IMPORTANT: Please Check Your Computers, PHP Driven Websites and Blogs

This is a bit of off-topic for this blog. But, I think it is very important to let you know what has happened recently to my blog in the way of attack and spamming.

If you were using Firefox 3.0 or equivalent, you would have noticed, in the last week or so, that whenever you accessed anything on this site you would get a warning that this site might contain malware. Earlier versions of these browsers won’t see it. That really shocked me because I don’t sell any product (except for links to Amazon and ads from Google). When I logged into my account on Google, and ran webmaster tools, I got less than helpful information. And, they asked me to submit my website for review again, when I was sure that I removed the offending code.

I was not even sure where to start looking. After calming down, contemplating and retracing my memories through time, I remembered that my website was attacked and broken into in May 2008 and the index page was replaced with a cartoon that said, “Hey! Your site has been attacked!” I thought that it was probably a teenage prank, since I saw nothing else amiss after I restored the start page of my blog. I know, “How naive!” I just believed in the inherent goodness of people (and some of the younger people are just curious and naughty 🙂 ).

Through the past year, I was wondering why my PageRank and the visitor count was not going up that much. One of the reasons could be my infrequent posting of articles. But, other reason could be that whoever hacked in was hijacking my PageRank through hidden code in the pages. This hidden code is not visible to the naked eye, but search engine robots can see it. These people have most probably affected many other sites as well in a similar manner. I never knew people could resort to even sabotaging others’s websites, in order to get traffic and PageRank to their sites.

Anyway, after a search through the Internet, I found this page: WordPress exploit: we been hit by hidden spam link injection. Following the steps there, I was able to successfully clean up the problems. The problematic filenames found were not exactly the same as described on that page, but it pointed me in the right direction as to what to look for. I am very grateful to the author of this page for distributing such a valuable information.

Now, I am happy to say that Google has given a clean bill of health for my site and removed the warning message.

Steps you should take

Here is what I learned from this experience as a reader and author of this blog.

  • If you are a Reader of blogs, do the following on a regular basis
    • Delete all the cookies on your computer.
    • Run an anti-spyware/anti-spam software.
    • Run an antivirus software.
    • Update your browsers to the latest version that provide more security and useful warning messages. I prefer Firefox 3.x, but whatever browser you use keep it up to date.
    • Keep your computer Operating System and all security software up to date. I run Kubuntu on my laptop, since I am a UNIX guy who loves the control that command line offers. 🙂
  • If you are a Blogger, in addition to the above (I am sure you read other blogs), do,
    • Go through the page: WordPress exploit: we been hit by hidden spam link injection which guides you through detecting surreptitious attacks of this type before Google informs you. I learned from this experience that it is a good idea to keep checking on a regular basis to make sure that such attacks are detected early.
    • Make sure that the password to your FTP server account is long, strong and includes numbers and special characters.
    • Make sure that the directory and file permissions on your blog directories are correct.
    • Keep your CMS that hosts your blog up to date. I will upgrade my WordPress to the latest version sooner than later.
    • Make sure that the plugins you are using on your blog are secure.
    • Install Anti-Spam plugins on your blogs that protect you from comment spam.
    • Make sure that the theme(s) you are using on your blog do not contain security holes.

I am very sorry, if the problems with my blog caused you any inconvenience.

Please use the comment form below, if you have any security advice to share, that is not listed above.

8 thoughts on “IMPORTANT: Please Check Your Computers, PHP Driven Websites and Blogs”

  1. Malware is such a horrible thing. I bought a laptop some years ago and I came across Spysheriff, a program that looks as though it is going to help you. Anyway, for those that know this malware, it became my worst nightmare!

Comments are closed.