On April 27, H.C.Staff was hacked for the second time. Getting a hold of my FTP password, which I hadn’t changed in over a year, a malicious individual was able to attach scripts to the ends of my HTML files and WordPress templates, scripts which contained words not normally discussed outside of H-games. And folders containing HTML files with unmentionable names appeared in various web folders. Google got word of this and blacklisted my site, resulting in “This site may harm your computer” in Google, and “Reported attack site” in Firefox.
After changing my password, I was able to purge the web directory and database, and restore them both from backups. Then I submitted a request via Google Webmaster Tools to have my site removed from the blacklist. They confirmed the removal of the “badware”, and now Google and Firefox have stopped warning visitors.
Two posts were lost: the Tsumugi Love post, and the post about Magic the Gathering player Yuya Watanabe and his profession, light music (軽音楽, “keiongaku”, or “kei-on” for short.)
Hopefully the hacker doesn’t have the means to get my password again with a snap of the fingers. I tried to ask my webhost’s support about how a hacker could have gotten my password, but they weren’t of much help. The only information I got was from my CPanel web stats analyzer, and while there was information that pointed to the FTP use of the unauthorized party, there wasn’t any sign of SQL injection or other exploits. Of course, I may just be looking in the wrong places.
From now on I’ll back up more often and change my password more often, but I don’t know what else I can do.