EtL Hack Causes Major Disruption to Service
by Miserere
Yesterday afternoon Enticing the Light was hacked. If you visited the site and didn’t have some sort of antivirus or internet browsing protection you would have been redirected to another site that dealt with anything but Photography. Some people also reported having a program try to install malware on their computer. I apologise for any problems EtL might have caused you, and I hope you understand we are not trying to infect your computer or ruin your browsing experience.
I spent 7 hours working to fix the issue last night, and to say I am pissed off doesn’t even come close to expressing how I feel. Unable to get to the very bottom of the hack, I took the site offline before going to bed last night (at 3:00am). As of this morning EtL should be running without any hacks, but if you notice any strange behaviour, please e-mail me immediately to let me know.
I have located a number of infected files amongst the WordPress plugins we use so I have disabled all of them. I will be reinstalling them as time permits over the next few evenings, but until then you’ll notice some loss of functionality around the site, though all articles are still available, readable and highly recommendable.
Hopefully everything will be back to normal by Sunday.
I’ll be taking steps to make sure this doesn’t happen in the future, but if any of you WordPress Illuminati have suggestions for tools or plugins I should use, or articles I should read, please use the comments section to recommend them. All help is appreciated.
Cheers,
–Miserere
UPDATE: EtL got hacked again over Friday night, Saturday morning. It was the same hack, but it wasn’t an isolated incident; it appears many WordPress blogs hosted on GoDaddy were hacked. I have increased security at EtL to a paranoid level, but as they say, am I paranoid enough? Time will tell, but the blog has already fended off two intruders since Sunday. We hope to resume publishing of Photography related articles soon, now that I can start thinking about things not involving database injection and other arcane hacking terms. I’m looking forward to it…
Related posts:
Tags: blogs, Hackers, Hacking, Photography
Sorry to hear this mis…
Thanks, Javier. I’m taking steps to ensure it doesn’t happen again. It’s not even like the hackers were after anything…and it was probably an automated hacking program, not even a person. There is no point to this type of hacking except to annoy good people like you and me.
That is nasty. My own site is based on WordPress too so I’d be interested in knowing what was done. I’m not a WordPress expert. What I would probably have done is back up the blog database and then reinstall everything. I wouldn’t know how to do that straight off but would be able to figure it out. But then I’m not sure that would have handled everything. Is it possible for dodgy code to get into the database via a comment?
That’s a good question about the code in a comment. I don’t think so, but I am no WordPress expert either.
What I did was back up the database, change the passwords for the database, FTP and WordPress account (for both me and Peter), then do a search and delete for instances of eval(base64_decode(blahblahblah)), which had infected almost 400 files; then finally I “updated” WordPress (I was already running the latest version). At this point the site was still redirecting somewhere dodgy and I couldn’t find the script that was doing it, so I disabled all the plugins and the redirecting stopped. I tried activating the plugins one by one, but gave up after the 4th one in a row came up infected–I’m pretty sure they were all infected. So I just deleted all of them and am now in the process of reinstalling them again. At this point I have again changed all the passwords.
I’m pretty sure my problem was that I had some files with 777 permissions (allowing anyone to write to them), and the bots found them. I’m now following closely what WP themselves are recommending here in regards to permissions.
In order to reduce my chances of being hacked again I am also beefing up back-end security with some plugins recommended here.
Thanks for the info. I’ve tucked it away in case I need it some time.