You might have noticed that we had to take the site down for a little over 24 hours. So what exactly happened?
First of all, let us take the opportunity to thank everybody for the emails, texts, phone calls and DM's from our readers asking what had gone wrong. We really appreciate the very warm response we had to our outage.
So why exactly did FCP.co go offline?
When a site grows to a particular size, it becomes attractive to people who either want to gain entry to the back end of the site for a 'trophy hack' or (and this is much worse) harness the power of your server to do naughty things on the internet. By that we don't mean hosting dodgy pictures, but have you ever wondered where all that spam gets sent from?
So we got hacked.
This is not the first time either and it is just par for the course when running a successful website. The previous attack was a particularly nasty one that happened on New Year's Eve 2012. In that hack, every PHP file had obfuscated code added that caused the redirection of traffic to another site when clicking on a social media link or embed. So just delete the extra code we hear you say? Well, that wouldn't have been a problem except for the fact that there were over 36,000 PHP files on the server!
We have a very good hosting company and a quick restore from a twice daily off-server backup fixed that one.
Sunday's attack was slightly different. This time new files were placed on the server which caused the machine to act as a bot under somebody else's control. The hosting company (quite rightly) immediately took the server offline which meant the 404 page that everybody saw in their browsers for the last 24 hours. As all the HTML was disabled, we couldn't even put a 'sorry we are offline' page up!
To get the site back, our web programmer had to go through all the files looking for rogue code and things that shouldn't be there. Although there are tools that make this job easier, it still takes time and thankfully, just over 24 hours from the outage we were back online.
FCP.co has grown over the three and a half years of its life. We have steadily growing traffic with currently over 150,000 unique visitors a month, or if your prefer, nearly a million and a half unique visitors in the last year.
Let's just repeat that if any prospective advertisers are out there, nearly a million and a half unique visitors in the last year!
To run FCP.co properly, we have a beefy 2U server sitting in the rack at our hosting company. It has been upgraded three times and has a 5 drive SAS RAID attached. The goal is to get pages from our CMS to load as fast as they can, for that you need the CPU power.
Thus, this internet connected beast becomes a target for hackers. Never mind somebody's PC at home, left unchecked, our server is capable of spewing out herbal viagra and weight loss emails in alarming volumes.
That's why we had to go offline.
So, back to normal? Almost. There might be a reoccurrence of the hack and the site might temporarily go offline for software upgrades. We will try to keep the disruption to a minimum. Was any user data compromised? We don't think so as our site doesn't ask for credit cards so the data has limited worth. It would be good practice to change your user password.
Now the news catchup begins!