I think this blog hack is under control (knock wood)

Blmurch, via Flickr (CC license)

Yep, spammers are asses. And evil, in a mostly banal sense. Grumble….

Over the last few days, and especially this morning, I’ve been wrangling with fixing a hack done to this blog by a spammer. It’s been pretty stressful, but Tom Vilot and other helpful geeks have been absolute angels in helping me figure out this server-side crap. Thanks, all!

For now, I think we’ve probably neutralized what this hacker has done. But I’ve got a contingency plan in place to rapidly relocate this blog to another server should new problems from this hack arise. If problems do arise, I’ll probably have Bluehost create a new account for me, reinstall Wordpress, repopulate the blog’s database, etc. A hassle, but not unrecoverable.

Lessons learned. These mostly apply to Wordpress blogs, but can have wider applicability…

Always use secure access (https://) for any site that requires a password. Just make that the norm, whether I’m home behind a firewall or on public wifi. I am investigating getting an EVDO card for mobile web access, but I think that might not be possible for a Macbook. I might have to wait until I upgrade to a Macbook Pro for that.
Always keep an up-to-date backup of my blog: the database as well as other content like images or audio/video. This makes a quick restore not only easier, but possible. If possible, arrange this as a chron job to secure copy (scp) the content to another server. Don’t just rely on a Wordpress plugin to e-mail the backup to you. Wordpress plugins can be hacked. That’s what happened to me.
Check regularly for plug-in updates. Hackers exploit vulnerabilities in popular tools like plug-ins. Plug-in developers generally patch these vulnerabilities and release new versions of the plug-ins as these vulnerabilities are revealed. It seems like so far there’s no automated way to check for Wordpress plug-in updates (but I’ll keep looking for that). However, it’s worth doing a manual check of this once a week or so.
Just because it sucks doesn’t mean it’s personal. Most spammers and hackers are sheer opportunists. This blog hack probably wasn’t personal, even though it damn well feels personal. Just like when someone breaks into your car. It’s hard not to take it personally. I’m definitely pissed off, but I can let that go.

Most importantly, this experience shows the value of befriending geeks, and of having a generally collaborative and constructive attitude when dealing with people online. People really came to my aid here, and I am grateful.

If you liked my post, feel free to subscribe to my rss feeds

Post meta

This entry was written by Amy Gahran and posted on November 13, 2007 at 3:39 pm and filed under Amy's Adventures, blogs, friends, problems, solutions, tips. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment(Latest is displayed first) or leave a trackback: Trackback URL.

Share with others

Post I think this blog hack is under control (knock wood) to digg.

Post I think this blog hack is under control (knock wood) to Reddit

5 Comments so far (Add 1 more)

Tom, thanks again for all your help and support through this, and especially your calmness while I was freaking out. You really saved my butt here!

- Amy


3. Amy Gahran on November 14th, 2007 at 10:30 am
Except for making sure Akismet works, I think we’re out of the woods. Plus I have implemented most of a good backup system that backs up not just the database, but all content, incrementally.


4. Tom on November 14th, 2007 at 9:59 am
Jeremy, Neil, thanks for your support through this techno-hassle. My plug-ins are from wordpress.org — just reinstalled them all to the latest version.

I might try that Wordpress automatic update plugin too. Because of one oddidty of how my site is hosted, I just want to check with my top geek mentors first on that.

Thanks, guys

- Amy


5. Amy Gahran on November 13th, 2007 at 11:15 pm
The other really useful too is the Wordpress Automatic Update plugin (available from the Wordpress site), which makes staying up to date really easy. It also does a database and file backup you can download at the same time.

As for mobile broadband, there are USB devices sold by some carriers that do work with the Mac, though you do need to make sure they have updated drivers if you’ve updated to Leopard, as people have had problems. They work fine under Tiger.

Good tip re. always using https over http. I do it for Gmail but sometimes for get for other things. Time to fix that for all my wordpress installations at least.

And I’m definitely sticking around here, I like what I read

- Neil.


6. Neil Ford on November 13th, 2007 at 5:15 pm
Good to know you’re back at “yellow” alert only. I use wordpress 2.3.1. The plug-in display in the admin screen will warn you if the Wodpress codex has an updated version of your plug-in available. (Obviously, the plug-ins you use must be hosted by Wordpress.org for this update warning to happen.) It’s not an automatic email update, but it’s better than my old click the website for each plug-in method.


7. Jeremy Osborne on November 13th, 2007 at 4:33 pm

2 Trackbacks

By contentious.com - Dammit, this blog has been hacked again! on March 25, 2008 at 11:04 am

[...] As far as I can tell, this spam content has been inserted my home page as well as at least three recent posts. Obviously, this Wordpress blog has been hacked again. Like I didn’t have enough troubles with this last fall. [...]
By contentious.com - Having trouble posting comments to this blog? on December 1, 2007 at 12:39 pm

[...] may recall, a few weeks ago this blog got hacked by a spammer who apparently gained access to my blog by stealing my password when I logged in via a [...]