| 1:28 am on Aug 25, 2011 (gmt 0)|
Yes. Starting over is not as bad as learning how to do it the first time around. Fewer mistakes, mis-steps, or trial-and-error. Good luck! Meanwhile, if the web is all you have, might look for a burger flipping (kidding as to what kind of job!) job that will give you breathing room to get back in the saddle. Been there, done that, don't want to do it again.
BTW, Welcome to Webmasterworld!
| 1:57 am on Aug 25, 2011 (gmt 0)|
Thanks for good luck! This is the second time this has happened to me. First time almost all of my blogs got slapped by Google because a hacker in China injected some code which redirected traffic (when you did a Google search) to their spam blog. I tried to explain this to Google, and they didn't listen. Had to get a crap job and rebuild... took at least 2 years.
I brushed up my programming skills and designed a "hack proof" content management system - but got screwed by someone in China again - this time they flat out stole all of my content and posted them on about 20 Blogspot sites. It has been nearly 3 months and they are still up despite the fact that I've reported them to Matt Cutts and every other person I can think of at Google.
They still have Adsense ads on them though. So Google still profits from my stolen content. Who knows... maybe Google hacked me and is taking all of the profits? Nothing would surprise me.
| 2:32 am on Aug 25, 2011 (gmt 0)|
I guess you should block China from accessing your next site.
| 2:57 am on Aug 25, 2011 (gmt 0)|
Yes... how to block China and Russia? I've seen a few techniques but I don't think anything is fullproof as they can always use a proxy.
| 3:33 am on Aug 25, 2011 (gmt 0)|
I'm more concerned with what is your underlying choice of site offering. If CMS, pick and chose with care! If SQL based, make dang sure you've crossed t's and dotted all the i's... Sometimes we shoot selves in foot by using systems that are NOT hack proof. Naming no names, but take a look about the web (CMS packages) and avoid those that give grief. Me? I do everything static HTML (and then have to ahem!) and use database inserts as needed... none of which are open to inserts...
| 4:01 am on Aug 25, 2011 (gmt 0)|
|Yes... how to block China and Russia? |
I hardly ever see Russia except in forged referers from Ukraine ;) The rare "real" Russians, unlike the Ukrainians, seem to be legit.
|I've seen a few techniques but I don't think anything is fullproof as they can always use a proxy. |
Truism: It is impossible to design a foolproof system because fools are so damned ingenious. But that doesn't mean you shouldn't start with the basics, like IP ranges. Why bother to use a proxy when there are completely unprotected sites sitting out there?
Besides, the proxies themselves are-- or should be-- on the Deny From list.
| 5:29 am on Aug 25, 2011 (gmt 0)|
My first hacking was because I was using WordPress. I have since found a way to turn a regular WordPress blog into static HTML - and it looks exactly the same as a regular WordPress blog.
My second round I used static HTML sites - but this does not stop the content thieves. :(
| 7:46 am on Aug 25, 2011 (gmt 0)|
|My second round I used static HTML sites - but this does not stop the content thieves. :( |
Fact of life on the web... learn to live with it or quit. Can't tell you how many DMCA's I've sent out.
| 11:50 am on Aug 25, 2011 (gmt 0)|
"how to block China and Russia?"
This site tells how to block China: [parkansky.com...]
It also gives links to blocks used by other countries. Remember tho, blocking China will also block Australia since that's where their IP are assigned from. I learned that one the hard way once.
| 2:11 pm on Aug 25, 2011 (gmt 0)|
@tangor I've sent DMCA's too, but Google does not care
| 2:33 pm on Aug 25, 2011 (gmt 0)|
If I were starting over again right now I'd put a lot of focus on mobile devices (tablets and phones).
In my book a hardware firewall is a must. And get yourself an IDS. There are some open-source intrusion detection systems. If you plumb your site with a GeoDNS database you can block easily entire regions. I run some content sites and we spend 20+ hours a week on DMCAs.
Why do you need a CMS if you're a one person shop? In my mind, you only need a CMS when you get over ~4k pages or have more than 12 editors. I guess it depends what you're doing.
| 3:07 pm on Aug 25, 2011 (gmt 0)|
Sorry to hear what happened to you.
The one thing you need to learn from making a living online is:
Always. Over and Over again. It's the digital equivalent of insurance.
| 3:18 pm on Aug 25, 2011 (gmt 0)|
I'm intrigued as to what type of subject content you are posting that makes you so attractive to hackers etc?
| 3:20 pm on Aug 25, 2011 (gmt 0)|
-slightly OT-Theres China waitng to be paid , while costing the US and others, uncounted billions each year, by allowing it to happen through inaction. As they do with pirated movies and conterfeit everything. However much the gov is to blame and americans too, The US dollar is partly where it is because of outside interference from China.
| 3:27 pm on Aug 25, 2011 (gmt 0)|
There are *always* going to be hackers, scrapers, thieves, disrupters and other miscreants, from any or every country. (They have them in the offline world too, it's just easier on the net) Whatever you end up doing, go into it knowing that's a given, and build your security (and your possible responses) accordingly.
Google does respond to a lot of DMCAs, so why don't they respond to yours? I have no idea, but you better figure it out.
| 3:39 pm on Aug 25, 2011 (gmt 0)|
Since you're starting over from scratch, take some time to plan your next venture such that you won't be vulnerable to the nebulous forces of SEO, content theft, Google whims, etc. Find a different business model - perhaps one where you're actually selling physical goods, or offering a service that's intheftable.
| 3:39 pm on Aug 25, 2011 (gmt 0)|
Huskypup - often - its not the content which makes it attractive to hackers.
