Hit By Cybercrime
Charity Needs Website Downed By Attack

The Unsuspecting User or A Determined Criminal? (article cover)

At Charity Needs we’ve done our best to build up a glowing reputation, to help increase public awareness to the needs of any other voluntary sector organisations worldwide and to those listed on our website.
Every bit of detail you see on our website is provided voluntarily, nobody is paid and all the services we provide are free to enable voluntary organisations, charities and nonprofits, to get their messages, missions and campaigns out there…
Then along comes a hacker to send it all to pot. I wanted to use stronger language, but resisted, something a hacker won’t consider when targeting their criminal activities.
They hit us hard, really hard and ruined our respected online status… And then we got it back.

Article written by Jonathan Fleming.

I’m writing this article because I want the general public who do support, or are interested in supporting, voluntary sector organisations, as well as the trustees of those organisations, to be aware of the devastation that malware in a hacked site or spam infections can cause to a charity or nonprofit.
And I also want the public to help out by reporting any problems encountered when visiting a charity or nonprofit organisation’s website… here’s why.

Over the Christmas period of 2018 we thought our site was set and primed to take our generous and discerning public audience into the world of the nonprofit and charitable concerns. We expected that our audience was going to have time to read an article or two that we have written (charityneeds.com/articles), learn about new charitable campaigns and perhaps choose a cause to support for the first or nth time.
Basically we expected the grand festive holidays to be a time where people would be able to relax and crawl through our listings with high intentioned deliberation, but it wasn’t to be.

Unbeknown to us on dates starting from the 20th December 2018, our site was injected with traffic stealing scripts that, when activated, was able to redirect our fabulous audience to some unsuspecting site of products and goods for sale… At least that was the plan of the cybercriminal’ script, however, our bumbling hackers got the urls screwed up and our traffic was taken nowhere, literally. It made our site behave as though we didn’t exist online any longer. Their blunder caused their malicious scripts to produce a 500 error showing a page with a message similar to this:

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator and inform them of the time the error occurred, and the actions you performed just before this error.
More information about this error may be available in the server error log

Apache Server at charityneeds.com Port 80.

At work on cyber crime, though you would never know it.
Picture by: Andrew Neel for Unsplash.com

On the one hand we were glad the cybercriminals never got paid at our expense, or yours more to the point, but it did mean that we were not able to provide that awareness and publicity that we seek to offer the voluntary sector free of charge. For us this was a humongous blow. We let our listed charities down, we let our public down and we let ourselves down, however, we weren't going to dwell on that, far from it, we knuckled down and started to learn from it, and as a result, you will too.
This is a lesson that may one day be of great importance to help you or the organisation that you love to support to get out of a hole. By understanding the simple steps that we are going to teach you, you can get any web presence back on track and even more robust than before.

Before we start if you do ever see a page loaded with such a message on any charitable organisation’ site, report it, report it, report it. Charities and nonprofit organisations can least afford to be down on the net and administrators of these sites may not necessarily be abreast of what is going on over the public web space as was the case for us at CNF.
For two whole weeks we were unaware that there was a problem with our site either being redirected to some unscrupulous scam site or that there was any 500 Internal Server Error messages being loaded by our web pages.
One reason for this is because our site is currently static and hosted on a shared server and therefore we have no control over logging or being able to write functions that can catch such happenings (but we are working towards hosting on our own server and we will get to that shortly in this article).
The other reason was that even though over the whole festive period we were checking the site to ensure it was up and running OK, we were doing so from computers that had cached internet files on it, therefore we weren’t really getting the freshest page loads (we’ve since learned to use private browsing windows or tabs since they do not store cached versions of the page you browse. In Chrome it is known as Incognito found under File > New Incognito Window and in other browsers you’ll find it under File > New Private Window or something similar).
There is a third reason, and it was that this error was only showing up from any referred links such as a listing on a search engine (clicking a link from a Google search for example) or a link to us from another website. We weren’t checking on any referred links at all and perhaps would have taken a long time to find this out until someone said something to us as was the case (see footnote).
Without going into too much technical jargon and details, here is one line of defense that you can take or advise others of if you ever find your own site or the site of your favourite charity or nonprofit displaying messages such as ‘Internal Server Error’, ‘This Site May Be Hacked’ or similar...

