I have a client whose website I made and for whose website I provide hosting. I also offer a backup service where his website is backed up every day, every week and every month with 3 of each of those backups retained off site on Amazon S3. So he has a backup going back 3 months plus.
I also make periodic site file and database backups of my hosting clients.
Here is a story of one client who needed those backups.
On June 26 my client’s website showed a 500 error on a few of their pages. When I went to look into the problem I eventually found that there were a number of files mixed in with their site files that were clearly from someone who had hacked in. See below for a screenshot of what they looked like.
I changed their hosting control panel password and restored their website from a backup from a few days earlier.
One of the most common ways hackers get into sites is simply logging in with a password, albeit one that was stolen. It turns out this client had discovered a breach on their computers at their office some time earlier, which may have led to compromised passwords. No one knows for sure how someone hacked into their website.
This fixed their website and so they were back in business.
We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users who visit these pages by clicking a search result on Google.com.
and so on. See the screenshot for the full content of the email, (minus what I marked out to maintain privacy for my client). Essentially they sent it to 8 email addresses @ my client’s domain name, figuring that someone would have one of them at least and receive their notice:
To confirm what was in the email, I went to google.com and searched for the page they indicated and when I clicked on that page from the google search results I was presented with a warning that stated:
Not what you want for your website.
This time took a fair bit more work. First needing to review google’s documentation about what specifically they found and how to restore their ranking in the google search results once the problem was fixed.
Logging into Google Webmaster Tools for this client’s website allowed me to view more details about what was discovered on the website and on which pages.
Then I searched their site files again and found more files that were clearly from a hacker.
File names like s.txt, s.txt.1, and V9si40f are not part of my clients install, and you can see by the contents that they are not friendly.
So this time I spent more time looking through backups before re-installing. I actually had to go back about 5 months to find a backup that appeared clear and safe to restore from.
And again we changed their hosting control panel password, along with all of the user passwords to the website and also all of their email address passwords since they had found that their computers had been hacked into previously.
Then I had to restore the new content to their site and update the site and the plugins on it because the 5 month old backup was, well, 5 months old.
What if I did not have a backup that far back if at all?
Fixing the website in that case would have been a much more complicated, much more time consuming and much more expensive undertaking. With the backup I was able restore their site in less than an hour, (although it took a few more hours to do the research on what Google found, what needed to be done to fix the problem and how to restore my clients presence on google).
Luckily following the links in the original email from Google provided the needed steps to request a review of the site again by Google to have the site presence restored.
Do you have a backup plan?
I mostly work with WordPress. There are a number of backup plugins you can use. I have not reviewed them or tested them out. I use a premium plugin called BackupBuddy to backup my client sites and have an account with Amazon S3 where I have those backups sent to. Whatever you do, make backups.
Do you make backups? Do you have any stories about getting hacked or about backing up your website to share? Was this helpful to you? Share below.