Finally got hacked after 6 years of safe journey online.

Two weeks back, a simple site search site:ReviewOfWeb.com on Google revealed some unwanted results which clearly showed that my site was under attack. Here is how some of my site URLs looked like in Google. [Check the description.]

The interesting thing about this hack was that it was a conditional redirect, or in simple words, when you would navigate to this site by directly entering the URL in address bar, you would get the actual page of my website but when a visitor arrives from a search engine he would get re-directed to the spammers website in what was probably an iframe.

What should you do in a similar situation?

Calm down! It is unnerving to see your site being surrounded by malware and Google showing nasty links and text below your site URL, but the damage is done and you have to correct that. Worrying about it may make the matter worse.

How to identify the files that got hacked?

SSH to login to your website and find the last modified files by the timestamp. You can ask your webhost. In my case the hacker had inserted a base64_decode() in my wordpress header file. Though I was able to nail down the files which were hacked, just to be doubly sure I preferred to hire a professional malware removal agency Sucuri.net

Folks at Sucuri were super fast and removed the malware within half and hour of opening a ticket with them. They followed up with some general recommendations on how to prevent further attacks. The recommendations included changing FTP credentials, wordpress login credentials, database passwords, updating core wordpress, wordpress plugins and running a thorough virus scan on the personal machine. I did as advised by them.
To my surprise, within 2 hours the malware returned, this time affecting another file – index.php

This was more worrying since it seemed the intruder was targeting at will. While it is relatively easy to identify the files that get hacked, at times it is extremely difficult to identify how the intruder reached those files. Since I had already updated my wordpress installations and changed passwords, I nailed down three possibilities -

1. A vulnerable wordpress plugin that is not updated by the developer.
2. Vulnerable wordpress theme.
3. Open permissions (chmod 777) on my shared server.

First, I uninstalled all the plugins, removed all except the core tables from the wordpress database and then did a fresh reinstall of the plugins that were really required. Along with that, I also changed my theme framework from Woo Theme to the current Thesis theme (In the recent past, WooTheme framework had been targeted twice). There was an unused script in my account whose temp folder had open permissions, which I fixed.

Final Cleanup act

The excellent folks at Sucuri – a special thanks to David Dede – did the clean up once again and since then this site is pretty safe. Sucuri not only provides clean up services but they also provide a facility whereby your site is checked every 6 hrs for any major/core file changes. A premium wordpress plugin is included which helps in 1 click ‘hardening’ of wordpress installation, logging changes to your wordpress files and blocking bad bots from visiting your website. I have now upgraded my plan at Sucuri and secured all my sites. You can check more about Sucuri here

Over to you. Have you ever got hacked? How did you clean the mess? More importantly were you able to identify the source?

WordPress site hacked. Here is what I did to “un-hack” it is a post from ReviewOfWeb

We have often been culprits of handling our electronic devices without the necessary amount of care. Some of us despite being careful end up dropping or manage to land a scratch or two on our favorite device. It is to save our devices from such undesired events a product called Cliphanger is widely in use.

Cliphanger offers a line of products which allow electronic devices such as cell phones, Handhelds, PDA’s etc to be held securely by attaching these to other objects. Cliphanger binds itself with the electronic device by means of an industrial adhesive affixed to the device or by a screw and nut procedure. Even though, it may seem to be cumbersome, it is absolutely easy to use. The device can be easily detached from Cliphanger with the slightest of efforts.

Cliphanger also be used to hang the device on a peg or a hook. Since the free end of the product is rather flexible, it can be used to attach onto straps or loops also. Thus in effect, Cliphanger is a simple unit which manages to stay with the device for convenience without any bulk.

Since the launch of Cliphanger, the popularity of the product has increased tremendously, so much so that other companies have gone to the extent copying the features of Cliphanger and are selling them under their respective brand names. Needless to say, the quality of the product offered by the original designer and manufacturer far exceeds those of the copied versions available. Apart from these features, the customers of Cliphanger also get dedicated customer service with products tailored to their needs.

In an attempt to reduce the chances of local dealers cheating customers by pushing forward the cheaper, lower quality fake versions of the product, Cliphanger is currently available in only select retail outlets. Customers are also encouraged to order the product via the Cliphanger website or place their orders by calling on the numbers specified on the website.

PS: Use the coupon code PARADE during check-out to get 15% discount.

Go to ClipHanger

Secure your electronic gadgets with ClipHanger is a post from ReviewOfWeb