Yes, it is true – after a series of posts alerting the world to the methods of hackers and how to protect yourself, I was hacked. Here is what happened.
On Thursday I received an email from GoDaddy, my hosting provider for this site, alerting me that I had two hours to remove several phishing attempt pages that I had up. If I didn’t remove them within two hours they would shut down my site. Needless to say, this was news to me!
For those of you that don’t know, a phishing is when a fake site tries to steal a user’s login information or credit card number. Most of the time this is done by sending you an email with a link. Let’s take Bank of America for example. If a hacker were able to obtain the login and password for a Bank of America account, they could steal money by transferring it to another bank account. So the hacker would send you an email that looked like it was from Bank of America, telling you to check your account urgently. But the link in the email wouldn’t go to the Bank of America website, it would go to a nearly identical web page the hacker created to collect your login info (a phishing page).
Why the hell were there phishing pages up on Pedantic Posts? I can assure you I did not place them there, which means I was hacked and someone else did it. You see, a hacker doesn’t want to use his own domain name to host these pages. The site would quickly get reported and shut down. Instead they hack a site and put the page up there.
Realistically, the phishers don’t go out and hack a site. They probably pay a tiny amount of money for the username and password to a site that someone else hacked. Either way, they gained access to my site and put up a number of pages including several phishing attempts and porn advertisements.
It turns out that I had a pretty weak password setup for my site. 8 characters, only 1 capital, 1 number, no special characters. You better believe I have fixed this. Lesson learned. What was the damage? The site was down for 2 days due to my slow response time, but it could have been much worse!
XKCD has an interesting commentary on password strength (for those of you not in the know, xkcd.com is one of the smartest / nerdiest / funniest tri-weekly web comics on the tubes).
http://xkcd.com/936/
Basically, our modern obsession with password complexion makes it easier for hax0rs.
HA, I love XKCD but have never seen that one! Great find, totally relevant.