On April 17th 2013, I woke to this email from my
>> Dear Jacalyn
this is a notification that your service for your website has been suspended.
Suspension reason: Phishing Site
Please submit a support ticket here: https//:blablabla.com
Half asleep I dismissed the email
(ironically) as a ‘phishing’ attempt to gain my server’s login and password
information. Half an hour later I checked my url: www.babydoesnyc.com (NOT THIS BLOG) to view a virtually
blank page with the word: SUSPENDED, strewn across the screen. To say I was
shocked is an understatement. In
fact I was too freaked out to do anything other than scan my host provider's website
searching for a contact number.
I called them (located in
Canada) and was informed by their representative that I had to submit a ticket
from their client log-in site. In other words, they could not change the status
of my url or explain how when or why my url had been hacked over the phone.
I hysterically explained that
there might be a chance my contact email had been hacked too and that hackers
could in theory be tracking all of our communications. I requested that they conduct communication via my cell phone and then via a second email
address. But they only operate an automated customer services process.
I submitted a ticket and
waited.I requested information on
what was being done specific containment/repair so that I could pass this along
to my technician. They could not provide me with any data about the individuals
who had been defrauded via phishing pages attached illegally onto my url. The
ticket submission ‘back and forth’ system was excruciatingly slow.
Fortunately Google was more
forthcoming. On April 16th 8pm Google sent me this almost jolly
little email notification:
For clarification here are the
pages Google reported on:
This meant that hackers attached false pages to legitimate ones on my url. These pages looked like paypal.co.uk and paypal.com, only they were not. I contacted PayPal immediately and they confirmed that my account had not been compromised. But it did mean some visitors could be lured away to a 3rd party site masquerading as PayPal.
Here is a snapshot of the Google
warning page, if you had tried to land on my url before I got it contained:
Between April 17-20 I continued
to work with my host provider in removing all files associated with my url, both
legitimate and illegitimate, in an attempt to: (a) contain and stop internet
fraud, (b) contain the url and secure it, (c) reinstate my url as a legitimate
site, (d) recover the sovereignty of my url, (e) alert online organizations of
my experience to help broader efforts against hacking and other forms of online
How did this happen to me?
Disclaimer: this is a
presentation of information that may shed light on my url’s compromised status.
It is not a definitive accusation of guilt or liability.
not that my url was big. In fact, the traffic was so slow it resembled a
dripping tap. I had done nothing to promote it because I was building up the
brand offline, locally and organically. Still, something had gone wrong. My url
had existed unmolested since 2007 in one form or another. There were a few
When the phishing happened my hosting provider maintained that the server
was never compromised only the website.
Six months previously I had uploaded a new website template from an off the shelf company. Was there an inherent weakness in this template's programming?
early March someone claiming to be from a tech company based
in India, offered to run a free SEO report on my url. I thought this
would be a good idea, as no personal information would be exchanged. I received
two reports from the company, which I opened in Google view. No … I did not
download the documents.
Here are the emails I received
from persons reporting to be from this company (personal info hidden):
In this era of cut throat online competition, it is not
easy for a website to occupy a place on the first page of any search engine and
reach its targeted audience without the help of unbeatable search engine
optimization services. Therefore, search engine optimization has become the
need of the present competitive business era, as this helps people to
accelerate their online business by offering the website 1st page Google
ranking and potential traffic.
you be looking to gain your potential customers/visitors online?
you be looking to generate traffic on your website?
you be looking to increase your sales/leads online?
you be looking to see your website in Top 3 positions in Google or other major
yes, please reply me on this email with the list of keywords and domain, which
you want to target.
will analysis your website for free and send a free analysis report along with full
SEO proposal that would not only improve sales of your company but
also brand your products.
for your valued response.
for showing your interest in our services.
here BDM (S) will assist you for further discussion.
I analyzed your website that is really good, might be fulfilling
your purpose and it will go up with right SEO strategy. After analyzing your
given keywords, I will suggest you to not use all these as they are not very
much business generated keywords for your website and will not fulfill your
I am attaching your given keywords searches (Globally and
Locally) and the current ranking and some of facts about your website along
with recommendations. Please have a look. What we will do? My technical team will come up with more
traffic and profit oriented keywords and your competitors full analysis once
you clear your project running with us. We will also make you socialize among
top Social Media Websites. We will increase likes of your company's Facebook
page. We will promote your Fan Page. We will do blog promotion for your blog.
me along with you further query if you have. Waiting for your valued response.
