Who knew I was so important in the international community? That’s the only logical explanation for why my site was hacked a couple days ago. Someone from Japan considers this site important enough to break into for his or her own illicit purposes. Since I don’t speak or read Japanese (and the Google translation pages don’t work), I can only guess what they wanted to do. What happened?
It started innocuously enough with an email. Google Search Console alerted me that a new owner was added to my site. Red flags! I broke out my internet shovel and started digging. Somehow this user found a way to drop a random html file and new sitemap into my GoDaddy-hosted account’s root folder. They then used that file to verify their profile as a site owner in my Google Search Console account. A quick search detailed my next steps. If the file existed in my site’s root folder, delete the file and unverify the account. Easy enough… or was it? I deleted the file, but the unverify function wasn’t working. After more than an hour, Google Search Console still thought it existed. Another search result said it could take awhile before Google would acknowledge the file’s deletion. Fine, I waited.
Meanwhile, I spent a good hour with GoDaddy’s tech support trying to ascertain how it all happened. Their expert opinion was that I was compromised. Well, duh! That’s why I was contacting them. What they couldn’t tell me was the traffic’s origin when the files appeared. The only thing I could do was restore my site files from backup. Of course, all applicable passwords are now updated. I believe I caught everything early enough to avoid serious harm. Still, I can’t help feeling violated.