Earlier this evening, I became aware that my main site, uskeba.ca, had been hijacked by a hacker. There was a taunting message on the front page that made me sick with dread. I quickly tried to log into my control panel to discover that the password had been changed. The hackers had full access to everything under uskeba.ca, including my blogs and my email! Fortunately, the only obvious damage at that point was to uskeba.ca and its WordPress installation.

First order of business was to regain control. I emailed my webhost who responded surprisingly quickly (even though it felt like AGES). They reset my cPanel password and told me that the hackers got in through an old version of WordPress. I update the WordPress installations for my blogs immediately, but I rarely think to do so on the static sites.

The new password allowed me to get back in and make an inventory of the damage. I started by changing every single password–all of my email accounts, all of my WordPress installations, the cPanel, FTP, everything. The uskeba.ca WordPress installation had been compromised, so I scrapped it entirely and started from scratch (which was a nice reminder that I really need to work on make it look a little more professional).

The next thing I did was go through folders under uskeba.ca to delete anything that looked suspicious. There were hundreds, if not thousands, of files, but a list of recently access files provided by webhost provided breadcrumbs as to where I should search. I found several folders I could not delete, so I sent the list to my webhost who deleted them. Talk about stellar support! If you need good webhosting with solid support, you can’t go wrong with 100 Megs Web Hosting. I’ve been with them for years.

Finally, I made sure that all my WordPress installations were updated to the most current version.

I think/hope I’ve done everything needed. What a night!

It is about three hours past my bedtime. Thankfully, I’m not working tomorrow.