Ready, Aim…Shoot Self in the Foot!

| January 4, 2012 | 19 Comments

Shoots Self in Foot (image by Jose Hermida)

From time to time I experiment with different plugins to enhance my blog’s functionality (functionality…such a tech writing word).  Anyway, I use a plugin that is supposed to help detect hack attacks.

After having a couple of my blogs hacked some time ago, I’m a bit sensitive to hacking.

The plugin I use is called WordPress Firewall 2.  Recently I had been receiving notification emails initiated by the plugin telling me a certain IP address was attempting to insert malicious code into my site by attacking a certain file.  After receiving 20 such notification emails in a short period of time, I decided to take action.

A Little Research

I looked up the IP address and it seemed to be a Google bot.  Not being 100% sure that it was, I did a little research.  My research left me on the fence.  It could in fact be a Google bot or it could be a hacker redirecting an IP address to make it look like a Google bot.

After being online for several years and never having this happen before, I decided to err on the side of caution and ban the particular IP address.  I did so by modifying my .htaccess file and inserting the following code:

order allow,deny
deny from XX.XXX.X.XX  (x represents actual IP address)
allow from all

Sit Back to See What Happens

Wait and SeeThe world didn’t come crashing down after inserting the code and the annoying emails stopped.  Whew, dodged a bullet.

Several days later (about 3), I noticed the traffic for that particular blog dropped significantly.  Hmmm, what’s going on?  So, I searched for my site in Google and found it. The site was there in a great position on page one of the search results but beneath the site’s URL were the words “You are banned.”

Yup, I dodged the bullet when I should have employed fancy footwork.  Instead of getting shot in the upper body, I shot myself in the foot.  The IP address was actually a Google bot.  So, I immediately removed the code from the .htaccess file and temporarily deactivated the plugin. Fortunately, the “banned” statement was removed within seconds and the traffic returned.

Better Safe than Sorry

When I originally received the email notifications, my first line of action was to contact Google to see if it was really their bot.  The problem with contacting Google is contacting Google.  It’s not easy finding the right department, email address or even forum thread in which to post a query.  Instead I took matters into my own hands.

Bottom line, I lost about half a day’s worth of income, but I’d rather that than have lost several weeks or months worth by fighting hackers.  Another online lesson learned.

Tags: , ,

Category: Google, Plugins, Search Engines

About the Author ()

Felicia A. Williams is a freelance writer and blogger. She spends the majority of her time with her family and writing. If she’s not writing or commenting on NJFM, she’s either outside smelling the roses or writing articles for one of her other sites.

Comments (19)

Trackback URL | Comments RSS Feed

  1. Irune says:

    I actually managed to start a new site, do everything right (I thought) and install a lovely plugin that decided that everything had to be noindex,nofollow by default.

    That collection of WordPress plugins is worth a blog post on its own, really. I use most of those myself.

  2. L.M. says:

    I know the question is for Felicia, but these are the plug-ins I use on all my WordPress sites for various protection measures:

    1 – Akismet – This one is pretty standard to guard against spam

    2 – AntiVirus by By Sergej Müller

    3 – Blog Copyright (by BTE)- This is just a plugin to add a copyright notice at the bottom the site

    I also go into my Footer Editor and remove the coding that creates the statement at the bottom that it is a WordPress site. I think it says “Powered by WordPress” or something like that. I think I found out how to do that on this post: how-to-blog.tv/technical/how-to-remove-powered-by-wordpress-link-from-footer/ (I just found it by googling “remove powered by wordpress from footer”

    This is done to remove the WordPress footprint because hackers randomly look for sites Powered by WordPress.

    4 – Copyrighted Post – I use this plugin because I write all my own content and this just makes it clear that each post is itself copyright protected.

    5 – Limit Login Attempts – This plugin has been REALLY important because it limits how many times a hacker can try to login. Otherwise, these hackers will try hundreds of attempts to guess the user name and password. It is also an issue if the hacker starts eating up server capacity with HostGator, etc. by making these numerous attempts. Hundreds of attempts within minutes can cause major problems along with making it more likely their hacking attempts will work.

    6 – Secure WordPress – Basic security checks for securing your WordPress installation

    7 – TAC (Theme Authenticity Checker)- TAC scans all of your theme files for potentially malicious or unwanted code. Some of the free themes out there will sneak affiliate links or other malicious links in the coding. I used to use any kind of free theme out there online and when I used this plugin, I found malicious code in most of the themes. Now I stick with the free theme that comes with WordPress the Twenty-Ten theme.

    8 – WordPress Firewall By SEO Egghead – NOT WordPress Firewall 2 By Matthew Pavkov (see my comments from 1/5/12)—- The Firewall has prevented EVERY attack on my sites thus-far and it would be virtually guaranteed that your site would get hacked without a Firewall in place.

    9 – WP-CopyProtect [Protect your blog posts] – This one is really important to me because I write all of my own content. This plugin can be set where no one can highlight the text on your site to copy and paste the information. You cannot highlight and right-click on the mouse to copy and paste. They cannot even highlight and use Control C/ Control V to copy and paste. In fact, the highlighting function won’t even work for them.

