Hazard! Caution! Warning! Actung! Attenzione!
So there I was a week ago on Tuesday, sitting at my desk and having one of the worst days at work in recent memory. There were all kinds of bonfires burning brightly on my desk. Still are.
So much so that in a recent hot project review with my manager and all of my peers, the Boss Lady remarked “wow, you have all of the really awful problems, don’t you?”
She is fairly unflappable and not easily worried by the bonfires that my job brings, so her concern means I am seriously up to my eyeballs in alligators.
As the day progressed like a hammer to the head of a nail, I decided to sit back for a few minutes and look at some personal email by way of distraction.
That is when I found an email from someone I don’t know, a Good Samaritan if you will, letting me know that my sweet Oh Fair New Mexico site had been hacked.
Oh joy. Just exactly what I needed.
This was, in my opinion, a particularly insidious hack. It was done so cleanly that I never even knew it had been hacked. Google “WordPress Pharma Hack” and read the pages and pages devoted to this really clever little invisible hack.
Instead of fiddling with my content or the front page of my blog, the intruder created something on the order of hundreds of offshoot pages from this blog. Those pages purported to sell all variety of fun pharmaceutical products, stove tops, waxing kits and more.
I suppose I should have guessed I was hacked when my website began to slow to a crawl. Then recently I noticed I couldn’t reach my website from my home network. A ticket raised at my hosting provider said “No, your blog is up and running.”
Turns out my ISP had blocked my infected web page. My blog continued to slow down even more. It began taking several long seconds to load.
I feel sort of sheepish that I didn’t figure this out for myself. The signs were there. I make a living in the tech industry, but when it came to my own blog I was a silly little twit.
So after receiving the bad news I:
1) freaked out, then
2) contacted my hosting provider who had done me the service of setting up my blog originally
Within about twenty minutes they had replied to my ticket and did their part to clean out all of the offending sites. I checked several of them to be sure they were shut off. A bit of Googling around showed me that I had been hacked going back into last year. Hoo boy.
Then I had to raise another ticket because I noticed that my usual log in page redirected me to a page that looked exactly like my log in page but had a different URL. Thankfully I did notice that in the URL line on my browser.
My hosting provider responded by giving me another way into my blog. Once in, I realized that my hacker friends had set up no less than five admin accounts on my blog and one more that was invisible. I could only tell that by seeing that I had one (1) line item for users but the count in the header of the page said I had two (2) admin accounts.
Hell, I never check my admin page, but I should have.
So I did a lot of research and I learned about PHPMyAdmin and I got new keys from WordPress to make sure if the hackers were still logged in it would crunch their cookies and I changed passwords.
And I freaked out a little more.
Then I went to Google and signed up for their webtools (as suggested) and ran through the process so I could get the “this site may be hacked” message to not show up in search results for my little blog. That seemed to work fairly quickly.
And then I freaked out less but still felt anxious. And I kept working on cleaning up the mess that was left behind.
It all feels so…dirty. I mean, I don’t get a ton of traffic to my little blog but it’s my tiny corner of the internet and this week I celebrated my seventh year of blogging. Over half a million words.
A lot of fun has been had. By me at least.
From all of this, I have learned that WordPress blogs are particularly hackable. I have also learned that some hosting providers are also particularly hackable.
I have some other things I want to do to better secure my blog, but I certainly can’t promise I won’t get hacked again.
In fact, based on my research, I probably will get hacked again pretty soon until I get better security on my pages.
I may have to just shut down the blog entirely, but for now, I’m back up. It seems to be running a little quicker. I do regular backups on the blog but I did another just to be cautious.
So there you go. For today I’m back to blogging and not selling.
I like it here. Oh Fair New Mexico makes me happy, and for the few but loyal readers I have, I hope it makes you happy too.
Meanwhile if you came here because you want to buy some good drugs off the blog, the bad guys are no longer in business at this location. For now, anyway.
*Special thanks to the kind reader who tipped me off about the hack. I am quite grateful to you.
**Humorous side note: When I told The Good Man that I had been hacked he went to look at the blog. He thought my kooky post about big cats liking Calvin Klein Obsession cologne was the work of the hackers.
Lol! I had a hell of a time convincing him that I wrote it. *grin* They can’t all be winners.
Image found here.
What? No more drugs?
That’s it, I’m done with this blog!
Okay, seriously – glad you are no longer hacked, I never noticed a thing, but if you ask the little woman, I never do. . .
Hey Lucky – Sorry, no mas drogas here. However, I’m sure I will be hacked again quickly, so don’t lose hope! :\
And what made this hack so crazy is that you would never have noticed a problem, other than slow loading pages from the over four THOUSAND pages that got spun off of this blog. Ugh.
Google has only crawled and removed 1000 of them, and there is some malicious code tucked away on one of my pages but I can’t seem to find it and kill it. There is still a long way to go.
Congrats on 7 years of blogging Karen! I always enjoy your musings with a morning cup of coffee before attacking the big bad world. Keep up the excellent work.
Andy – That is about the nicest thing you could say. I am humbled and happy!
My apologies to you personally for being away for almost two weeks. Shame on me. But stay tuned, there is a word avalanche coming your way. The words “New Mexico” will be in there a lot.
I enjoyed reading your post and hearing the “rest of the story.” You are a funny writer.
Since my site needs the press I am going to take the credit I deserve for being “The Good Samaritan ” who made you aware of the hack.
Go to http://pharma-hack.com to learn more about Pharma Hack.
Hi Dave – Thanks for the comment. Out of respect I chose not to name you outright, but since you have commented, I can thank you publicly.
I found your own Pharma Hack blog when I was Googling “blog.karenfayeth.com” to find errant pages that needed squashing.
The clean up continues on my blog. I usually post links to my blog posts on my Facebook page and one of my friends who works for a company that does advertising and makes web pages for clients said one of their clients with a monetized site got hit with the same hack. I don’t monetize my blog and if I did that Pharma Hack would have really sent me around the bend.