Help For Hacked Sites: Step One — Overview
In this first step in Help for hacked sites, we discuss how and why sites are hacked, and review your options for recovery.
Video by: Google.com
We used a free tool provided by Google to go about fixing our problem and it is very easy to use and understand (no technical knowledge required for the basics). Try these steps to fix your website, even to test it for vulnerabilities. (More description and live links are in the footnotes at the end of this article — they will help you):
1. Register and verify your site in Google’s Search Console.
2. Sign in to Google’s Search Console and check the "Security Issues" section to see details of sample URLs that might be hacked. Fix the security issue that allowed your website to be infected. Otherwise, your site is likely to be reinfected.
3. Read Google’ resources for hacked sites page for detailed information on how to fix your website.
4. Request a review in the Security Issues section of Search Console when your entire website is clean and secure. After Google checks that your site is fixed, they will remove any display of a "This site may be hacked" message on their search links (if such was the case). Or your pages should be able to load without causing a 500 Internal Server Error message.
Follow these steps and you will be well on your way to having a tightly woven and validated website.
I really did write this article on the back of having learned these things first hand and in less than two hours completed the basics. Please understand these steps will help equally for prevention as they do for finding you a cure, so acquaint yourselves with this knowledge.

I wish we knew this stuff beforehand, it would have saved us a lot of grief and loss. So troubled by this was I, that I felt compelled to make the voluntary sector aware or a touch tech savvy, particularly as smaller organisations don’t have great technical expertise working for them on their websites.
In our case, to eliminate of the 500 Internal Server Error messages, we had to get rid of a .htacess file that was maliciously injected into our server (its an orchestration file basically and yes, that is a dot in front of the filename which basically tells the server to hide this file from public view), that and a bunch of other <named>.php scripts files that were being used to orchestrate the flow of traffic to different product selling scam sites. The purchase of those goods is how the cybercriminals would have got paid, but as mentioned, they blunderd it. Good, a small mercy I’m glad for.
You can help Charity Needs Foundation fight the cybercriminals by getting our site to the next level, this will help us tighten our security and therefore secure the presence of hundreds, even thousands of organisations when we get our site onto a server of our own, but we need funds. We desperately need your help and support to generate the funds to make this happen fast. All you have to do is drop a comfortable amount of funding on our secure PayPal account
We are only a short hop away from getting there, but with a great push from our discerning public, we can get our site secure, interactive and accessible to all voluntary sector organisations worldwide so that they may be able to promote awareness about their causes, missions and campaigns in a space and platform where everyone can see at a glance the reputable organisations they can potentially support or get involved with.
It is never a good time to get hacked, but being hacked and messed with over the grand festive holidays has got to be the worst, especially for voluntary sector organisations. For Charity Needs, it knocked us off of the top spot in our Google search listing for a time, but thanks to the tools we have directed you to, we got our position back saving us from having to start building our status all over again, a process that could have taken months.
That would have been particularly painful because practically everyone on the net uses a search engine to find the sites they want to go to, not by url, but by name only, therefore not being listed in any popular search engine is a death to site traffic. If your not listed people move on to what is.
Being at the top of the search engines listing is a very reputable place to be for numerous reasons, not least because it promotes good information, a clean functional site, frequency of updates and more. This accolade only makes your site a juicy target for cybercriminals so they can steal your audience to boost their less reputable web presence. Again, a particularly good reason for getting to know this key bit of knowledge and at least being able to start a search of your site for any vulnerabilities. Why not? It’s free, free because Google and any other service provider wants to protect their own servers and applications from this harmful stuff, so they all want to educate as many of us as they can.

