At about 00:50 AM GMT, this site was successfully attacked by one of the latest SQL injection attacks that have been flooding the web and infected more than a million websites worldwide.
It took me less than 10 minutes to discover the attack, at which point I took the entire website offline to prevent anyone else - i.e. you - to get infected by the script they added to my site.
If you visited this site between 0:45 and 01:05 GMT I strongly suggest you run a virus/spyware check, and check if your anti-virus is up to date. According to my logs, 35 people visited this site during that time.
But, the risk of any of these 35 people getting infected is extremely low. All anti-virus applications already know about the specific script and would have blocked it before it had a chance to be executed (it was first patched by anti-virus programs about a year ago).
Oh yes - big time. The attacker destroyed every single table in my database. It deleted almost all content. As such, this site was damaged beyond the point of repair, and I would have lost everything - all my articles, all comments, everything - where it not that my server backs-up the database each day.
Luckily the backup worked like a charm, and it took only 20 minutes to restore it. The only problem is that any comment made during the 10 hours from my latest backup to 00:50 AM was lost, so was my latest design article (but I republished it).
Well, I have checked every single line of code, looking for any points where an attacker would be able to run an SQL injection hack. I must admit that I was a bit surprised that it happened in the first place, because my database system "should" prevent it by default. My CMS system have a built in protection module specifically to prevent this sort of thing.
In my search I found 2 spots that did not use this protection module. Both have been fixed, and everything is back to normal.
SQL injection hacks are currently flooding the web, and according to the "professionals" it will get a lot worse in the years to come. So...
And if your website does get infected, you need to do 5 things (in this order):
I must admit that I start to dream about the good old days, when you could make a website and not have to worry about these things.
In this year alone I have been the victim of identity theft, spammers using my email address as the sender, and now SQL injection hacks.
The amount of work we, web developers, have to do besides making the site is growing in size and complexity. You are no longer able to "just make a website", because you have to incorporate so many things just to be safe from harm.
Full access for... $9 per month
Full access for... $99 per year
Join 'The Weekly Update' to get an email every Friday afternoon with the latest from Baekdal + noteworthy articles from around the web.
What the shift in media is really all about.
Free for subscribers
$8.79 on Amazon
It is not about creating a shop in a tab. It is about turning communication into sale.
Free for subscribers
$7.58 on Amazon