Gratitude

“Thankfulness is the beginning of gratitude. Gratitude is the completion of thankfulness. Thankfulness may consist merely of words. Gratitude is shown in acts.” ― Henri Frederic Amiel

Thank you to each and every person who chose to support Write Now Newsletter during the hacking mess. The site is up and running and hopefully we’re moving past this hard time.

If you haven’t had a chance to support the newsletter, there’s no time limit! The donation link on this page takes you to Paypal where you can pay with a credit card, bank account, or Paypal balance. If you prefer to send a check, just email me and I’ll be happy to send you my snail mail address. Checks still work!

Thanks again for your generosity. We’ve received around $1,000 which puts a nice dent in the huge bill we’ve had for repairing and securing the website.

You folks are the best!

Please Support “Write Now Newsletter”

“We make a living by what we get, but we make a life by what we give.” – Winston Churchill

I hate to ask for money. I cannot remember a time in the fourteen year history of Write Now Newsletter when I directly asked. The newsletter has been my community service, a gift to central Ohio writers since January 2003.

There have always been expenses. I pay for faster internet, jangomail email distribution at $25 a month, site hosting (about $100 a year) and the domain name ($11.99 a year). These costs add up, but I was always able to pay them.

Then my site got hacked.

Fixing it has been astronomically expensive and time-consuming. Here’s a short list of the least costly items we implemented: website firewall and security monitoring system for $199 a year, new web host for an additional $100 this year, moving four related web domains for $50 a year, plus a virtual private network for $39.95 a year.

But I’m not tech savvy. So when I say “we,” I mean my web person. As a consequence, the biggest expense was the incredible amount of time this very well-trained, extremely professional, uber-responsive woman spent investigating what happened, removing all sorts of malware and malicious coding, recovering my data, and getting the site back on its feet.

How much time you ask? SEVENTY-EIGHT HOURS! And I know she did this because we communicated while she worked. The bill was $7,800 including a discounted hourly rate and hours she didn’t bill at all.

It was an awful hack.

If you enjoy receiving the newsletter, please support it by clicking this link. This unusual situation demanded drastic measures which resulted in huge, one-time expenses. I won’t hold out a hat again any time soon. But I am now. A virtual hat.

The link takes you to paypal which allows you to use a credit card or pay from your checking account. You don’t need a paypal account to use it. If you would rather mail a check, email me at nita@nitasweeney.com and I will happily send you my snail mail address. I’m too paranoid to post my address anywhere on-line. It had been on my site, but we took it down.

I value each and every one of you whether you support the newsletter or not. But if you can, I would truly appreciate it.

How Not to Get Hacked

“Good advice is usually given by someone who was once a bad example.” ― Ljupka Cvetanova

As I explained in last month’s blog post, my website was hacked. Someone accessed my WordPress dashboard, began running some kind of storefront out of a secret page they had created on my site, sent fraudulent emails (a Nigerian Prince announcing your lottery winnings perhaps), and nearly crashed my site.

Since this happened, I’ve learned more about internet security than I ever wanted. Posts and articles about computer security had been warning me to take note for years. My computer guru had warned me. I failed to heed. Here’s a list of things to help you learn from my mistakes.

1. Don’t think you’re too small: I thought since I was just a little writer in central Ohio, no big deal, I was immune. But hackers aren’t looking for the next big deal. They don’t necessarily want to take down the New York Times website. They may just want your internet real estate. Or they may just want to brag to their friends that they hacked a site. It’s unlikely the hackers targeted my site specifically. Rather, they found a site (that just happened to be mine) with vulnerabilities they could exploit. That’s what they were looking for.

2. Don’t forget to change your password: While we can’t be certain, this was most likely the point of entry. I’d had the same password since 2005. Yes. The same password “protecting” my website files for twelve years. This was a thing my guru mentioned, but which I ignored. Falling victim to my faulty thinking of number one above, I thought I was too small to be worried. My website hid nothing top secret or financially interesting. No one wanted my website, right? Wrong.

