I KNOW you think that, because I thought that too - until I got hacked myself.
I have built websites in my spare time for a good while now and am pretty happy with my HTML and CSS skills. After a few websites I had hand-coded and lovingly uploaded to my web hosts of choice I decided to try something new - something popular and elegant.
The next stage in my site-crafting was to use a content management system and start to create dynamic webpages. I played with a few like Joomla, Wordpress etc. then settled on one and got settled in with some basic PHP and soon I had started converting all my sites to dynamic sites, which the site owners could then update themselves using the CMS.
And then it happened! One day I tried to access one of my sites only to find the pages replaced with a dark and ugly message telling me that my site had been hacked by the greatest website defacer in [whichever country - I don't recall]. I was a sickening feeling - all my hard work was no longer on view, and for all I knew I may be locked out forever. Why couldn't I access the pages and remove the offensive article? I checked my other sites - all had been hit at the same time. All were down and grafitti-ed with the rude message.
It did make me feel very uncomfortable. I didn't know anything about hacking, and had no real clue as to how this could have occurred. In fact that was the worst part! I have always had a desire to know how and why for everything. It's how I trust things, how I understand things. Seeing a piece of tech and not understanding how or why it works makes it seem like magic. But delve into the details and you can unveil the wonders of inventiveness and creativity in the designers, and ways to make things better, or last longer, or be cheaper.
Not knowing how or why I had been targeted was horrible. It made me feel unsafe. I changed my passwords for everything: web hosting, email, online shops, social networks, wifi router, computers, network file storage. I was paranoid. I didn't sleep well that night.
As my web hosts helped me restore my sites and advised me on password security, and as my online identity remained unattacked my confidence slowly returned.
And my interest level rose...
I decided this was the time to start learning how to stay really safe online - to find out how and why I got hacked.
And also, to find out how I could stop these things from happening again.
My journey of discovery:
Since I am a child of the Google generation the hours immediately after being hacked were spend querying the web for clues about what had happened to me and looking for similar situations, which might give me a clue as to what I should do next.My initial fumblings around took me to many blogs, forums and answers pages. The information I gleaned was a mixture of idiotic, sensible, bewildering, mysterious and intriguing.
I found a multitude of detailed sets of instructions about recovering from a hack, and also the invaluable information about preventing hacks in the first place - from strong passwords to plugins, automated site monitoring tools, and general common-sense tips.
But the bits I didn't really understand were what really peaked my interest.
The bits about learning the how and why of hacking.
The bits that pointed me towards the forums of the white-hats - professionals who are legally employed to attempt to access people's sites in order to assess how strong their security is, and advise them how to make it even more secure. The penetration testers.
If you know me you'll know that when something technical grabs my interest then I will read, search, find, digest, inhale and infuse all the facts I can until I feel I have reached the point of satisfaction.
I have not reached the end of learning in this subject. It is a sprawling, confusing, but ultimately satisfying area, with as many facets as you could wish for, and no hope of ever becoming n expert in them all. With that in mind I have sought to become a generalist - someone who knows at least the basics in as wide a range of these arms of the computer security umbrella, and someone who can use this as usefully as possible to help protect myself, those I love, and a wider audience through this blog.
What I have learnt has changed the way I use the web, the way I create webpages, the way I am as a person. Security is a lifestyle, but one which we are all going to need to learn about in some small way as our lives become (whether by our choice or not) increasingly online.
Why did I get hacked? Part 2: why me? will arrive soon...
No comments:
Post a Comment