what to do when your blog has been hacked.

Many of you may have noticed a big red warning in your browser when you’ve tried to visit the Fluffyland blog in the past two weeks. “The site has been compromised,” it read, or something similar. I know, because I got it too.

It was a mess, but I’ve finally eradicated it from my system and Fluffyland is clean. So we can all (especially me!!) breathe easy. But I still wanted to post a clarification, as well as some tips, for all of you: bloggers and non-bloggers alike.

How it Happened
Many people have said, “why would someone attack Fluffyland?” and I agree: why go after an innocent website? But my site was not independently targeted, or even purposely attacked. Some mean computer geek out there programmed a computer to search through the web, find sites with small security vulnerabilities, and input little bits of code in unexpected places. Those little bits of code can hurt the computers that visit my site, and they are very hard to find. After more than a week, I’ve finally found them all, and upped my security so it won’t happen again.

Blog Readers
If you have visited my site in the past two weeks (between 1/13 and 1/28), whether or not a red screen has come up, you should do a full virus scan on your PC to make sure it didn’t get you. Microsoft Security Essentials is a free anti-virus program for Windows machines, and it has this particular exploit in its list of definitions. If you download that and scan, it will find this virus if you’ve got it.

I am very sorry for any things that the bad guys made my website do to your computer’s health. All I can say is that I tried my hardest and lost a lot of sleep until it was finally gone.

If you have a blog, this could happen to you. I really, really hope it doesn’t… but in case your blog ends up distributing malware (and making you very sad), I thought I’d post a list of helpful links so you don’t have to read as many articles as I did.

  1. First and foremost, make regular backups of your site so you will have something to fall back on. I don’t do this enough, and I sure regretted it.
  2. Scan your site regularly with the Free Sucuri Site Scanner. Unlike Google scans, this does a fresh scan of your site as soon as you click the button, so you can see if your site (or any site you might worry about!) is clean right now. I am now in the habit of doing daily scans.
  3. Sign up for Google Webmaster Tools, because they will email you if your site comes under alert. It’s good for catching malware, as well as numerous other SEO-related issues. But the Google scan only takes place every few days, since it has the whole web to deal with, so your results aren’t up to the minute like Securi.
  4. Use WordPress plugins to scan through your blog files. Scanning manually is a pain, but I used the WordPress Exploit Scanner Plugin to find the malicious code so I could go in and remove it. Note: read the instructions for this plugin, because it finds lots of files marked “could be suspicious”. Most of them aren’t, so don’t get paranoid. But it’s incredibly helpful when you know something is wrong.
  5. The basics: change your passwords for your CPanel login, your WordPress login, and change your WordPress secret key. The articles below give more details. Make sure none of your plugins or scripts are out of date, and know how to take your site down quickly if you need to.
  6. Read up. Here are some articles I found helpful for both removal and future prevention:

I’m now armed and ready for the next little robot who tries to take down my site… we’ll just wait and see what happens to him!

2 Responses

  1. great info. I just found out my site had malware. I’m trying to clean it up…Sucuri says its clean…google says it’s not.

    • Sam says:

      If Sucuri says it’s clean, it is: the Google cache can just take a little while to refresh. If you log into Google you should be able to file for a “re-scan” to make that process go faster!

Leave a Reply