I got hacked. During my book tour. Yeah. It sucked.

I’m a web designer and I love dabbling in code, but I’m far from a developer. In the past, I’ve managed to avoid any serious web security issues… and then my last week hit me like a train.

It started on a website I recently rebuilt. I breathed life back into this passion project, so when I had to write a bio, I thought I’d link to it.

That was the first time I realised there was a malicious redirect on the domain.

Okay, fine. I’m not really *using* the site, so I reported it and went about my business.

I’ve had experiences in the past when I get something similar, report it to the host, they recommend a security firm, I ignore it, they send me the list of infected files, and I put aside some time to do cleanup, get my site back online, and move on with my life.

But after the hack on a “passion project” site that I didn’t see as urgent, it soon cross-contaminated all the other sites on my hosting account… 7 of them, in total. Didn’t know that could happen? Well, it could. It did.

…Including this site, my beloved, beautiful author website that is the central hub of my writing life.

The cost of doing business

I started cleanup… and spent at least 4 days trying my best, but it was too much. I eventually called it quits and threw in the towel. After 10 years of avoiding it… I rolled over and said “OK” to the security company. I chalked it up to the cost of doing business.

So now I’m roped in forever and ever, amen.

Side note: I’m pretty sure the security company has an entire department dedicated to destroying sites so that they can then swoop in and be the saviour… but anyway, the fact is: I got hacked.

So after handing over the funds, I spent the next 24 hours on pins and needles, contacting customer support for both my host and the security partner at least 20-30 times in total via phone, email and online chat systems.

After the scan and repair were complete, the security company reported that over 20,000 files across all my sites were infected.

Probably for the best that I didn’t do a manual clean myself… I would have no hair left!

So after I ponied up the dough, my sites were back up within a day. Phew. And then… it happened again — the very next day!!! What??? Apparently this particular hack has a high reinfection rate.

I’m still waiting on them to tie up some loose ends and install some firewalls, but at least — at long last, all my sites are back up for the moment.

The problem?

It happened at the worst time possible. My book was on tour.

The Nature of the Hack

For my book tour, I had loads of promo posts linking to my website… a website that, when loaded during the malware hack, redirected about 10 times to weird URLS, threw up robot images, and then flung out code saying “winner!” with javascript pop-ups. Good Lord. It was a throwback to the 90s era of websites. It was… horrendous.

But the fact is, because I had been cheap for 10+ years, a hack crushed my book tour, not to mention my soul.

I admit my websites haven’t really made me a lot of money, but they are still valuable to me. And this hack happened at a point in time when it was VERY valuable to me!

I don’t know what it is about the naive mindset of someone who “just puts up a website” or has “hobby” sites online.

We assume that we are “small fries” that no one would target, but just like any other malicious person whether in real life or online: all they need is the opportunity.

Your site could be worth nothing to anyone, but once there is a vulnerability, it can be exploited. Just for fun. People really are THAT evil.

Gotta “Burn to Learn”?

I should mention that in 2009, during the last week of my Master’s dissertation while my computer never turned off as I raced to the finish line of the deadline, my Mac finally called it quits. I wept and fell to my knees over a project I had bled for. Thankfully I still pulled off a good grade, but oh… the HORROR!

I should also mention that in 2018, it also took me another severe laptop crash and losing a huge chunk of files, for me to agree to the monthly iCloud charge I still pay that I literally don’t feel — it’s a few bucks. If I don’t look at my credit card bill, I forget I even pay it.

Yeah. I’m that person. Gotta burn to learn!

It doesn’t hurt you, until it happens to you.

As an author, I certainly learnt it with all my work-in-progress files… I have a zillion emails of files I’ve emailed to myself, just to make sure there is always a copy!

I’ve learnt my lesson, trust me.

As much as I hate being held hostage by the security company, it is worth it, to have the peace of mind.

And to all my fellow writers out there, working on your book babies or managing your online sites… please, please, please learn from my mistakes and just spend the damn money upfront!