Sometimes, I wonder what the heck is going on.
After having my site offline for a few hours after what appears to be some kind of attack or hack, I’m back on. But that doesn’t come without issues. The company I host with was able to use a full backup from two days ago.
Unfortunately, that meant I lost items I have posted (and comments).
Thankfully, I can get the posts back via Google’s cache, so I will be able to replace them. And all comments come to me via e-mail, so I was able to replace them, too.
I also see some interesting things on the cached pages, that being links to stuff. So I guess I know what screwed up my site.
That doesn’t take away from the issue at hand.
How did this happen?
Unfortunately, the host wasn’t able to tell me what happened. All I got when I first e-mailed was this:
As far as we can see your website has been compromised and malicious code was inserted to several of your PHP files:
(I clipped many lines of website stuff here as it made NO sense).
In order to resolve this problem you need to
- remove malicious code from your PHP files
- update all your sites’ scripts to the latest versions available with needed security patches and keep them up-to-date
- change all your passwords and always keep them in a safe place
Please let us know if you need any additional information.”
Yes, I need additional information.
How in the name of holy hell am I supposed to fix this? I basically asked that, but in a nicer way, of course!
So all I was told was that they had a full backup from two days ago. And after looking to make sure I had the blog entries and I could quickly replace them when the site came back up, I told them to do what they had to do because I needed and wanted the site back up.
So, while I wait for them to use the backup, I’m writing this post. Hopefully things will get back up soon so I can then do what I need to do in regard to replacing posts/comments and letting the site get back to normal.
I’m now going to change all my passwords, get rid of a few things that seemed to be nailed with this attack and see if anything needs to be updated. Also, I’m going to do a backup now so it’s up to date!
They have given me a few things to do, but one includes using only WP themes. The theme I use is not a WordPress “official” theme as most of them are boring. I’m going to make sure, however, that all my stuff is up to date and I’m going to delete any themes I’m not using in hopes that it will help as well.
Hopefully this will be the only time this happens!
Feel free to leave a comment, or e-mail P.J. at hoohaablog [at] gmail.com. Also, please “Like” HooHaa Blog on Facebook by clicking the button on the right side of the page!