Blog Azeroth

A forum for World of Warcraft Bloggers
It is currently Tue Sep 02, 2014 6:50 am

All times are UTC




Post new topic Reply to topic  [ 4 posts ] 
Author Message
 Post subject: The tragic tale of a hacked blog
PostPosted: Tue Jun 10, 2008 6:31 pm 
Offline

Joined: Wed Jan 30, 2008 7:30 pm
Posts: 4
Once upon a time there was a girl who had a WoW-related blog, that she hosted herself, on her own domain. She was a lazy girl, so she didn’t write a new post every day, but every so often she would update with her latest adventures and some silly screenshots. All was well.

Then, one day, Wordpress told her a new version of the popular blogging software was available. It told her she should upgrade immediately, because it would fix a security problem.

“Nah,” said the lazy girl, “I will update some other day.”

Many days passed, and the girl did not upgrade.

Then, some two weeks later, the girl looked up the referrers to her blog. For the girl was a curious one, and easily amused by the search terms people used to find her blog. But this time, the girl was not amused. For what she saw was words like “ephedrine” and “phentermine”. Words that had nothing to do with her blog.

Image

Sure enough, the “page viewed” link was a page on her blog, one that she did not recognize. The page redirected the girl’s browser to a shady pharmaceutical site elsewhere on the internet.

The girl realized she had been careless. Her blog had been hacked.

The hacker had been a sneaky one. She did not see any difference on the front page of her blog. There were no sudden big banners or pop-ups. If she had not checked the details of the visitors to her site, she would never have known.

She, at last, upgraded to the latest version of Wordpress, but that did not fix the problem. She had to download the entire content of her blog directory and investigate it with a fine toothed comb to discover what the hacker had done.

In her uploads directory she found a humongous text file with a lot of pharmaceutical search terms in it. She also found a php file in the same folder that created new pages on her blog and redirected those elsewhere. In the index.php file for her blog theme the hacker had added a line that put this malicious hack into effect. Removing this line, and the two files in the uploads directory, was all it took to undo the damage.

However, the girl was worried. What could she do to prevent getting hacked again? She searched the internet for answers, and made a list of tips that she found.
    - Keep your Wordpress installation up to date. If it asks you to upgrade, don’t wait – do it.

    - Make frequent backups of your database.

    - Get into the habit of scanning your computer for viruses and spyware on a regular basis.

    - Create .htaccess files that won't allow anyone to view the contents of your wp-admin, wp-content and wp-includes directories.

    - (Manually) add a .htaccess file to the wp-admin folder that will only allow your own IP-address to access it. This only works if you have a static IP-address.

    - Add a secret key to your wp-config.php file. This will add a strong encryption to your cookies, so even if they get intercepted by hackers they won’t be able to use them.

    - Change your passwords often, both to your blog account and to the FTP access to your site. Also check whether your files and directories are CHMODDed properly.

    - Check the statistics of your blog every so often. You might find certain search phrases or referrers that will set off alarm bells.

    - Keep your Wordpress installation up to date. If it asks you to upgrade, don’t wait – do it. Yes, you have read this tip before. It’s the single most important tip in the list, so it merits repeating.


This list is not fool-proof, nothing ever is, but it should still turn your wordpress blog into an almost unseizable fortress.

The morale of the story?

The girl was embarrassed that she had been so lazy and naive. But she still wanted to share her story here, with other blog owners. Please heed her warnings. Don’t be like her. Take precautions, and know that you run a big risk by running outdated Wordpress software. Don’t assume hackers won’t target you, just because you run a small blog with few visitors – because that’s completely irrelevant. Any blog, any site, is an interesting target as long as it shows up on Google.

Thank you for reading.

(As a sidenote: it’s a tad surprising to see that people even followed these fake links. Really now - would you buy medication from a witch doctor?)


Top
 WWW Profile Send private message  
 
 Post subject:
PostPosted: Tue Jun 10, 2008 6:49 pm 
Offline
User avatar

Joined: Mon Jan 28, 2008 5:37 am
Posts: 24
Server: Kel'Thuzad
Very sobering post. Lots of good tips in there that I had yet to read about (secret key). Glad the blog is back on track.


Top
 WWW Profile Send private message  
 
 Post subject:
PostPosted: Fri Jun 13, 2008 4:52 pm 
Offline
User avatar

Joined: Wed Feb 20, 2008 8:15 pm
Posts: 21
Thank you for sharing this, and I'm sorry you had to deal with such an experience!


Top
 WWW Profile Send private message  
 
 Post subject:
PostPosted: Sat Jul 05, 2008 10:56 am 
Offline
User avatar

Joined: Fri Jul 04, 2008 4:32 pm
Posts: 10
i also experienced something like this before. and just like that girl, i didn't upgrade my wordpress. and because of that i was banned from google index less than a month. real nice info there witch doctor!

_________________
World of Warcraft Macros: Help us GrowUP:)


Top
 WWW Profile Send private message  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
mergenine: WoW Alliance BB3
World of Warcraft ® ©2004-2007 Blizzard Entertainment, Inc. All rights reserved.