support request to my hosting company asking if they had any idea. I had an out of town conference to attend, so I told the client to call the company she had registered the the domain through.
Later that afternoon she contacted me and said that after 3 hours on the phone with their customer support, they finally figured out that she hadn’t responded to their email asking her to confirm the ICANN required contact info. She ripped them a new one, saying she han’t received such an email (nevermind that she was using an old juno.com email address that she almost never checked on her domain registration. Eventually, she was able to convince them that she was indeed the registrant of record and they updated her status, and presto her site was back online… late the next morning.
Meanwhile, my hosting guys took one look at the domain status and said the ICANN info was out of date.
Bottom line: Always make sure you use a current email address with your domain registration, and update it when you change that address. There’s really no need for this kind of thing to happen.
There’s some good reasons why ICANN insists on current contact info. ICANN says it’s for “Transparency” but nobody really seems to know that that means. Without confirmation, spammers/phishers/malware suppliers/scammers/identity thieves can register a domain using fake contact info and then use the domain for nefarious purposes without fear of anyone finding out who they are. Clearly that’s been going on for a very long time. With these new regulations, failure to provide presumably legitimate contact info. will result in the domain going down in 15 days. Sure it’s not that hard to set up a fake online persona, but it’s one more step the bad guys have to take, and if they screw up, they’ll lose their domains or get caught (presumably).
Also, there’s probably a lot of domains out there tied up with old contact info, so until they expire, nobody would be able to put them to new (presumably good) use. This speeds up that process.
I feel so much safer knowing that if Terrorist Drug Dealing Identity Thieves take over my website, the authorities, after a lot of red tape, will be able to send them an email telling them to please stop.
For all our WP Management clients we check their sites once week to make sure all the plugins, themes, etc. are up to date. We then update anything that needs it and move along to the next site.
This week we were checking a site and noticed that it was down. Thinking maybe it had been hacked we checked the server and discovered that there were no files there at all. Worried, we contacted the site’s owner, hoping they had moved the site on purpose or something along those lines. They were surprised and alarmed to discover that the site was down at all.
We advised them to contact the hosting company (because we didn’t have access to their hosting credentials – or we would have done it ourselves). They discovered that the servers had been upgraded and were told to change the DNS info to point to the new servers.
We logged into their domain registration account, updated the DNS info., and got the site back online.
What might have been a costly downtime of perhaps days or even weeks, was resolved in a few hours.
Just one more reason to make sure someone competent and trustworthy is checking all your sites on a regular basis.
Sign up for WordPress Management service here