So I have spent the last week or so combing through codes and files on my server to find where the nasty malware codes were hidden. It was an annoying process but I learned a lot and I will share with you my experience. I know that this has nothing to do with Korean Photography but being as everyone that I know takes photos and probably has a blog, this may be useful. Blogs and websites, as you know are all prey for these jerks and the more you know the safer you are.
Things you must know
1. No website is safe. As much as you try, they will get in some how. The more you understand this, the more you will take the steps to slowing down the hackers or whatever they call themselves.
2. Use WordPress Features and Plugins. If you are using a wordpress platform, they know there are vulnerabilities and they try to correct them. So make sure that your version is up to date. Also take a look through some of the plugins and see if there are any malware plugins. When I looked, a lot of the popular spamware and malware plugins were not up to date with the current version of WordPress.
3. Sucuri. When I couldn’t find anything to help me get rid of this garbage on my site, I found Sucuri. This is an internet service that protects your site from infections and unwanted access. I signed up for their package as this was the 2nd time that my blog has been hacked and it is getting a little annoying. They also offer a free scan of your site to identify any problems.
4. Google Webmaster Tools. This is something that I found when got that nasty warning. Basically by going here, I got basically the same information that Sucuri told me. This is a way to narrow down your sear as they will indentify the pages and the malware code that is causing the problems.
5. Research Research Research! I really hit the net hard to find the answers that I was looking for. After updating files (the easiest way) to get rid of some unwanted scrips, I couldn’t the source of the problem on my blog. Both Sucuri and Google just lead me to my blog without further information to the location. After scouring the net I found out where some likely places for the codes to hide.
**TIP** Google search any odd looking files that you see. One of the nasty files was in plain sight. It was just sitting there with a normal looking title like “UPD” or something. As soon as I googled it, I found that it was supposed to be in there and I gave it a closer look. More obvious are file folders with overly long names like “adjkfln49801nffs” or something like that.
The last thing that I will add is to get feedback from your readers and friends. I was lucky enough to get a heads up from Jimmy from the Strange Lands blog and he also pointed me to another possible location of the tricky code (htaccess file).
What to do.
The first thing that I did was try and figure out the problem. I checked the google warning which pointed me in the direction of only my blog. They also indicated that the site was not blacklisted yet. I then scanned my site with Sucuri’s free scanner and founf that there was another problem on my main site.
I signed up for Sucuri for around $90 a year and I think it is worth it. Had I not been able to locate the problem myself, the Sucuri staff would be able to find it for me. The also protect against future attacks and this being my second attack in only a few months, I am hoping that they can stop it.
Then I updated my index page on my main site and that removed the first of the malicious codes. Then I combed through my blog files and found a few folders that didn’t belong. After deleting them I scanned the blog and my site again and found it to be clean.
After changing all of the passwords and whatnot, I contacted google again and asked the to review my site again. Within a few moments the warning page was gone and things were back to normal. Now I am free to write and post without a warning popping up on every page that I click on.
On the topic of the spam and malware, I have noticed also certain words bring in more of the trash. Things like: contests, free, cash, etc. Basically, anything that could be included in those crappy spam letters that you get will bring in spam comments and attempts to redirect the post. So be careful with what you tag you posts as.
With all this being said, let me know if you have experienced any problems and I will ever grateful and I am now looking at providing uninterrupted posts for the next little while.