Friday, October 16, 2009

OMG! My Blog has been hacked!

OMG!   My Blog has been hacked!


There are few things that scare a Real Estate Blogger; having their site hacked ranks right up there.    Apparently I have some good company as an Internet Expert had their site hacked recently.  My Buffalo Real Estate Blog is my business, and it has been compromised.

Nightmare on Elm Street

Two weeks ago a call from a client alerted me that the Buffalo Real Estate Blog was being redirected to a movie site--one about horror movies.   A quick call to my web host, they were able to resolve the issue and correct the situation.  The Blog was clearly hacked and now secured by password changes.   Back to business rather easily, but there was something lurking beneath the surface.  

Scream 2


It took a week before the dreaded warning for every search on the Blog appeared:  Visiting this site may harm your computer!  This after having the Blog redirected to a Horror Movie site.  Someone clearly has too much time on their hands.  The Blog is banned on Google, Firefox and Stumbleupon and every time you would search in the search results would have the Visiting this site may harm your computer warning.   Can you say Internet Hell?

Misery

I am a Realtor, I have clients that I need to show homes to in an hour, I don't have time for this.   I had no idea what to do to fix the situation, all I could do was put my faith in the Hosting Company. 

While the hosting company does deep scans of the site, they suggested that I check the links on my site and wait. Wait and check links?  Do they really understand the severity of the situation? Check the thousands of links on over 1100 pages?  Seriously?   Later they tell me that all of my slide shows from Slide.com might be the problem.  They are as clueless as I am.

To give you an understanding of the severity of the situation, at this point this Blog is sitting at the top of search results on Google with the Visiting this site may harm your computer warning at the point when home searchers are at the peak of the searches before the end of summer.  A good 60% of my traffic comes directly from Google.  Sitting at the top of the search engines with countless keywords with this message.  This is a real-life horror show that is every Real Estate Blogger's nightmare.

The Exorcist

Find the code, Google removes the warning.  Finding the bad code was much like finding a needle in a haystack.   If you get Visiting this site may harm your computer error on your site here are some resources to assist you in fixing the problem to get you back into Google's Index:


Change your web hosting and FTP passwords every 30 days!

    • Simply replace yoursite.com domain name with your domain to check your site


Go to your Google Webmaster site and see if you have any messages from Google regarding violations.  My only clue was a message that I was in violation of terms of service because of Malware.   The Malware was never on my server, it was being called from another site using Java script.

Check out Dasient Web Anti Malware, which can give you important clues to what is causing the error messages.  

Tips for those using Wordpress  
  • Do you have the most recently supported version?   You will need to update.   There is a catch here.   If you don't upgrade the version in the manner they proscribe by your Web Host; you are not going to get a lot of support.  
  • Immediately change not only your password, but your Administrative ID
  • Institute changing your password every 30 days
  • Start by deactivating all your plugins.   Hackers like to hide code in them.   Use the tool from Dasient to check to see if the code is gone.   If you get the all clear from Dasient, you know where the bad code is.  
    • Now systematically reactivate each plugin.   Once you discover which plugin has the code, check the code of the version you have to the one on the download site.  
    • If it is the same, don't use the plugin, if it is different, delete the version you have and reinstall the plugin.   
    • If it clean after the reinstall you have fixed the problem.  


Also of great assistance was a site that has great information http://25yearsofprogramming.com/blog/20071223.htm, and if you ever are hacked, it is full of helpful information about how to prevent and correct the problems of having your site hacked.

Sixth Sense

It can take days to have your site reconsidered.  Prevention is important and a disaster plan in case your site is hacked.  It was difficult to find the source of the malicious code which was buried in two plugins, and links.  Once removed the Blog is back on Google without the dreaded warning.       Important questions that you should ask before you have an issue:
  • Would you be able to resolve this type of problem?  Would you know where to start? 
  • How often does your web provider make backups and how long do they keep them?
  • How does your provider handle software upgrades?
  • When was the last time you changed your password?   Make sure that you use a unique password for your hosting site to all others.   That way if the password is compromised you limit the extent of potential damage.
  • Can your hosting provider resolve these issues in a timely manner?   And what exactly could be considered timely?  Did you know that many consider 72 hours timely?
  • How is the technical support of your Hosting site?  
  • Who would you call in case of an emergency?  And what do they consider an emergency?


Scary nightmare to be sure. I never really liked horror movies, if I want a thrill I think I will go ride the Mind Eraser at Darien Lake.

at 2:22 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)