binary code

Diary of Dealing with a Hacker

Salt Lake City, UT – After remaining dark for the past month, we’ve today resumed publishing news and feature content here at First Tracks!! Online. Our hiatus was unplanned. We weren’t being lazy, nor was it even because we were out skiing. It’s because we were hacked.

We’re a small home-grown operation, and as such we’re a seemingly unlikely target for a hacker. But as far as a spammer is concerned, all they need is a compromised server from which to send their unwelcome email touting cheap prescription medications, sleazy porn sites and weight loss programs of questionable efficacy.

In all sincerity, this has been our winter from hell. We had just completed both an unplanned migration to a new web host and an unanticipated redesign of our site’s front end when an unknown individual or group wormed their way into our web server in mid-February. Our users first alerted us to the intrusion due to a new file upload form suddenly appearing on each of our site pages. Almost immediately our mail server was flooded with outgoing spam, sometimes accumulating 30,000 to 40,000 messages deep. Such voluminous outgoing email brought our server to a crawl, and at times brought our website down completely. We love blizzards, just not this kind.

We immediately hardened our security and identified the scripts that had been added to our server to produce the emails. We thought that we had the problem licked.

But we were wrong. Suspicious files continued to appear on our site and the queue in our mail server continued to blossom. Yahoo and AOL both blacklisted all email coming from our server. Our site kept going down and users continued to see error codes in place of ski news.

Honestly, we had no business publishing news that our readers couldn’t see. Furthermore, we had to dedicate all of our available resources, limited as they are, to attacking and rectifying the problem. Unfortunately, it couldn’t have come at  worse time than during the heart of the ski season. Our traffic, and therefore our advertising revenue took an unprecedented hit from which we couldn’t possibly hope to recover.

After additional efforts over the past several weeks to cleanse and secure our web server, we’ve now gone several days without infiltration and we’re somewhat confident that we’ve finally jammed our finger into that proverbial hole in the dike. Our collective fingers are crossed — at least the ones that aren’t plugging that hole. If you’re reading this you’ve stuck with us this season throughout all of our trials and tribulations, including this most recent and most severe one, and for that we’re enormously grateful.

Edit 2:30 p.m. MDT  March 25, 2014: Alas, we were apparently overly optimistic, for the spamming unfortunately continues. We’re working diligently to resolve the issue once and for all, and we appreciate your patience with any unplanned site downtime that you may experience.

Leave a Reply