Well, it finally happened.

After 12 years of being in service, Jumpseatnews was finally hacked.

Sometime last night I noticed that the articles and pages were off. The news headlines had an extra gap underneath them. Also, I noticed there was an extra large gap toward the bottom of all pages and a slight shift of the logo at the top. Weird.

At first I thought it was my web browser. I didn't think anything of it and went to sleep. I was exhausted anyway after writing this article.

Then, after a strong cup of coffee this morning, I took another look at the site and realized something was amiss.

I have special web development tools and one of those tools has the ability to remove all design elements and background colors from a webpage so that you only see the bare content. It strips all design away so that you only view the information stored in the article database.

First, here is what the page look like before the styles were removed:

Here's what the page look like after I removed all the styles and was able to view the content as it was coming directly from the database:

See the problem? There are several links to purchase ‘quick personal loans’!

In addition, they also appeared at the very top of the page which is the #1 most prominent position and location to be indexed by Google. The hacker who did this wrote some additional code to make these spam links disappear when displayed on the page. Their intention was never for you or I to see them. Rather, their intention was for search engines such as Google to find them on the page and consider Jumpseatnews as deeming those websites important enough to link to prominently.  And they did this to every single page and article on this web site.

Since Google visits your website in the same manner as a blind person, it doesn't matter whether or not the text actually is seen by humans on the page – as long as it is there in the code Google will see it and consider it the same as if it were displayed all over the page.

The next question was: where was this crap coming from? I found that answer quite easily when I looked at the article database for Jumpseatnews:

After the hack attempt, it looked like this:

As you can see, they added all this extra junk and code to make those links hidden and display all over the Jumpseatnews pages.

Now that I've found out what they did when they hacked the site, I needed to find out how exactly they were able to get in. After a little more investigation I determined that they used a brute password hack attempt via automated software to try every possible password combination millions of times until they were able to access the article database. Needless to say, I have changed all the passwords, locked it up like Fort Knox, and will simply have to change passwords every few days.

Oh, and by the way.  Jumpseatnews used to be #1 in Google for 'Flight Attendant Resources', 'United Airlines Flight Attendant Resources', etc.  As of this morning, it's completely dropped off of all search results.  This is because Google already assumed that we are trying to actually spam users and here's the actual results as shown in a Google Search:

Twelve years of spotless #1 Google search ranking down the tubes.  Oh well...

Lesson learned. No website or electronic resource is safe. Make sure you use complex passwords and change them often. It's a hassle, but trust me, this can and does happen---and now I have a fairly big mess to clean up.

Christopher