    Now, keep in mind most that steal content don’t copy/paste, they steal from the RSS feed. So, what I have done is under “Settings” under “Reading”, I have set “For each article in a feed” show: Summary instead of Full Text. This way if they try and steal through the RSS feed, they will only get an excerpt of the content, not the full post.

    10 – WP Security Scan – Perform security scan of WordPress installation

    • Felicia says:

      Thanks for your thorough response, LM. Your comment is a nice supplement to the plugin list I had blogged about earlier in the year here and here.

      • L.M. says:

        I figured that you had already possibly blogged about many of those, but I did not look first before posting my comments.

        I did not include any of the non-security plug-ins I use like All in One SEO Pack or Google XML Sitemap, etc.

        I just started using WordPress Editorial Calendar and it is really useful for me.

  3. Kristine says:

    Do you have any other security plugins that you recommend?

  4. Joni says:

    I’m with Crystal. You have to be good and becoming better if someone wants to hack you or if its a “bot” did you say, you have to know what that means. Thats why I won’t go to WordPress…it would do me no good with the complete lack of knowledge I have about plug-ins, and bot, etc, etc. Felicia, you need to write an ebook on super basics. LIke I’ve tried blogger and have written for content but the stuff like SEO, tags, and all the other yada, yada stuff I don’t have a clue. I’ve gotten books from the library to try to learn but with not luck. Anyone know of any basic classes or books out there?
    thanks,
    joni

    • Felicia says:

      Joni, I learned by trial and error.

      The problem with writing basic books is that as soon as the book is finished, the basics change. I’ve been at this stuff for about 5 years now and some of what I did 5 years ago no longer works now.

      You have to make mistakes. I make tons of them. Wait, let me rephrase that. I make tons, and tons and tons and… you get the drift. That’s why I always encourage people to create a playground site. There you can really tear things up without worry.

      Don’t let your lack of knowledge or experience stop you from trying WordPress. I strongly recommend that you face your fear and conquer it. Doing so may catapult your online writing earnings.

      I was reading a book the other day and it had the quote “Everything is hard before it’s easy.” I liked that quote so much that I wrote it down and put it up in my bathroom (I see it every morning).

      Joni, you are in the perfect position to create a blog for beginners on how to get through some of this stuff. You see, as I learn, I write about it here. It’s easier to write as a beginner when you are a beginner. Although I try to explain things, I realize that using terms like “bot” and a few other terms might scare beginners.

      As I grow, the blog grows with me. You’re in the wonderful position of wanting to know a ton of things and the best way to learn is to teach. Sounds crazy, but I’ve found it to be so. As you figure something out, share it with others. You’ll be surprised at how much more you’ll learn.

      UPDATE: Check out this blog: Grand Per Month.

  5. L.M. says:

    I don’t remember where, but I had Googled “WordPress Firewall 2” and found out it was buggy or something. This was last year sometime. I only had it installed for like a day or something. After reading about some issues with it, I immediately uninstalled it and went back to WordPress Firewall….the original one.

    Now I research each plugin and check to see if anyone is complaining about glitches, etc.

  6. SanthiK says:

    Thanks for sharing another lesson. I am also very glad to be receiving full length email updates. I must admit the adjusted preview emails did not make me want to visit the website to read the full post unless it was a relevant topic. I have unsubscribed from other blogs that send preview emails but did not choose the same for NJFM. Simply I empathized with the reason and understood the necessity

    • Felicia says:

      You can thank Amazon for the full RSS read. As you know, plagiarists love to target RSS feeds to copy and paste content. Because I have my blog available on Kindle, Amazon asked that I provide a full feed. All the rest of my blogs still provide summaries only.

      It’s a shame that readers are punished for what plagiarists do. Glad you stuck with NJFM. 🙂

  7. Crystal says:

    Reading this post makes me realize that you have probably forgotten more about web stuff than I will ever know. Chasing Google bots, foiling would-be hackers, modifying code – I barely know what it all means, let alone how to do it…

    • Felicia says:

      Crystal, it’s all by trial and error. My online journey is a journey of a hack. I do what needs to be done to accomplish my task, but I can honestly say that there’s no finesse to my journey (kind of like my swimming stroke). 🙂

  8. Ken says:

    Ouch. Gotta watch some of those plug-ins. My wife had one that kept storing pictures on various websites. We got a call from our host that the price was going up on our monthly fees because we were using the hosting account for storage. How many pictures? 9000. Needless to say we spent a day trying to figure out which plug-in was at fault and deactivated it quickly.

    Plug-ins can be tricky, but as you said, better safe than sorry. Glad you got your revenue and traffic back.

    • Felicia says:

      Wow, 9000 images. Which plugin was it?

      When they work right, they’re great. When they don’t, they can be a nightmare.

      • Ken says:

        Hi Felicia,

        Can’t remember right off hand which plug-in it was. It turned out to be one that allows you to place sliding pictures on a widget. In the end we ended up turning on and turning off quite a few to find out exactly which one was causing the issue. That was a fun day…lol

        • Felicia says:

          LOL! I know what you mean. Turning widgets on and off can be a chore. I cringe every time I sign onto my account to see there are plugin updates. I always upgrade my plugins in ascending order. The least active and lowest earning blog gets upgraded first. If nothing blows up there, I then upgrade the next blog and so on.

Leave a Reply

Your email address will not be published. Required fields are marked *