Kim Roach's website got hacked! Is nobody safe?

Never seen her site, but I'm guessing it was built on wordpress.


Just a wild guess. =]

Wow that is nasty for sure and yeah I can see that her site is down. If it's down for too long it could be a problem in terms of existing content remaining in Google etc. unless she has backed things up sufficiently of course.

There seems to be a bit of confusion here, this seems to be a registrar hack rather then a website hack. Anyway, that's pretty scary as someone must have got her registrar login details.

Thanks for the heads up OP!

I will agree that even if you changed your password regularly, someone can still hack the site. These guys can enter goverment sites which has probably the hardest codes to break. Solution...Back up files and upload them again.

If the Pentagon can be hacked, anything can...

Nothing is hack proof, but I would recommend you do is go to https://api.wordpress.org/secret-key/1.1/salt/ and genrate some salt strings and use those as passwords.

Example:

Wow, nasty. Security is important!!

I learnt this lesson back in 2007. Thought no hacker could touch me, WRONG!, they are out there people, and My opinion is hackers are always one step ahead, so u have to just TRY to stay 1 step ahead of them, change passwords, host passwords and do it every month, as they have brute force software these guys, and can steal lots of your details and then do whatever they wish.

Scary!

This made me log in to make hosting account and make sure everything is ok. I get minor hack attacks every now and then so this will definitely make me secure the walls better around my domains!

All you have to do is get into enom for her account and start aprove a transfer. That is one reason not to use one same username/password, the way people get it they have something with account then try to use that one form the back office to log into your other accounts.

Security is great and all, but I'm going to echo what everyone else really has: your website can always be hacked.

Sure, good security can keep a newbie hacker from getting into your website, and you might even be able to stop a professional hacker from stealing your information.

However, if a large hacking organization wants your website down or defaced, then they'll do it. Social engineering, brute force attacks and infiltrating ports and servers will work if done enough. Pros know how to get into any website.

Burger King (their Twitter account was hacked last week), FBI, Pentagon, state departments and so on. They've all been hacked at least once. If you know how to talk to computers, then you can make servers sing.

Yep, happened to me only a month ago. It was lucky for me I had regularly been backing up daily and was able to restore files and database.

In my case it was a malware on my computer. Running regular virus scans and malwarebytes helps and going with what others have said with regards regular password changes was advised by hostgator, who really helped me out of my sticky situation.

But like everyone else says, if they want to hack they will hack!

Lock your domains, folks.

Couple of options for those who are interested in Wordpress site security.

First you can use the Limit Login Attempts plugin (Free). It blocks brute force attacks by locking people out after a preset number of attempts.

Second you can search for WP Hack Alert, which is a WSO on this forum (and very inexpensive). It is a plugin that tells you when someone is messing with your site. Gives you the chance to do something about it, or find out before your customers do (and see that ugly image the hackers put there).

Also, always, always change your user name from "admin"--delete that account--and make your password something nobody would ever guess.

Even doing this won't help sometimes. I had a site hacked in through a wiki plugin! The intention was for people to create their own logins and content (approved by me, of course)--imagine my surprise when someone was sending hundreds of emails an hour through the plugin! The hosting company shut the account down and I had to restore the site...without the plugin.

So it's not always the front door that the hacker gets in by. But something like Hack Alert would tell that code had been changed, and let you know.

Yes, no one is safe.

Even Apple just reported they'd been hacked.

Major retailers have been hacked and thieves got access to millions of credit cards. My mother got a letter because her card may have been compromised.

Hackers are out there hacking all the time.

Namecheap account was hacked? Wordpress needs more security! :rolleyes:

That sucks. That's why I like the registrars that ask security questions that you must answer whenever you make a significant change to any domain you own. Of course if they compromise even that you can't do anything about it, but I bet it was just her PW that got compromised so just another level of security could have saved her.

Ever since I installed a Wordpress security plugin, I've noticed people trying to hack into my site from every corner of the Earth. The hackers are definitely busy which is why you need to take every precaution possible.

