This week’s learning: a hacked web site. There’s been a lot of that going around. Writing has taken a back seat to fixing the problem.
It took a while to grok how deeply StorageMojo had been hacked.
First I got a note from my hosting company – something about a daemon – and I told them to take it down. Which they did.
Thought I was done.
But I wasn’t
Then Gary at Nexsan noted that StorageMojo was alarming his browser. Went into the StorageMojo files on WordPress and discovered some iframes that I hadn’t put there.
Pulled them out. Upgraded to the latest version of WordPress.
Thought I was done.
Fired up the SFTP client and took a look at my web site files. Saw a bunch with names I didn’t recall, like Emma, Alexander and Jordan. Inside, links to hundreds of sites I’d never heard of either.
Got rid of them.
Checked a couple of other sites I host on the account. One had been completely cleaned out by the spamsters – the site was gone – replaced with more collections of links.
Edited the junk out of those sites. Hoped I was done, but decided to go through every single file and folder on all three sites.
Found the malicious code. Very professional. Replicated in several places. Language = ru, whatever that means.
New passwords, of course. Notices that the Dreamhost web management system doesn’t make that easy to do – password management is spread across several different tools – which guarantees that people won’t change them very often.
Did some other housecleaning and site hardening.
The StorageMojo take
I now know I will never be done. The rest of you with blogs should learn by my misadventure.
The biggest surprise is that there are many things that can be done to make sites harder, but they are not the defaults. You have to do some research and sometimes some configuration.
That is wrong. Other than general exhortations to update software, the hosting companies do almost nothing to make it easy to manage security. Not many consumers are going to dig into log files every couple of days.
I’m more technical than the average blog writer and some of this stuff is a PITA. The Internet Operating System needs some security patches.
Comments welcome, of course. AFAIK nothing bad got sent to readers of StorageMojo.