I find that oscommerce for example is VERY attractive to hackers - and over about 10 domains with different content - they have all been hacked (different hosts aswell).
They find an exploit in a CMS, the search google for "powered by **CMS whatever**" - Then run the exploits and inject cack and crud etc etc. Content (from my experience) is not relevent. Although I am sure sometimes it is for others.
| 3:40 pm on Aug 25, 2011 (gmt 0)|
Advice as to starting over.
Get off the internet - simple.
| 3:41 pm on Aug 25, 2011 (gmt 0)|
I dunno, I've been overseeing eight oscommerce sites for almost ten years now, and not one has ever been hacked. At least two of them are fairly high profile too.
| 3:43 pm on Aug 25, 2011 (gmt 0)|
|It has been nearly 3 months and they are still up |
Having a plan to go and do something else is a good idea, but I'm not convinced you should give up completely on your current site. It is known that Google has major scraper problems and that they are working on solutions. It doesn't seem likely that the problem will ever be completely solved, but it might improve enough to help you stay in business.
| 3:46 pm on Aug 25, 2011 (gmt 0)|
If you have been trying to make money online since 1995 and have so far failed then you should find another career.
| 4:30 pm on Aug 25, 2011 (gmt 0)|
Netmeg - I think it was some kind of POST exploit or something.
The latest injects code into the title of the site (the first field under admin).
| 5:17 pm on Aug 25, 2011 (gmt 0)|
|but this does not stop the content thieves. |
Hence my question as to the type of content.
| 6:02 pm on Aug 25, 2011 (gmt 0)|
vvw I feel your pain :(
What's with your passwords? and then with your hosting? and with your computer & software?
I understand some hackers choose sites for their content to deliver specific messages to specific targets. That's all I can say related to your content being like bait, I can only think about other factors. DMCA complains work, you just have to follow the guidelines and wait, no clue on why you never got a response from G.
[1.] Having used diff systems and technology (CMS, DB and even plain HTML) there must be something wrong with your passwords and usernames, are you using the same pass every year since you began working with this? if not change it every now and then!.
[2.] The other possible vulnerability would be your hosting. Are you on the same company while all the problems ocurred? I've seen cases where the server is compromised and the best solution is to change hosting. If all those problems happened while on the same company, change now, what kind of response did you get from them? I'll say find another one.
[3.] Are you using the same computer? Perhaps the problem lies on your computer, be it spyware or whatever catching your passwords as you type or compromising your FTP sessions. Are you using SAFE INTERNET? or WIFI on non secure networks? avoid it!. Are you alone on this? any "partner" perhaps trying to ruin your thing?
As for technology, every CMS has a vulnerability from time to time. Make sure you have the latest stable version or try another CMS solution. You mentioned having problems even with plain HTML, that's where my other questions come to mind. You also mentioned that html being produced by WP, if everything is on the same server then if WP gets compromised your HTML will also be compromised.
As for starting over again, it happened to me in several projects. I lost a finished book I was editing for print, also lost 4 months of hard work of programming and had to start from scratch both times. Pretty shocking to me, felt bad and kinda sick for days.
There are diff opinions but: diversify, make backups, review your sites every week and don't put all your sites on the same server.
| 8:56 pm on Aug 25, 2011 (gmt 0)|
|This site tells how to block China: [parkansky.com...] |
LOL - that IP list is as big as China itself!
| 12:16 am on Aug 26, 2011 (gmt 0)|
you might get some ideas from reading pontifex' suggestions in this thread.
#RefRef to attack your server in September:
| 1:23 am on Aug 26, 2011 (gmt 0)|
"I run some content sites and we spend 20+ hours a week on DMCAs."
Wow.. this is an even bigger problem than I thought. Someone out there could make a lot of money by offering a secure WordPress or other hosting solution.
What a lot of people want is to be able to blog and not have to think about all the back end stuff. This hypothetical service would take care of WordPress security and deal with content theft issues.
Does anyone know if a service like this already exists? Hmm...
| 1:26 am on Aug 26, 2011 (gmt 0)|
@explorador thank you for your tips and advice. The first hacking was really my fault as I should have kept a close watch on my WordPress installations.
The second "hack" was outright theft.. no different than looting in London.
I have thought about changing hosting companies... I'm on Dreamhost... which some call Nightmarehost LOL
| 1:58 am on Aug 26, 2011 (gmt 0)|
You've got a bunch of self made problems. if hacks wiped you out once, you should've come back the second time prepared.
In fact, you should've been prepared the first time. You need ongoing regular backups - if you get hacked you should be able to at a minimum revert back to an unhacked version temporarily, almost immediately.
And if you don't know how to prevent hacking, you need to at least keep your systems up to date, and be on a hosting company that allows you to be up to date, i.e. update your WP installs. You can't be running a serious website on Dreamhost. Heck, the first account I had at dreamhost cost me $5/year for unlimited sites. It's treated like a garbage can, you're getting what you paid for.
Hacks are in no way a 'have to start from scratch'. THey're expensive and time consuming but shouldn't stop you from continuing.
Content theft is simply part of the job, doing DMCA's, etc. I do a round every month or two now, though I'm getting sick of it and really leaning towards C&D letters instead - really want to start making things difficult for those folks. I just followed a cut and paste thief back to an SEO company that brags about 'ethical seo'.
| This 52 message thread spans 2 pages: 52 (  2 ) > > |