From time to time I experiment with different plugins to enhance my blog’s functionality (functionality…such a tech writing word). Anyway, I use a plugin that is supposed to help detect hack attacks.
After having a couple of my blogs hacked some time ago, I’m a bit sensitive to hacking.
The plugin I use is called WordPress Firewall 2. Recently I had been receiving notification emails initiated by the plugin telling me a certain IP address was attempting to insert malicious code into my site by attacking a certain file. After receiving 20 such notification emails in a short period of time, I decided to take action.
A Little Research
I looked up the IP address and it seemed to be a Google bot. Not being 100% sure that it was, I did a little research. My research left me on the fence. It could in fact be a Google bot or it could be a hacker redirecting an IP address to make it look like a Google bot.
After being online for several years and never having this happen before, I decided to err on the side of caution and ban the particular IP address. I did so by modifying my .htaccess file and inserting the following code:
deny from XX.XXX.X.XX (x represents actual IP address)
allow from all
Sit Back to See What Happens
The world didn’t come crashing down after inserting the code and the annoying emails stopped. Whew, dodged a bullet.
Several days later (about 3), I noticed the traffic for that particular blog dropped significantly. Hmmm, what’s going on? So, I searched for my site in Google and found it. The site was there in a great position on page one of the search results but beneath the site’s URL were the words “You are banned.”
Yup, I dodged the bullet when I should have employed fancy footwork. Instead of getting shot in the upper body, I shot myself in the foot. The IP address was actually a Google bot. So, I immediately removed the code from the .htaccess file and temporarily deactivated the plugin. Fortunately, the “banned” statement was removed within seconds and the traffic returned.
Better Safe than Sorry
When I originally received the email notifications, my first line of action was to contact Google to see if it was really their bot. The problem with contacting Google is contacting Google. It’s not easy finding the right department, email address or even forum thread in which to post a query. Instead I took matters into my own hands.
Bottom line, I lost about half a day’s worth of income, but I’d rather that than have lost several weeks or months worth by fighting hackers. Another online lesson learned.