That's crazy. Makes me want to update my password right now. Kim i hope your site gets back safe and into order soon.

maybe it was the "anonymous" that hit him. i dont know about them but I think they can hack anyone, anything on the net. they are that smart. for sure no one is safe. the anonymous can even hack government sites, how much more just an ordinary site. but this is what you should think, why would they even waste their time hacking your site? :p if they want to hack something rich, then they would hack a bank. see my point?

WOW, first time i'm hearing this hacker attacks on domain registrar. before i was throught hackers can only access to website databases and public_html directory.

Ouch!!!! that's not good. Having to constantly update wordpress version etc is one thing but I'd never think of my registrar account getting hacked!!

It just goes to show that no site is invincible to getting hacked and such. Hopefully everything turns out alright

When it comes to registrar hacks there really is nothing YOU personally can do about it apart from picking the right company but even the best systems have loop wholes.

When i had my own private server i got over 2Million infiltration attempts every day from the far east (Mainly china). There is definitely a cyber war going on at all times. Just stay vigilant change the things you have control over watch the things you have no control over even more carefully

Yes I got that email this morning and it just shows what can happen. She is fortunate to have found out about it so quickly. It shows that you have to be constantly aware that you need tight security but I also have to agree that if they can hack the FBI - they can hack site.

My site got hacked too and I think I still may be suffering due to it, lol. Well, someone hacked into my primary WP blog's FTP, inserted some odd code somewhere that showed random pharma & adult links on every page ONLY to Google bot's user agent (so it was invisible to myself & other normal viewers). My rankings had been falling down and I had no idea why. Once I happened to check google's cached page of my site and I was like, wtf are these links? Took a good deal of time to figure it out and delete that piece of code.

Security's definitely important. Just as big corporate towers have well-paid guards, we gotta have a premium internet security firewall & antivirus, along with website protections.

Come to think of it, I remember this last year...

GoDaddy: thousands of websites down after domain registrar hacked | Technology | guardian.co.uk

I stand corrected. Thanks for the clarification.

Nobody is safe. Change passwords often, back up everything, beef up security.

Wow - just wow! Is there no peace to be found in this world anymore?

Here is a word to the wise. I have noticed that people hack controversial web pages.

For example, no one hacks a site on acne cures. However, a site that sells UFO videos gets hacked every year. Well, you get hackers that post things like - There is no UFO and you are crazy. Basically, not all hackers are motivated by money. Actually many hackers are a frustrated 13 year old that have nothing better to do with their time than post nasty comments on you tube and deface using obscene language your web pages.

Stolen or hacked, this isn't cool anymore.

What could be safest and securest thing in

anyone's site isn't safe. Better be cautious

and really keep a back up on the files...


the only thing secure is my chocolate on

the fridge... wait? did my someone took

that too... oh nooh!!!

Another thing I forgot to point out earlier. I noticed that Kim doesn't use privacy registration. I'm not sure if in her case her email was hacked to obtain the domain, but this makes it easier for the hacker as they can see your email associated with the account.

I always use privacy protection for this reason, in addition to avoiding spam.

It is very important to keep all scripts running on server updated and to set all permissions on files correctly. It is also mandatory to have well written .htaccess and robots.txt files.

Hackers gonna hack !

every platform seems to get hacked. I suppose the future is encrypted passwords.

Kim Roach's Buzz blogger is one of my favourite blog. Sad it hacked. But today she set up a new blog. You can check it here mytrafficmentor.com

Still with great quality of traffic information

I recently found a plugin to backup to dropbox daily - Been using it on all my sites ever since. Can't recommend it enough. You never know you'll need to backup until it's too late.

It's always best to change your passwords on a monthly basis, if not sooner. Having daily backups of your site is also essential, especially if your running a blog or a forum where new content will be up each day.

Everything can be hacked. As long as it is related to computer. You can say no one is safe, but you can be safe by just adding security. Not just 100% though.