Why are some people mean? Why do some humans feel it is necessary to hurt other humans for no reason? Is it because they had a bad childhood? Maybe some bully at school beat them up and stole their lunch money so now they have to prove to the world that they are tougher than someone else. Or maybe someone at work got the promotion they felt they deserved so now they have to prove that they are smarter than someone else. Maybe they’re just plain evil. Whatever the reason, I never can understand it. Dogs aren’t like that. If we bite you it’s because you threatened us. If we steal your food its because we’re hungry. We don’t do things to hurt others for no reason.
Last night my website was hacked by a group that calls themselves N2N Algerienn Hackers. This morning I received an email from my site saying my password was changed. Hmmm… When I checked my site I saw this:
N2N Hackers Website
Why would someone want to do this to me? I’m not even human; I’m canine. Why me? Maybe a dog bit him or chased him down the street one time so now he is taking it out on me. I filed a complaint with the ASPCA, but they said hacking my website cannot be considered animal cruelty. Maybe I was just the victim of a random act of meanness. I guess it’s true what they say on the farm: four legs good, two legs bad.
So who exactly are N2N Algerienn Hackers? I don’t know. How do you fix a site hacked by N2N Algerienn Hackers? I don’t know that either. Fortunately I know some good humans at CMIT who were able to fix the damage to my blog and get it back up today. For the benefit of anyone else who has been hacked by N2N, I’ve asked them to explain what they did to fix it. Here’s what they said:
The first step with any hack (not just N2N) is to change all your passwords (hosting provider, WordPress and database). If they got your passwords and try to come back this will slow them down if not stop them. I used passwords that are stronger than the ones you were using (passwords with upper and lower case with letters, numbers and special characters are harder to hack).
The next step was to replace your .htaccess file with your original one. N2N modified this file to redirect all your traffic to their site. That’s how they got their site to show up instead of yours. Removing this allowed your WordPress site to get traffic.
As the secondary part of their hack, they altered data in your database to display a message stating that you were hacked by N2N Hackers. And to make it more difficult to recover, they deleted all your posts and comments from the database.
So next we restored your database backup. Unfortunately, your last back up was in August 2009 so it did not contain any posts or comments since then. However, we were able to use Google’s cache to retrieve your more recent posts. Here’s a helpful tip that bears explaining: If you ever again lose content from your website, use Google and search for site:www.simbadog.com (or any other site). The search results will show all the pages on the site that Google had previously indexed. If a page listed there is no longer available on your site, look for a link in that listing that says “cached.” This will show you what Google saw the last time they visited the page. You can then copy and paste content from there back into your site, which is what we did. Note that Yahoo and Bing provide this capability also. If Google didn’t cache the pages you need, maybe one of the others did.
They also left some image files in your uploads folder, which I deleted.
The final step was to perform a full backup of files and the database. I recommend you do this yourself a little more frequently. I also notified your hosting provider. N2N Hackers brag about their technique, which involves a vulnerability in the Linux kernel. I asked your provider to ensure they keep their servers up-to-date with patches and security updates.
So that’s my story for today. If you’ve been hacked by N2N Algerienn Hackers let me know how your recovery went and if they ever came back.