4) I was not interested in using their services primarily because
“A” and “S” had two completely different email address providers.
The company they directed me to had a CONTACT US page embedded in their url. So
something felt ‘off’. I kind of just ignored them.
5) I received this email a few days later:
am still waiting for your response. Please let me know your interest level so
that we can put our discussion further.
On March 15th I emailed "S" declining their services for the
time being. That was our last correspondence.
over ONE MONTH later my url was suspended for phishing activities. Coincidence?
You decide ….
I have learned a lot since my url was hacked. Hindsight is
20/20. I share this information with you in an attempt to help you prevent this
type of experience. Here are my prevention tips:
Never ever engage an unsolicited offer to conduct
any type of SEO or other service on your url.
Never provide email solicitors with any personal
information, even confirming a url address.
Discuss security, hacking prevention and
recovery protocol with your hosting provider or url designer BEFORE you launch
When using off the shelf templates make sure
that there are no back-door loopholes that can allow hackers into your site.
Add extra security measures just to make sure. There are many Open Source
malware patch apps. Check them out now.
Pick up strong passwords for your main cPanel
account, MySQL, FTP and mail users.
Never use the same passwords for different
users. For example a MySQL user should not have the same password as your
cPanel user or an FTPuser.
It is essential that your cPanel user's password
is not found in any file on your account by any means. Also please try changing
the passwords frequently. Write them down in a notebook that you keep secure
Check whether all of your web applications are
up-to-date. This includes any modules, components and add-ons you have added
and/or integrated. This is because old applications have a backdoors so that the
intruder can easily gain access to your account.
having directories with permissions above 755. If your applications require
such directories, try to put them outside your webroot (public_html) or place a
htaccess file in them containing "deny from all" to restrict public
access to these files.
Download a handy PDF by
APWG (internet watch dog) called “What to do if your web site has been hacked
by phishers, from this website: www.apwg.org.
Ask your tech guy about
“Hardening” your url. This is the process of securing an operating system. Use
commercial and open source vulnerability scanners and security baseline
analysis tools to identify unnecessary services, accounts, and improper
configuration settings. The Center for Internet Security offers analysis tools
and security templates for commercial and open source operating systems
commonly used for web server hosting.
Restrict traffic flow at
firewalls as tightly as practical. Only allow access to TCP or UDP ports where
your authorized services are listening, and further restrict flows to the IP
addresses of the systems on which you are hosting listening services. Restrict
outbound traffic flows from servers as well.
Stay up to date. Web
vulnerabilities are discovered and exploited on an almost daily basis.
Subscribe to a vulnerability notification service offered by regional CERTs,
SANS, and SecurityFocus.
Swimming with the phishers
Getting hacked is unfortunately a growing crime. Websites
that attract high volume users are magnets to hackers. Hackers enjoy a
challenge, cracking codes and overcoming firewalls. To them it’s a game and one
that can be highly profitable. Knowing that components of my organic url were
used to hook confidential information from innocent and potential customers, is
just awful. Add to that :brand damage, a loss of genuine market confidence and
the cost and time it takes to rectify an url, and you get the picture. It
Right now (April 21st 2013) this is what my
url looks like:
There’s a saying “what ever doesn’t kill you makes you stronger”;
I have to believe that this is true. In the eye of the hacking/phish storm one
feels powerless and violated. Over time equilibrium returns and one discovers a
golden opportunity to reinvent one’s brand presence. Learning from others like
me might even keep you from a hacker’s reach. I hope so.
Baby Does NYC t-shirts, bibs and onesies are now
available for wholesale. For individual sales contact Jak for an outlet near
Baby Does NYC ™ Jak Burke
Industries LLC, 2013
Labels: baby, brand, do, fraud, hack, hackers, hacking, internet, NYC, online, phish, phishers, phishing, protection, spam, theft, to, url, what