Getting hacked is a painful experience, truly hurtful leaving your reputation in tatters, your ranking on the floor and your organisation at a standstill. After all, what good is a website if nobody can find it, right?
This is the kind of devastation cybercriminals cause, the public don’t deserve this, we didn’t deserve it and no organisation in the voluntary sector deserves such callous treatment, by mindless, unscrupulous, immoral individuals.
Please help us to help others, make a warm hearted donation and feel good that this year you have helped not one or two, but hundreds, even thousands of charitable organisations to be more visible to others who may provide help, support or more funding than they had access to before.
Hit the donate button at the end of this article or follow this link to our secure PayPal account or our donation information page
All the advice we have given you here had been learned just moments before a decision to write this article and publish it, but it has been most helpful in recovering our status and teaching us some valuable pointers. We hope it helps you too and even if you don’t have a problem like this just now, learning some of it for future reference will be of immeasurable value to you.
Lastly, can I say to any hacker or cybercriminal (whether you like that label or not), please don’t target publicly funded organisation such as charities and nonprofits, they provide services that one day you might want or need to rely on. It’s a fact of life that everyone of us will need to lean on somebody at some point in our lives, its a course of human nature, so the charitable individual or organisation whose site has just been brought down by such thoughtless behaviour, may just be the help you yourself will require right now or in the not too distant future.
We would much rather you contacted us and offered your skills as a voluntary service to help us secure our site and those of other voluntary sector organisations worldwide. We’ll even take you on a volunteer road trip to show you the valuable work that you could be doing to protect rather than harm. I assure you, your attitude will change for the better.
Nuff said, do the right thing, help not hinder!
Help for hacked sites: Step Two — Contact your host and build a support team
In this second step in Help for hacked sites, we discuss contacting your hoster for assistance, learning of reputable online resources, and weighing options to recover your hacked site.
Video by: Google.com

Help For Hacked Sites: Step Three — Quarantine Your Site
In this third step in Help for hacked sites, we discuss how to prevent the cybercriminal from causing further harm to your site or your site's visitors.
Video by: Google.com

Help For Hacked Sites: Step Four — Touch base with Webmaster Tools
In this fourth step in Help for hacked sites, we discuss verifying ownership of your site in Google Webmaster Tools to read the critical message (if any) from Google that will help you determine the next step in the recovery process.
Video by: Google.com

Help For Hacked Sites: Step Five (option 1) — Assess the damage (hacked with spam)
In this fifth step (option 1) in Help for hacked sites, we discuss spam techniques by hackers, how to investigate your site for spam, making a list of all affected files, and determining the hacker's intent.
Video by: Google.com

Help For Hacked Sites: Step Five (option 2) — Assess the damage (hacked with malware)
In this fifth step (option 2) in Help for hacked sites, we discuss safely investigating malware and making a list of all affected files on your site.
Video by: Google.com

Help For Hacked Sites: Step Five (option 3) — Assess the damage (File system damage assessment)
In this fifth step (option 3) in Help for hacked sites, the video discusses reviewing your server's filesystem for a thorough investigation of the hacker's damage.
Video by: Google.com

Help For Hacked Sites: Step Six — Identify The Vulnerability
In this sixth step in Help for hacked sites, we discuss determining the root-cause vulnerability that allowed the cybercriminal to hack your site.
Video by: Google.com

Help For Hacked Sites: Step Severn — Clean and Maintain Your Site
In this seventh step in Help for hacked sites, we discuss restoring the good content on your site, removing the bad content, correcting the vulnerability, and planning to maintain a secure site.
Video by: Google.com

Help For Hacked Sites: Step Eight — Request A Review
In this eighth step in Help for hacked sites, we discuss requesting a review through Google (and being approved!) so your site's pages are no longer flagged to users.
Video by: Google.com

Clean Getaway — Job Done Don’t let them get away with the good work that we do, help us fight it, donate today charityneeds.com/donate
Picture by: Andrew Neel for Unsplash.com for Unsplash.com

This is a CNF Feature Article

This page is embeddable, click for code
Head/Cover picture by: Head image by: Bonnie Kittle for Unsplash.com
Head/Cover image description: Anyone can be a cybercriminal
Article written by: Jonathan Fleming
Article edited by: Charity Needs Foundation
Article Length: Words count is 2315 from 13079 characters
Released — 20-03-2019 - 06:10
Modified — Never

Closing Credits from CNF:

  • @Unsplash.com:
    To all you photographers that provide free images to unspashed, thank you, our content wouldn't have been so great without your generosity.

  • @Paul Freeman - CoreInternet.net Server Administrator:
    Thank you, if it wasn't for your vigilance we may have suffered even greater devastation than we did.


  • Donate to Charity Needs Foundation:
    Send donations direct to CNF's PayPal Account and help us help others in the voluntary sector

Charity Needs Foundation Homepage