Hacked!

In the honest and constant war with spammers, scammers and now hackers, things are never dull in the life of an Internet Marketer. Just when you thought it was safe to get some honest work done and catch up with the ever growing mountain of “things to do”…

The other day I found out that some of my blogs had been hacked by some nasty little shitbag who thought it would be a good jest, a humorous jape, a great laugh etc to place some nice malware links inside some of my posts. Bastards. Honestly, it took me hours to go through them all one by one and clean out their shit from all my blogs that were affected… and as I’m really slammed with honest writing work, they were hours that I really would have honestly liked to spend doing something more productive.

So thank you very fucking much you slimy bottom feeding bastards whoever you are.

I honestly hope what goes around comes around and you get back one hundred fold what you dished out. I’m honestly not known for swearing in my blog, but that total waste of my valuable time was just the limit and that’s how utterly pissed I am at this.

What’s even more annoying is it didn’t take me long to figure out how they got in – through a stupid back-door that most self hosted WordPress themes leave intact either by mistake or by design, I’m not really in the right mood for being diplomatic here.

Here it is:

In your sidebar, there is usually a handy “META” heading under which are a few links – one I use all the time is the login link for editing my blogs. But under that is one we often don’t take much notice of and that’s the “register” link. It allows anyone to register with your blog and when used properly by honest people it can allow honest guest bloggers to write posts on your blog. When used by scumbag slimy bastard spammers and hacking sorts, it can give them access to your posts so they can add code to the HTML and hide it using the <noscript></noscript> tags, which is why most bloggers are unlikely to detect it until Google comes along and slaps a MALWARE WARNING page over the top of your blog!

Yep, it can spell disaster if it happens to be a high traffic blog – so if you have the “register” link in your sidebar, get rid of it. Or set your internal options unchecking the “Allow anyone to register” in your General Options.

Yeah, I know. Honestly, I should have realized and done it when I set the blogs up, but I didn’t know any better when I set these older blogs up, so it got left in and taken advantage of.

Luckily this Honest Way blog wasn’t one of the sites hacked. If I’d had to have gone back through all the over 200 posts, it would have taken me most of the day! But my Make Money Blog sister site with its over 100 posts was one of those that did get hacked and that was honestly not much fun fixing.

Ok, end of rant.

Another thing that you can do to protect the integrity of files on your server is to put passwords on the folders that contain sensitive files – I believe I posted about that way back sometime, ah here it is: Spammers and Attacks on Your Stats, where I outlined what to do to protect your server files.

Better to be safe than sorry – prevention is better than cure and all the other timely reminders come into play here, so be vigilant!

Terry Didcott – Freedom Writer
The Honest Way

10 thoughts on “Hacked!”

  1. Pingback: bloggingzoom.com
  2. It’s kinda sad, because you probably could have done a SELECT * FROM post_comments WHERE comment_body LIKE ‘%somedomain.com%’

    Then if it looked right run DELETE FROM post_comments WHERE comment_body LIKE ‘%somedomain.com%’, and made short order of removing them.

    Or if you had user-id, you could delete them by user id as well.

    I’m not sure what you’re running for blog software, but wordpress has a way to delete bad users, and it will remove their comments from the blog as well.

  3. Hi Erm,

    All good info, except they didn’t hack the comments – which I moderate anyway…

    They hacked actual posts, which is not easy to detect and deleting bad users won’t remove any code they’ve inserted.

    Nope, it has to be done manually.

  4. It’s reasons like this I’d like to institute a death penalty on “pointless hacking” when I become President of Earth.

    Seriously, though … I would be cursing a blue streak as well. One of the only ways I’d know my site was clean would be to restore the site from a database backup. This is done every 3rd day by default and automatically uploaded to a seperate server to prevent chances of losing data (by fire or hacking), but it would still be annoying as heck.

    I really hope that other bloggers can learn from this post and make sure their site is protected from the jetsam and flotsam that tries so hard to interfere with the flow of information.

  5. Hi Jason,

    I hope so too.

    That’s a good idea about doing a restore assuming of course that the hack didn’t occur before the backup was taken!

    What a mess we get ourselves into when we don’t pay attention to our sites every day!

  6. Ah, so it calls… I found different times pornographic content in my Diary and last week one site was completely full by similar things. I needed many time too to clean them. The problem is when it’s a free site/blog (as mines). Because if the owners find it before you… how have you to prove then that “you are not a camel”?

  7. Hi liudmila,

    I don’t know how blogger blogs are secured, but I didn’t think they could be easily hacked. You can secure the comments so only blogger users can add their comments.

    I know how destructive that can be if someone posts links to bad neighbourhoods but whether you have a free blogger blog or host your own, if Google sees them before you do, they can send your blog to limbo!

Comments are closed.