Content summary: Diary note: next FIR Live on Feb 19 with Paul Gillin and Eric Schwartzman; listener comments […]
If you’ve ever been hit with a virus on your computer, you know how difficult it can be to thoroughly clean the machine, even when you have security software that does all the heavy work.
Take that picture and apply it to your blog and you have a migraine-inducing situation, precisely what I’ve experienced during this past week with an iframe virus and a malware attack involving a backdoor Trojan that temporarily created some havoc on this WordPress blog until they were eliminated.
What I learned from this experience is simple things any blogger can do to help ensure the security of your site.
I became aware that something wasn’t right when publishing a post using Windows Live Writer produced an access error. Likewise, accessing the blog via the WordPress app for Android on my phone also gave an error. I thought it might be related to a known error with XML-RPC and PHP that I encountered a few years ago. But a quick peek at the source code of the home page showed me a different likelihood.
Notice the string of text highlighted in red that starts line 1 – code to create an iframe and then access another website on every page load. Given that I hadn’t inserted that code, nor had it anything at all to do with WordPress, then the chances were pretty certain it was done by someone who had gained unauthorized access to my server.
Line 1 should start with this –
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
A simple search on Google and a chat with my hosting service, DreamHost, speedily confirmed the worst: the blog was infected. Identifying precisely with what, and fixing it, was a clear priority.
Looking around the web produced lots of helpful posts recounting the experiences of others who have addressed similar issues as mine, all of which were very useful in the actions I took to rid my site of this most unwelcome visitor.
Immediate three steps:
- Change the passwords and log ins for all blogs and my hosting account.
- Review list of users who have admin authority on the blog. If there are any there I don’t recognize, either delete them or at least change their access levels to one which gives no ability to write content on the site. For all others, disallow their admin rights temporarily
- Change the password for my own FTP access account and cancel access of every other FTP account.
If the hacker had got in via a lax security measure – like a weak password or FTP access – then that simple route was now blocked.
Now, some detective work.
Watching BBC Click on TV yesterday, I was interested to find out more about soluto.com that was mentioned […]
With the TV news full of images and sounds of serious civil unrest in Egypt, it’s fascinating to […]
FIR Live #21 Saturday, February 19, 2011 10am PST / 1pm EST / 6pm GMT Participate or listen […]
Content summary: New FIR Book Review posted of Resonate by Nancy Duarte; diary date: next FIR Live is […]
An event I’m very happy to help raise awareness of is the 2011 Social Media Awards programme from […]
I can think of few better ways of spending part of Sunday than playing with a new tech […]
Resonate: Present Visual Stories that Transform Audiences, by Nancy Duarte FIR Book Reviews editor Bob LeDrew reviews Nancy […]
If you’ve been paying attention to the social web in recent weeks, it’s very likely that you’ve given […]
Is the USA the world’s richest country, as many believe? I guess much depends on how you measure […]
Content summary: FIR website sidebar updated and adjusted; new FIR Book Review is up; Chester Burger honoured on […]