In my day to day interactions with businesses whose websites have been compromised, I’ve become increasingly alarmed by companies charging outrageous fees for basic “malware removal” then leaving their clients out in the cold to fend for themselves when they do not complete the tasks required to fully secure the website at the completion of their malware cleanup work.
Now I’m normally a rainbows and unicorns sort of guy. And bad-mouthing competing website security-related service providers is not my thing. That said, about two-thirds of the interactions I have with new clients by phone lead to a discussion regarding the malware cleanup company they used last month. This has become so prevalent and it breaks my heart.
The malware removal company sales script often reads something like this, “I’m sorry to hear your website has been hacked? Ok, we’ll remove the malware for you ASAP. Can I get your credit card number?”
The unsuspecting client then pays for “malware removal” and receives a service that involves little more than an automated malware scan and removal of suspicious files, sometimes breaking parts of the website in the process. This type of work is something a person with a moderate level of website security expertise can complete in a matter of minutes. That people are being charged hundreds of dollars for this level of service is disheartening (and borderline unethical IMHO).
| Suffice it to say, simply removing malware from a website does not fully secure a hacked website against future abuse.
If your website has been compromised and you are looking for help, please ask the person doing the work to at least take the following minimal steps in securing your website:
- Change all passwords throughout your entire hosting account.
- If yours is a WordPress website, ensure all core WordPress files have been replaced, and ensure all plugins are updated to the latest version.
- Remove all content management system and FTP users no longer requiring FTP access.
- Ensure all websites sharing the same account have been equally reviewed and secured.
If these four minimal requirements of a website security service are not completed, it is very likely your website may be recompromised.
If you would like a free review of your website’s security by phone, please feel free to call me anytime here in San Diego, California, at (619) 479-6637
If you are reading this, maybe you were caught by the catchy title, or maybe you’ve heard about the Internet Archive Wayback Machine.
If you haven’t donated to the Internet Archive Wayback Machine recently, I hope this tale will convince you to support our mutual cause. Have you donated to the Internet Archive Wayback Machine?
My story began early one Sunday morning, sometime before 7 am. While taking a sip of coffee at my computer—where else would I be—the phone rang unexpectedly. Caller ID said, “Unavailable”. Sadly, 2/3rds of the calls I receive each day are sales, robo calls, or “Can you help me. I think my computer has been hacked…” Hoping against all odds for a new customer call, I picked up the phone that early morning.
My business is website security, and this particular caller, from Pakistan, found me in a random Google search. My experience with folks from this region of the world has been markedly poor over the years. Don’t get me wrong. It’s not the people that are the problem, it’s the US Dollar that generally causes “the friction.” That said, this gentleman seemed non-plussed by my flat rate so we continued the conversation in earnest.
As it turns out, the hosting company had suspended his website for malware earlier that week, and our new client had been trying in vain to find someone to help in recovering his website.
I said, “No problem, I’ll get you back up and running within a couple hours today.”
Normally, I find my staff and I can work through the recovery and lockdown of most compromised websites within a few hours. So when he said, “A hacker deleted my website!” I didn’t’ think twice about it. A good percentage of callers exclaim “My website was deleted! Can you help?”.
Once I had convinced the web hosting company to unsuspend his account and began the files review process, I became even more convinced that all would be well…
See, all of the images were there, theme and plugins appeared to be in place, albeit most compromised with exploitable code. And other than a relatively common WordPress plugin error displaying on the home page I figured all I would have to do was run a quick WordPress reinstallation, malware removal and then step out to an early lunch. As you may have guessed, that didn’t happen.
The moment I logged into the WordPress dashboard my blood ran cold. Indeed, all of the pages, posts, and widgets had been deleted. The hacker had likewise deleted the previously active theme, wryly leaving an old Twenty Twelve theme set as the default. The situation was looking pretty dire at that point.
Digressing a bit. The client had earlier mentioned that he was convinced a prior contractor out of Romania was responsible. And he was hoping I could put together enough evidence to prove that was the case. I didn’t have the heart to tell him at the time that it’s virtually impossible to prove guilt in this way. Later I learned the posts and pages had actually been missing for months.
