Forum Moderators: phranque
Now I'm thinking a little differently, this hacker generated over 80,000 hits in about two hours, mostly SE traffic but for pharm terms not my keywords. Do you think that if I remove the block to the SEs I could take advantage of the boost in traffic, or should I just stay away form traffic that obviously comes from spammy sources and the wrong keywords?
How did they hack the site? Did they get into the htaccess to do it? And how did that work with the SE traffic? Having never tried to do such a thing, or had it happen to me, I have no idea. Hijacks, sure, but this is totally different. (Probably best to put it in vague terms so it doesn't serve as a primer for other low-life.)
If something gets burnt, it's much more likely to be the free hosting account than your main domain. I hope.
To answer the hack question, they actually got in through an XSS injection or an SQL injection (I'm not sure which but the site was under attack from both, I expect the SQL in an old Wordpress setup that reset my admin username/password) then from there they uploaded a php file that started crawling the server and sent me mass traffic 1/3 of which was head requests.
And no they didn't get my .htaccess file, which I used to block most of the traffic before killing the entire domain for a day or so to get things back under control. I now have a ton of attacks blocked thanks to a site I found that details an .htaccess setup in a G search for "block head requests".
But the domain is pretty important so I can't sacrifice it. I'm still stumped how they drove so much traffic so fast. If it didn't force me to push a site upgrade so fast I might have been able to study my log files, but I've still got some work to do because of the new design rush.
Lesson learned so far... strip_tags is your best friend!
Looks like I just turned the tables on this attack and made it a revenue stream for me.
