Into Each Life a Little Rain…    

The past three days were a bit of an online challenge for me. A bored ne’er do well decided to test the security on my blogs. Apparently this person had a pretty good time inserting links for one of the well known male enhancement drugs (I hesitate to use such words on this blog for fear of context sensitive advertisements).

Here’s the Story

It started on one of my less frequently updated and less popular blogs. I happened to go the blog and in the upper left hand corner I saw a link for the drug. Immediately I logged in, checked the appropriate WordPress files to see which one contained the offending code.

After a thorough search, I couldn’t find it. So, I did what I know to do. I searched the internet to see what other hacker victims did. It lead me to checking the databases (double ugh!). Like Dorothy and Toto being lost in the woods, that’s how I felt navigating through my back end databases. Apparently I was absent from school the year or two when they were teaching all about databases.

Not being one to give up, I learned just enough to be able to find out where the offending code was being placed. Apparently the hacker was able to add an entry into one of the database tables. I deleted it and searched the database for my other blogs. I was appalled to find similar results.

After deleting the entries, I changed my admin password and the password to my databases and was done, or so I thought. Imagine my surprise when the attacks kept occurring.

Back to the Drawing Board

In addition to ensuring each blog was updated with the latest release of WordPress, I also accessed my .htaccess file searching for malicious code. I found something that didn’t look quite right to me so I deleted it (saved a copy in case my blog blew up by its removal). Unfortunately that didn’t solve my problem.

Calling the Big Guns

After doing all that I could do (which wasn’t very much), I submitted a ticket in the Host Gator system. My sites are hosted by Host Gator and I’m very glad they are. I’ve been with other hosting companies and had to go through the agony of switching web hosts. Switching web hosting companies is not something that anyone wants to do on a whim. You only switch hosting companies if you’re forced to.

The folks at Host Gator were very responsive. Unfortunately, the first level of customer service searched through all of my files looking for malicious code and couldn’t find anything. I changed passwords again and still, the attacks kept coming. It got to the point where I would search my databases every ½ hour to remove the unwanted entries.

Escalation to a Higher Level

The ticket was escalated to a higher level. It seems the hacker was accessing my blogs remotely. We’re not sure, but I believe they gained access through one of my plugins. I have a sneaking suspicion it was my TwitPress plugin, but I can’t be 100% sure. I’ve since disabled it and am considering TwiterFeed instead.

Bottom line, they assisted me with admin password changes, user password changes, database password changes and configuration file changes. There were way too many changes for me to wrap my head around (having several blogs and all). It seemed to have worked.

The hacker most probably entered through an unlocked back door and gained access to all of the passwords and blog configuration (I thought it suspicious when the text in the right column of my blog disappeared). Having gone through such an experience I’d like to share a few sites that I came across while attempting to fix the problem.

These sites offer valuable information on how to prevent such a thing from happening to your WordPress installation.

• Did Your WordPress Site Get Hacked?

• How to Stop Your WordPress Blog from Getting  Hacked

One thing I did learn is that it’s very important to keep WordPress installations up to date. It’s easier to do now because of the auto update feature. Many times the latest release doesn’t offer any new bells and whistles. Sometimes it’s addressing potentially exploitable vulnerabilities.

All’s Well that Ends Well

I learned quite a lot from my hacking marathon.

1. I learned that Host Gator support team is extremely responsive.
2. I learned not to ignore new WordPress updates (sometimes they seem to come daily)
3. I shouldn’t have cut class when they were teaching all about databases
4. Create more secure and varied passwords (no more one password fits all)
5. It’s great to have eggs in more than one basket. While my sites were down, I was still able to continue working on my other revenue producing projects.
6. It’s good to have static websites in addition to blogs.  While my blogs were being compromised, my static websites were not affected (which is good, because that’s where my bread is buttered).