Hacker Trash

So I have spent the last week or so combing through codes and files on my server to find where the nasty malware codes were hidden. It was an annoying process but I learned a lot and I will share with you my experience. I know that this has nothing to do with Korean Photography but being as everyone that I know takes photos and probably has a blog, this may be useful. Blogs and websites, as you know are all prey for these jerks and the more you know the safer you are.

Things you must know

1. No website is safe. As much as you try, they will get in some how. The more you understand this, the more you will take the steps to slowing down the hackers or whatever they call themselves.

2. Use WordPress Features and Plugins. If you are using a wordpress platform, they know there are vulnerabilities and they try to correct them. So make sure that your version is up to date. Also take a look through some of the plugins and see if there are any malware plugins. When I looked, a lot of the popular spamware and malware plugins were not up to date with the current version of WordPress.

3. Sucuri. When I couldn’t find anything to help me get rid of this garbage on my site, I found Sucuri. This is an internet service that protects your site from infections and unwanted access. I signed up for their package as this was the 2nd time that my blog has been hacked and it is getting a little annoying. They also offer a free scan of your site to identify any problems.

4. Google Webmaster Tools. This is something that I found when got that nasty warning. Basically by going here, I got basically the same information that Sucuri told me. This is a way to narrow down your sear as they will indentify the pages and the malware code that is causing the problems.

5. Research Research Research! I really hit the net hard to find the answers that I was looking for. After updating files (the easiest way) to get rid of some unwanted scrips, I couldn’t the source of the problem on my blog. Both Sucuri and Google just lead me to my blog without further information to the location. After scouring the net I found out where some likely places for the codes to hide.

**TIP** Google search any odd looking files that you see. One of the nasty files was in plain sight. It was just sitting there with a normal looking title like “UPD” or something. As soon as I googled it, I found that it was supposed to be in there and I gave it a closer look. More obvious are file folders with overly long names like “adjkfln49801nffs” or something like that.

The last thing that I will add is to get feedback from your readers and friends. I was lucky enough to get a heads up from Jimmy from the Strange Lands blog and he also pointed me to another possible location of the tricky code (htaccess file).

 

What to do.

The first thing that I did was try and figure out the problem. I checked the google warning which pointed me in the direction of only my blog. They also indicated that the site was not blacklisted yet. I then scanned my site with Sucuri’s free scanner and founf that there was another problem on my main site.

I signed up for Sucuri for around $90 a year and I think it is worth it. Had I not been able to locate the problem myself, the Sucuri staff would be able to find it for me. The also protect against future attacks and this being my second attack in only a few months, I am hoping that they can stop it.

Then I updated my index page on my main site and that removed the first of the malicious codes. Then I combed through my blog files and found a few folders that didn’t belong. After deleting them I scanned the blog and my site again and found it to be clean.

After changing all of the passwords and whatnot, I contacted google again and asked the to review my site again. Within a few moments the warning page was gone and things were back to normal. Now I am free to write and post without a warning popping up on every page that I click on.

On the topic of the spam and malware, I have noticed also certain words bring in more of the trash. Things like: contests, free, cash, etc. Basically, anything that could be included in those crappy spam letters that you get will bring in spam comments and attempts to redirect the post. So be careful with what you tag you posts as.

With all this being said, let me know if you have experienced any problems and I will ever grateful and I am now looking at providing uninterrupted posts for the next little while.

Comments

  1. John Mueller Reply

    It looks like there’s still something weird on your site. You have a hidden link to a totally unrelated site in the “head” section of your pages. You can find it if you view the source of your pages:

    kids clothes

    Hidden links like that are usually a sign that something is wrong, be it from a hacker, or from a rogue plugin.

    If you use Webmaster Tools make sure the activate email delivery of messages so that you don’t miss anything 🙂

  2. John Mueller Reply

    Hmm, it looks like the markup disappeared, here it is with “( & )” instead of brackets:

    (form method=”post” action=”?” style=”overflow: auto; width: 5pt; height: 1pt; position: absolute; display:none”)(A HREF=”http://businessactionforafrica.org/?kids” TARGET=”_self”)kids clothes(/A)(/form)

    • Jason Teale Reply

      Thank you John! I uploaded a clean version of the header file and viewed the source to make sure it was gone. Thanks for the help!

  3. Jimmy Reply

    Jason, I’m glad you finally got this resolved. After working hard for x amount of years on a blog there’s nothing more disheartening than seeing it hacked.

    • Jason Teale Reply

      Exactly. These days it just seems to keep coming. Thankfully it is all a learning experience.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Pin It on Pinterest

Share This

Share This

Share this post with your friends!