“Malware has no chance” - Sucuri. Bold and bright red, these words sit afoot the home page of TheStompBox.net as a brazen memorial to the events that led up to their placement.
Alex Alexander is founder and owner of TheStompBox.net which is an online community for “Unbridled Guitar Gear Enthusiasm.” For the better part of 10 years Alex had no cause to believe that anyone would want to maliciously attack his forum and its visitors; nor to deceitfully leverage his community’s traffic for their own questionable proclivities. Given the friendly, creative, and communal nature of the website, such a breach would seem unlikely… until it wasn’t. Mr. Alexander invested much time and dedication to building such a community and came uncomfortably close to losing it.
Rearranged forum pages were the initial giveaway. It was, at minimum, a nuisance, but Alex would learn the true gravity of the infection in the weeks and months to come. Seeing only the initial, surface signs of Internet pestilence, he did what anyone technically savvy and concerned site owner would do when faced with such a situation. He invested his time, and corrected everything that had been altered. He changed passwords and restored the breached areas, and he moved on.
I thought we were in the clear. Well, the exact same hacker hit us again a few weeks later. The same exact symptoms - a few pages were replaced with propaganda.
In lucky cases, such recourse would be sufficient, and it’s commendable to try. However, all that time and work would prove futile. He was hacked again. Another breach, another defacing, another uneasy chill. Alex accepted that he would not play victim, but continue moving forward. The hackers would not get the best of him or his community. After cleaning up the mess a second time, Alexander carried on with notable caution; the uneasiness still with him.
Then it happened. The wake up call and moment of truth that both haunts and helps. The magnitude of the situation was understandably difficult to receive. Alex was contacted by his ISP, who notified him of some eyebrow-raising activity on his account. He was taken aback.
My ISP contacted me saying there was a huge amount of spam being generated from our site. They alerted me to the script that was causing it. I removed the offending files and directory, changed passwords, and started watching things much closer. I also got an SSL Certificate and setup the site to always run via HTTPS.
Alex is no amateur, and took steps to resolve the situation. Unfortunately, the story does not end there. He was contacted about a week later. Same story. Same spam. However, in an unforeseen plot twist, the script’s location had changed.
My ISP warned me that they were going to have to completely shut us down if I couldn't clean things up properly.
The site is nearly ten years old, and I was alarmed that all our hard work could be for naught with the stroke of a delete key - if I couldn't get this taken care of quickly. The trouble is, I had absolutely no idea what to do to confidently and completely clean and secure our site. No matter what I tried, issues kept popping up. My ISP recommended I take a look at Sucuri's services. That's when everything changed.
Admittedly lost and on the brink of losing years worth of valuable community insights, Alex wasted no time in getting Sucuri involved.
Sucuri cleaned TheStompBox.net. Several instances of malware were discovered on the site, cloaked in a guise of legitimacy. The malware was removed and order restored. Then, again, the malware resurfaced. This time Sucuri was watching and the monitoring service caught the activity and notified Alex immediately. He then contacted Sucuri support and it was cleaned.
On the surface, many of these files looked like legitimate source code, I couldn't tell the difference without a lot of mind-numbing effort. I thought I was out of the woods! Turns out, the malware infection was a lot worse than we thought.
Due to the extent of the infection, the Sucuri monitoring service continued to identify malware following the multiple site cleanups which were all included with the Antivirus/Monitoring service. Alex decided it was time to explore even more options to ensure this issue was holistically addressed. He states,
It didn't take very long before it became clear that I needed to be preventative and proactive rather than merely reactive. I decided to get setup with their Firewall service (CloudProxy) for SSL. Trust me, it's better to never get hit by hackers than have to constantly clean up after them (a futile exercise). After I gave Sucuri all the necessary info, they literally took care of EVERYTHING including setup, configuration, and verification (we needed the SSL version of the firewall service, so it was a little more involved). The team was professional and courteous throughout the whole process. Once the site was running with the monitoring/cleaning service and behind the firewall (a completely seamless process, by the way), the Sucuri team found the last of the remaining malware and cleaned it up.
Everything Sucuri said would be done, was done. After receiving the necessary information from Alex, the firewall was completely set up on his behalf as it was more complex due to the SSL needs.
As a community moderator, Alex cares about keeping his users safe and encourages other webmasters to seriously consider website security. Viruses and web spam are largely distributed through websites - and infections can hide for months!
If anyone is wrestling with the aftermath of hackers and malware, and wondering what to do to take care of it once and for all... I can confidently - no, enthusiastically - recommend Sucuri's Antivirus/Firewall services. Sucuri is a great turn-key security solution.
As a result of his experience, Alex Alexander has become an evangelist for Sucuri services. With a complete security package, he has peace of mind knowing his forum is protected and he’ll be alerted to any issues. Best of all, he won’t have to waste time investigating and resolving any detected issues, so he can get back to running his awesome community and wailing on the guitar.