I lost Internet service for about 3 days this week. Bad timing!
Once my Internet came back I discovered that while offline, malware took over one of my web sites. It was sending spam messages to Twitter and Facebook, which I quickly blocked. Took me longer to identify the mechanism, clean it up, then remove the spam messages. The malware also prevented me from logging into the control panel for the web site, which I fixed by FTP’ing some replacement code.
I thought I’d gotten everything – but no, I missed the entry point for the malware – how that was discovered was unexpected!
Today, I backed up that web site and all of my web sites – files plus databases. While I was copying files from the remote web server to my local PC, my local PC’s antivirus software detected the malware file! It was a backdoor entry script that was installed to the web server in 2016. Someone used that to use the web site’s software to send out spam messages. Visibly, the web site continued to operate as normal – pretty sneaky.
I try to run “clean” and “secure” systems with many precautionary measures in place. But … every second of every day, we are under attack. Hacking is rarely prosecuted, and I’ve heard that in some countries, it is never prosecuted. Those countries host an entire industry of hackers, who have now moved on to ransomware and other tricks to make a profit off of hacking.
