Have I been hacked?

(To read El Gringo Feo’s Costa Rica Diary from the beginning, start here.)

Tuesday, September 18

I sent a friend a link to this blog on Sunday. He responded within a few hours.

“I tried the link but somehow got a text file downloaded to my computer. Do you mind sending me the link again?”

At first, I thought I’d copied the link incorrectly. But when I tried to call up the site on my phone, a screen came up showing a text file to download. That’s not what should be happening. I systematically started trying all the other sites I host.

Same message.

I instantly feared I’d been hacked. That happened once before, when some script kiddies from the Middle East gained access after I’d failed to update my WordPress installs quickly enough. WordPress pushes frequent updates to add functionality and repair potential vulnerabilities. The script kiddies watch for those, knowing many users don’t do the updates quickly, if at all. The vulnerability then becomes a revolving door for mischief and mayhem. When I was hacked, they just graffitied my home page with something in Arabic and an Iraqi flag. It was pretty easy to undo. Now I update WordPress within 24 hours of a new version release.

I went up to the Treehouse and switched to my computer. I couldn’t even see the content of the sites when I tried to view them via an FTP client or CPANEL. At this point, the adrenaline was surging while the fear of a malicious hack ricocheted around in my mind. The text file appeared to be innocuous enough. It was basically a comments section in PHP code indicating where the WordPress theme should load, etc.

So I sent a panicked note to my ISP, Hosting Matters.

I’m having major problems with my sites. All appear to have disappeared. I can’t even open a support ticket via your site. Affected sites include:

www.opposable-thumbs.com

www.athensbikeandbrew.com

www.2ndhand.com

www.missoulasprinklers.com

And basically every other site I have. Not sure what’s going on. I can see some things via CPANEL, but when you try to access one of the sites it downloads a text file and that’s it. Is this a hack? Something else going on? Please respond ASAP.

As always, they responded quickly.

No, it isn’t a hack. It’s a byproduct of the PHP upgrade on the server and something in the .htaccess file under each one creating the issue. We’ll have to go through the ones under each domain and kill it.

Within 20 minutes, the sites were back online as if nothing had happened. I’m a big fan of Hosting Matters. They’ve always been responsive and helpful, even on a Sunday night at 11 p.m. Eastern time.

Deep breaths. Much calmer. Though I had to read a lot of Middlemarch and listen to myriad versions of “Sweet Jane” to come down off the adrenaline rush and go to sleep …