Then, as I delved deeper into the malware review portion of the job, it became obvious that a second hacker had taken advantage of the outdated WordPress version installed just weeks before; which apparently led the hosting company to shut down his account for a terms of service violation (reason: terms of service violation – malware/virus).
The moment of truth if there ever was one. I had to decide whether to refund the client’s payment or dive in heads first and figure out a way to recover content that didn’t exist.
As it turned out, someone had saved a backup within the account 6 months prior; after the pages and posts had been deleted, but before the WordPress theme had been deleted. I took that as a positive omen that not all was lost.
Hopeful, I ran a number of Google searches to see whether any older cached pages existed within Google search. I found a few nicely cached pages. Things were looking up. I then called and discussed with him the possibility of hiring a web designer to recover the lost content using the cached copies from Google. He wasn’t so keen on the idea, knowing that might cost as much as just starting over from scratch.
With the wind taken out of my sails a bit, I took a short break from the project—a shower and a toothbrush were beckoning at 8 am. And with a fresh face and clean pair of something draped over my torso, it dawned on me, “What about the Wayback Machine website?“
Honestly, my past experience with the Wayback Machine hasn’t been the rosiest. For a time, the old Internet Archive seemed essentially dormant, with gaping years of missing archives. Given my past experience, I did not expect to find anything useful there. But it was early enough in the morning and with my optimism still in full swing I typed into my browser location bar:
“The way back machine”
While waiting for the Internet Archive to draw up a calendar of saved copies, my first thought was, “Wow, the Internet Archive has really changed since I last checked it out.”
It would seem that in the past year or so the old Wayback Machine appears to have reincarnated itself for the better.
So I clicked one of the older calendar links. This brought up the client’s website within the Internet Archive. All of his preexisting pages were intact—in all their original themed glory!
And with my thoughts of having to refund our client’s payment gone from my mind, I sent a hasty message off to him, “I think I’ve got it!”
His response was overwhelmingly thankful and spilling over with gratitude. He could scarcely believe that anyone could bring his business back online from disaster to rebirth within the span of a few hours.
So with a new sense of purpose and the help of the Wayback Machine, I got back to work on recovering the client’s deleted content.
Encouraged, I installed a fresh WordPress installation, then reinstalled the preexisting plugins, images, and theme in preparation for importing the cached pages.
And then another Eureka moment hit me. As I began reviewing the web archives within both the Internet Archive Wayback Machine and Google I stumbled upon something I’d never seen before named, the “Wayback Machine Downloader“
The Wayback Machine Downloader has no apparent affiliation with the Internet Archive Wayback Machine. But what it does have is a free HTML exporter for up to the first 4 pages found from the Wayback Machine. I was intrigued so tried the free service. Within minutes I had a pretty decent facsimile of the client’s WordPress website converted into HTML only format running on my local computer.
And then like a snake it nearly bit me. At the top of the Wayback Machine Downloader was a single word menu item, “WordPress“. The summary of the service on their website seemed a bit overconfident to me. I’ll paraphrase from their website, “We provide a website that looks identical to what is shown on archive.org, with a fully functioning WordPress menu integration… yadda yadda.”
At this point it dawned on me that rebuilding the client’s website from an HTML converted format, while doable, was going to take me way longer than the client had been billed for, so I took the chance. I placed the WordPress conversion order. The cost was $50ish US dollars —and waited. The email receipt indicated I may have to wait a few days.
Well, within a few hours I found a complete WordPress installation with database and images waiting in my inbox. That was totally unexpected.
I figured that at best I would receive a database with some minimal instructions. What I received was a fully ready WordPress website, with better than average instructions on, “How to restore a website from the Web Archive” within a cPanel server setup.
Within minutes I had completed the recovery of database and provided files and had a fully functional nearly identical WordPress ready website in place for my new client.
Of course, the Wayback Machine has no way of carting over the previously working contact forms scripting, so some additional setup was required; nothing anyone with a modicum of WordPress experience couldn’t do in a heartbeat.
Presenting my client something from nothing within the course of a few hours on a Sunday morning was glorious.
The client was so overwhelmed and forthcoming with gratitude that I was floating on a cloud for the rest of the day.
It’s days like those that remind me how wonderful the Internet can be and how thankful I am for what it gives us.
People helping people—the speed of light is our only limitation.