3. Don’t choose a crappy password: Not only was my password old, it was lame. It included sequential numbers and was an abbreviation so easy to guess I’m ashamed to tell you what it was. And I’d used it on many different sites. Again, I just thought I was a nobody over here in the Midwest. Now my passwords are long and complex.

4. Get https: The next thing my computer guru did after we changed my passwords was to obtain an “SSL certificate” to make my site Hypertext Transfer Protocol Secure (HTTPS). This provides encrypted communication with and secure identification of a web server. In layman’s terms, it makes my site more secure.

5. Get Google Authenticator: Because of the extent of the hack and the number of attempts to access my site, we added a third layer of security. Google Authenticator is an app that links to your website. Once you install it, you will need not only a username and password to log into your site, but also a numeric code generated on your phone. It was relatively simple to install and as soon as we did that, bam! The attacks stopped.

6. Keep tabs on your website host: I’d used the same hosting company for many years, but was unaware this small company been sold recently to a much larger company. I cannot be certain, but I have reason to believe their servers were hacked. When asked about it, the web host said any hacks were my fault. Okay. I admit my mistakes for my site, but not for their servers. That’s on them. So my computer guru and I quickly changed hosts. Not fun at all, but that too made an immediate difference in the number of successful hacks.

7. Don’t access your site on public wifi: I love to write in different locations. It turns out that hackers love these locations as well. They have tools that can pluck your passwords right out of thin air! While I can still hang out at the local coffee shop, even if the coffeeshop wifi is password protected, I won’t use it to access my site. Instead, I’ll get my own wifi “hotspot” from my cell phone company.

8. Check your home router: Wordfence, a security installation for WordPress sites like mine, recently published a post showing how tens of thousands of hacked home routers are attacking WordPress websites. They also provided a tool to let you check your home router.

After my website guru spent days and days doing the equivalent of hosing down my site and tidying the mess, we took the above steps to lock down security. I’m not a security expert so I’m sure there are many more layers of which I’m unaware, but I hope this list will help you avoid being hacked in the first place.

NITA SWEENEY is a writer, creative writing teacher, and editor of Write Now Newsletter. She lives in central Ohio. Follow her on Facebook! Subscribe here to the monthly newsletter!

The Things We Cannot Change

“Grant me the serenity to accept the things I cannot change/Courage to change the things I can/And wisdom to know the difference.” – Reinhold Niebuhr

Write Now Newsletter, the email monthly listing of central Ohio writing events I publish, is late this month. I’m very sorry. It usually goes out on the third and takes appropriately three days to prepare. I spent most of those three days plus two more in bed with an “unspecified viral infection” aka a really really really bad cold resulting in a hacking cough, sore throat, chills, nasty nasal congestion, a screaming headache, and a fever that made my eyes blurry. (The urgent care doctor ruled out influenza types A and B as well as strep throat even though I thought I was dying.) After four days in bed, tonight I finally took a shower and thought I was ready to finish the newsletter.

That’s when I discovered my website had been hacked.

I’d had a hint something was amiss last Friday when my page went blank for a few hours, but the company that hosts my site said the server had been down and the site came back up looking fine so I wrote it off. But tonight when I tried to log in and post the updated listing of writing events, the dashboard was not functional. Someone (not me and not anyone authorized by me) had been very busy behind the scenes.

Thankfully my trusty web person (and lovely individual) was awake and at her phone. She spent several hours undoing the hacks, setting up more security measures, and translating logs to help me understand what happened. She believes it was random, nothing personal, but it was complicated to undo.

So again, my apologies to my newsletter subscribers (over 1,800 of you!) for the delay. Thankfully I don’t house any email information on that site so none of you are at risk. I hope you find things working properly when you visit.

And with that, I shall go back to bed.

NITA SWEENEY is a writer, creative writing teacher, and editor of Write Now Newsletter. She lives in central Ohio. Follow her on Facebook! Subscribe here to the monthly newsletter!

Verified by MonsterInsights