I just realized yesterday that my blog was hacked by some group. I don’t remember the name though. I don’t know when it was hacked but I was informed by Google via email yesterday night. Thanks Google!

I tried to log-in to the client area to open a support ticket but there was no account associated with my email. I frantically emailed my host via the official support email and found out someone (with my login credentials) changed the email associated with my account to my old Hotmail. I immediately thought of the security breach that happened earlier this month after I used TrueSwitch Hotmail.

In the state of panic, I login to ftp to check my files. Sure enough, all files were gone (apart from the index.php that the hackers placed) but luckily only ibnuasad.org was affected. The rest of my sites and database was untouched.

So I installed WordPress again and to my surprise, I could not login to the Admin Dasboard Panel. I checked my other sites and the same thing happened. I received a 503 Service Unavailable error upon login.

By this time, I can now login to the client area to submit a support ticket. It seems that the 503 error was a Server Side error. My web host replied:

Looks like there was an issue with that particular combination of Litespeed & PHP caused by a recent software update.

The affected software has been recompiled and your wordpress scripts should be working properly now.

Apart from some missing images, everything is back to normal. Luckily all my backups was on the cloud and this made recovery easier. If I hadn’t move my Image Gallery to the cloud (a few months ago), I would’ve lost years worth of irreplaceable photographs.

This shows how important backups are and always be prepared for attacks. I wasn’t sure it was an 0-Day exploit, session hijacking, or a lapse of judgement in my part but I’m glad everything was resolved within a day.

Thank you Ram Host for your support!