In the honest and constant war with spammers, scammers and now hackers, things are never dull in the life of an Internet Marketer. Just when you thought it was safe to get some honest work done and catch up with the ever growing mountain of “things to do”…
The other day I found out that some of my blogs had been hacked by some nasty little shitbag who thought it would be a good jest, a humorous jape, a great laugh etc to place some nice malware links inside some of my posts. Bastards. Honestly, it took me hours to go through them all one by one and clean out their shit from all my blogs that were affected… and as I’m really slammed with honest writing work, they were hours that I really would have honestly liked to spend doing something more productive.
So thank you very fucking much you slimy bottom feeding bastards whoever you are.
I honestly hope what goes around comes around and you get back one hundred fold what you dished out. I’m honestly not known for swearing in my blog, but that total waste of my valuable time was just the limit and that’s how utterly pissed I am at this.
What’s even more annoying is it didn’t take me long to figure out how they got in – through a stupid back-door that most self hosted WordPress themes leave intact either by mistake or by design, I’m not really in the right mood for being diplomatic here.
Here it is:
In your sidebar, there is usually a handy “META” heading under which are a few links – one I use all the time is the login link for editing my blogs. But under that is one we often don’t take much notice of and that’s the “register” link. It allows anyone to register with your blog and when used properly by honest people it can allow honest guest bloggers to write posts on your blog. When used by scumbag slimy bastard spammers and hacking sorts, it can give them access to your posts so they can add code to the HTML and hide it using the <noscript></noscript> tags, which is why most bloggers are unlikely to detect it until Google comes along and slaps a MALWARE WARNING page over the top of your blog!
Yep, it can spell disaster if it happens to be a high traffic blog – so if you have the “register” link in your sidebar, get rid of it. Or set your internal options unchecking the “Allow anyone to register” in your General Options.
Yeah, I know. Honestly, I should have realized and done it when I set the blogs up, but I didn’t know any better when I set these older blogs up, so it got left in and taken advantage of.
Luckily this Honest Way blog wasn’t one of the sites hacked. If I’d had to have gone back through all the over 200 posts, it would have taken me most of the day! But my Make Money Blog sister site with its over 100 posts was one of those that did get hacked and that was honestly not much fun fixing.
Ok, end of rant.
Another thing that you can do to protect the integrity of files on your server is to put passwords on the folders that contain sensitive files – I believe I posted about that way back sometime, ah here it is: Spammers and Attacks on Your Stats, where I outlined what to do to protect your server files.
Better to be safe than sorry – prevention is better than cure and all the other timely reminders come into play here, so be vigilant!