Hi, My name is Leah and I am the Polio Survivors Network [PSN] Web Mistress, aka Site Admin.
I want to start this topic by explaining as much as I can in a nutshell about the hacking of this website.
Some months back, I was asked if I could update the old website and to make the website more user friendly and responsive to today’s users. There are a lot of users with mobile devices, such as, of course, mobile phones, but there are numerous devices nowadays cheap on the market to expensive, that offer a hand held device with access to the internet… such as Ipads, android tabs, amazon kindle etc that can view websites.
I agreed to update the site and make it work within the lines of new tech that access the web, but not only that make it somewhat easier to navigate and etc…
On the 4th September, Hilary, whom I work for as a P.A, whilst looking something up on her laptop called to say something weird was happening. I tried to see if the website was still up and not having down time and to my horror the site had a redirect set up to some adverts that were not poliosurvivorsnetwork.org.uk or anything to do with the site at all!
My antivirus on my laptop I was using to view the PSN website notified me it was infected with a Trojan virus
I traced the website and the IP address from the last log on to the (poliosurvivorsnetwork.org.uk) site via the cpanel of the website hosting they had set up, I traced it to Mumbai…. so the hacker who accessed the site and changed the website address to point to one of its fake sites could use its new redirect to steal all your information. It is so clever that they can infect your PC or Phone or Tablet with a virus and steal your info if you access the site and have no antivirus or anti malware protection installed on your PC.
So I logged onto the site hosts admin panel that controls all the website hosting options and email etc., who hosted the old site of poliosurvivorsnetwork (PSN). I saw that Google had now placed PSN under an unsafe site do not visit warning via google search. I had to talk to google search organisation to ask that they review the site once we had removed the virus to change the website to a safe site in the search engine. At the moment if you searched for PSN on Google and it came up with “This site is not safe and may have been hacked” warning. When I submitted a request to review this status it took 6 days for them to resolve the notice and make it a safe website again in the search engine.
I immediately removed the whole site and uploaded a holding page. I gave myself a huge pat on the back, because when I had been originally asked to ‘update’ the PSN Website I had made a hard copy of the whole online website onto my laptop for ‘modifying’ it later. After I had removed the site, I downloaded backups, I refreshed the PHP and MySQL, flushed them clean from whatever they had lingering.
I contacted the hosting company again and spoke online to the support group and told them what had happened and was pleased to learn from Tech Support that I had done everything they would have asked me to do. They would now put my support ticket to someone higher on their team and I was to expect a return email within two hours. 6 hours passed and I still did not have any email. I checked with Hilary if she had heard anything but nothing. I run out of patience and I tried to log in to the just host Cpanel to submit a ticket again asking for an update on my last support enquiry. I was stunned to see ‘Account Suspended due to terms of service violation, uploading hacking code etc. We had no way of contacting support via the ticket references they use to keep the conversation updated in order. The only way we could now contact them was by phone in America.
At 10pm I was sat at home talking on my mobile to Hilary whilst she rang the hosting company in the States via Skype. They told her that they have discovered that the site has hacking code on it and that violates their terms and the site has been taken down, suspended. We explained that was not true and that they could check the support tickets. After failed trials to send us a copy of the promised email they offered to charge a fee of $50 a month to fix and maintain security on the site. I told Hilary that so far I had done all the work and explained everything to them. I even tracked down the IP address to a service that gives out IP addresses en mass to whoever pays for it. That the IP address owner has a bouncing email address and from that they could see we were not breaching anything, just asking for help. I suggested that PSN should move the Website to a different hosting company. Hilary agreed and instructed the company to do whatever was necessary, so this could take place. I recommended a hosting company that I have worked with for many years with no problems with customer service and no extra $50 a month for unnecessary maintenance.
A huge time consuming fiasco. I had the whole website directory saved to my PC and an external hard drive. I opened the directory up on my desktop computer and I saw that the folders had unnecessary folders, folders with passwords in them, folders with minesweeper games in them, the html web pages all had bad code written into them by a hacker….
Now I say a hacker. However the hacker could write code using a web crawling application that will scan for old code in websites and then infect that code into every site it finds. This is not a person personally choosing PSN to hack into, that I am aware of. This is a multiple website hacking tool, made by a person or group and spreads through the world wide web and infects all websites it finds with a code vulnerability and implants code to infect the site and then control said websites as it pleases. Infecting them with viruses, malware, or the most horrible, stealing website eCommerce and any other info.
So I was unable to just upload the site to the new hosting service. The pages were all infected with bad code, it had Trojans all over the site, the hacker proper took down the site and infected its seed into every page of the huge library site.
So I am now having to re code every page and save articles as PDF documents as they are now , until I have more time to re write everything that was on the site before.
If you are interested I give below some great documentary videos to explain what a hacker can do nowadays. How the hacker did what they did to the PSN website.
Old code from the 90’s gives access to all sorts of bad people.
The site is now as safe as I can make it and you will all have to bear with me as I get through the site and re code the library in full.
I have asked PSN to buy the best apps for the site to protect everyone from spam including the website. There is more work to do but we are ready to go again with a new hosting provider, new website, and no copied code from the last PSN site. Everything is fresh and new, hence the amount of time it has taken me to redo this wonderful informative website, Polio Survivors Network.
Lets start with what are hackers?
Here is a really good example of how a hacker can control simple things
How do hackers HACK?
More ways of explaining how hackers hack sites
Most Dangerous Hackers of all time (Just a few here)
The above video mentions … (not to make you paranoid or anything)
Steve and Steve – one of these Steve’s was Steve Jobs – The man of Apple!
How to hack tutorials! Available to the world , online! (and we wonder how people educate themselves how to hack? why… youtube of course!)
Vast amounts of info on YouTube
You can even HIRE a hacker!!
See Here a google search
We had a site with old code that needed updating, not because of its look, but because online sites and blogs, apps, games etc can all be hacked. Now the code updates yearly, you can not have a site with old code any more. If you also have a Website I hope that the above will help you to ensure you do not get problems like we have.
This is why you need a good host, a good website developer, web designer and code expert or updated content management systems like WordPress for example to prevent such things happening. It doesn’t cure all, there is always going to be something out there crawling the web infecting everything on the web that has a backdoor open for the nasty viruses to encode themselves nice and comfortably, however it’s an updated platform that has multiple plugins that help prevent hacks happening.
It can be a costly job at times, but for a well-used website with lots of visitors you need to invest.
I have done what I can, I am in no way saying that this site will never be compromised, but just like, major banks, airports, main stream media, you see it in the news, they can get hacked, but its prevention, that’s the key.
Unfortunately, because of the old code the site could not just be copied and pasted, I have had to write all new code. Thus it will take a while to get all the site documents and library up and running as before.
Hold on tight, I am endeavouring to get it all up and running ASAP. I am not lucky enough to have a whole team working on this site, that would cost lots of money, however I would like to say a huge thank you to Hilary, for doing all she can and spending loads of hours re writing text and updating articles for us all so that this site has the most updated info as possible, we have both worked hours and hours getting this site back up and running. Further small updates on the new text might happen as we continue to review this.
Watch this space.
Leah – Web-Mistress