Please Support - Ride for the child

Hacked

June 19, 2015

Yesterday I was hacked for the first time. Around 6 months ago I had a malicious script in one of my WordPress sites once but that was easily resolved. This one was like a full on thing you read in the news, albeit on a smaller scale!

Yesterday afternoon I went to check my Webknit website and noticed that it was down. I checked the other sites on my servers and they too appeared to be inaccessible. I quickly logged into my plesk panel and noticed that my Apache CPU usage was through the roof. It generally runs as < 5% but it was peaking at around 80%.

Screen Shot 2015-06-19 at 10.46.05

My server has around 20 websites on it and whilst I know a bit about server admin, I’m certainly no expert. My world began to crumble when emails from clients began to flood in. It’s at times like this you feel so helpless and vulnerable online! I can’t even begin to imagine how a larger company feels when they’re under attack with tens of thousands of people complaining. Luckily they have skilled people handy to combat the problems. I had .

So I logged into the server via console and ran the “top” command, something I wasn’t aware of before. It basically lists the the CPU-intensive tasks on the server. I could see there were dozens of continuous tasks on my Webknit domain which was effectively preventing everything else from running. All my sites were basically 503ing. It appeared to be a DDoS attack.

As a quick thinking temporary solution I suspended the Webknit domain via plesk. This shut down 5 sites (including those on sub domains), but it meant that normal service was resumed for the others. If they would have targeted my IP I wouldn’t have had a clue what to do! Again, I should point out that I felt quite comfortable shutting these sites down, they get a large amount of traffic but nothing really depends on them. Some of the other sites I host are businesses who receive larger amounts of traffic and revenue and I was really concerned about those.

The next day I reactivate the website and luckily everything was back to normal. The whole experience was both exciting and scary at the same time. It’s made me realise I should learn a bit more about server admin, it also made me think about how fragile I felt. It made me question whether I really want to be offering hosting as a service.

If anyone has any tips, advice or stories then I would like to hear from you!