After blogging about my previous web host being slow, I’ve subscribed for another web hosting package for this blog to run smoothly. For the past few days, I’ve been working on this blog to ensure that the web hosting migration will be smooth.

Migration is now done for felixker.com and from now till June next year, this blog will be hosted with FRRO.

Do comment and let me know if anything here isn’t working well. And also, don’t forget to tell me how you feel about this blog.

Read on to find out how I got hacked and eventually defaced and what I did to recover & protect my website.

I was surprised one evening (last year) when I came online and found my blog defaced by hackers. I still remember the page being very simple having big headers “h4ck3d by xxxxx”. Let’s not name anyone in this scene okay.

When I googled my own site, even Google’s Cache shows the hacker’s page. My page must’ve been hacked the night before when I didn’t come online.

How felixker.com got hacked?

As I’m on a shared hosting environment, there were other sites that had security flaws that enabled the hacker to enter through the vulnerability. That was all I know when I told my provider I got hacked, as I wasn’t the only one reporting the issue.

Next, I went into Plesk (Hosting Control Panel) to check Apache’s logs for suspicious activity. This was when I found out that the hacker got in through a neighbouring site (on the same host) and placed a php backdoor script in my site. Next, he renamed my index.php to index2.php and placed his own index file (that contained those hacked messages).

I looked up the IP address (on apnic.net) I saw along with the access records and identified that the IP belonged to Indonesia. Not surprising at all.

How I recovered my blog?

I don’t have much files inside my public folder, so all I got to do was to browse around my folders through FTP and identify those files I didn’t add. After that, delete all them to prevent the hackers from being able to access my site through the backdoor.

Other than that, I set all folders I don’t need to 644 permission.

Hacked second time!

I thought I was smart by removing all the files and no one could use the backdoor to play pranks. I was wrong.

The hacker went back to the main site that could be exploited, replaced the backdoor file on a different folder and put back the same hacked message.

I had to contact support regarding this to have them help out. They took down the affected sites and removed the exploits before putting the sites online again.

Prevention

I shall share some prevention tips whether you’re on shared or dedicated environment.

1. Update your softwares regularly! There shouldn’t be much issues with Apache/PHP these days, but it’s still wise your provider updates the software into the latest stable build.
2. Make sure you’re not running out-of-date PHP softwares! If you’re using any CMS programs, check the program site regularly for updates and tips on security. It’ll do you good in the long run. You’re likely to encounter less bugs too.
3. CHMOD folders and files to 644 when not needed to modify/create files. Unless your programs need to create files inside any folders, don’t leave them as 777. 644 is always safest. FTP into your host now to change the permissions. Don’t invite unwanted files.
4. Secure your passwords. That could be the weakest link. When your login details are too easy, e.g username:admin password:password. Its always wise to use a password with 8 or more characters and should be alpha-numerical!

You can also attend a Complimentary Workshop on Cybersecurity if you’re interested to learn more about security..

There are many tips, but I can only think of 4. What can you share with me with regards to hacking and prevention?

From 2 readers a day to current, around 1,200 readers a day. Its quite disappointing to see my blog loading very slowly. Sometimes during night time (+0800 GMT), the pages don’t load at all.

What happened?

Sometime March, I received IM & emails from readers telling me that my blog is down. Not the whole blog, but the database connection to my WordPress blog couldn’t be established.

In April, I received an email from my hosting provider (Skydio) telling me that there are some heavy load on my domain which caused the SQL to hang. And to solve the problem, they’ve migrated my site to a better server container. I’m was very impressed by them being able to migrate me when my site caused inconveniences to other clients on the same server.

But here’s the interesting part.

Mid may, when I tried to browse my own blog to look for some old content, I discovered that my blog don’t load at all. It was 10pm. After 2 refreshes, then the page decides to load. Next day, 10am, I tried loading my blog again. Loading took ages.

I contacted support @ Skydio letting them know my site’s load time is super-duper long. I provided detailed info such as page load times (generated by PHP/Wordpress) and also told them that my pages are cached.

90 queries. 32.907 seconds.
110 queries. 49.893 seconds.
116 queries. 40.377 seconds.
114 queries. 54.010 seconds.
91 queries. 36.086 seconds.

The above statistics are served from different pages:
http://felixker.com/2007/01/
http://felixker.com/2007/02/
http://felixker.com/2007/03/
http://felixker.com/2007/04/
http://felixker.com/

The reply I got was to optimize my database structure and to use cache (when I am already using cache (Super Cache!).

I lost track of the support ticket until a week later when I contacted support again regarding my previous ticket. A customer service representative replied,

"If optimizing your database structure is not solving your problems, then better you go with our dedicated solutions to get better performance just for your site."

Looks like Skydio don’t want me anymore. Sigh.

Details about my current hosting with Skydio

Price: Very much lesser than what’s being offered right now. My package was purchased from PureHostings (GlobalWiz) a couple of years back before the company was sold to Skydio.

I must say that Skydio has been nice, providing me with 1GB of space even though my actual plan was 300MB. Bandwidth wise, there was no limit.

I need a new web host

I’m looking for a company that deals with shared hosting that will be able to host my blog. Here’s what I expect:

1. Decent load-time. I don’t get much readers, something like 1.2k a month.
2. Space: I need less than 1GB of space (more than 300MB of course) and I must be allowed to upload media (mp3s/videos).
3. Bandwidth: I don’t expect unmetered bandwidth, but at least 100GB. I have media/mp3s hosted. I will abide all AUPs.
4. Uptime: 99.9% as far as possible.
5. Price: Quote please.

As you can see, its quality to quantity.

Contact me

Email me  –

Here’s the reason why I’m always so poor, and sometimes dad complains that I spends too much for particular month; August is one of them. After I get my cheque by Google, then the amount I spend will be lesser. The amount I get paid for displaying ads isn’t enough to account for all my web hosting accounts!

I won’t write too much details to bore you.

Web Hosting

SparkStation (Singapore) | VPS Basic : SGD $39 | Plesk : SGD $15
Subtotal : S$54 (monthly)

The New York NOC (USA) | VPS-1 Plan : US$40 (SGD $61) | DirectAdmin : $5 (SGD $7.50)
Subtotal:  $45 (SGD $68.50) (monthly)

exabytes (Malaysia) | EBiz GOLD : Ringgit Malaysia $299.50 (SGD $130)
Subtotal: Ringgit Malaysia $299.50 (SGD $130) (Yearly)

Web Hosting – Total: SGD $252.50

Domain names

steang.com – $8.95 (SGD $13.50)

keelywee.com – $8.95 (SGD $13.50)

sgbloggers.com (renewal) - $8.95 (SGD $13.50)

Domain names – Total: $26.85 (SGD $40.50)

Total

SGD $252.50 + SGD $40.50 = SGD $293.00

–

Yes, this is the amount I spent last month.

I don’t even get paid for 1/3 of what I spent. Your donations are always welcomed.