It will not happen to me, right? Wrong. This blog got hacked and the traffic was directed elsewhere. It took me a while to notice since having older cookies on my computer I was not re-directed, I saw my site and thought everything was a-ok. When I finally found out, I had to take the site down and it took me 3 weeks of after hours work to build CGmascot anew.
CGmascot is currently still being re-built. Some things like portfolio is missing but coming later.
CGmascot hack found and resolved
August 2011 I had trouble logging in to my Worpress. Having had connection troubles from home before I wasn’t worried especially considering my site was working fine. But then I tried logging again some days later, failed again, and got directed to some russian site I shan’t name here (they will not get anything from me ever again, not even mention of a name). A few nights of research later the results were these: I had wiped my webspace clean and only after, with a tip from a pro, tracked the issue to .htaccess-file. It was hacked, edited by adding extra lines of code hidden hundreds of empty lines below the regular content so I would not find it unless I knew where to look. The file directed CGmascot web traffic elsewhere, to well know sites popular sites like Yahoo, and I imagine brought some cash to the hackers who, again I imagine, are in business of selling web traffic.
How did the hacking happen? I suspect TimThumb plugin vulnerability that has caused pain to numerous Worpress users recently. TimThumb is a plugin that offers very handy automatic image thumbnails and more from your site and also from outside, and stores the files on the server. It is included in numerous Worpress themes like the one I was using. I’m not the right person to explain this, but a loophole in this allowed malicious code to get into your site and then lead to problems. I think whatever got onto my CGmascot accessed .htaccess-file and so re-directed the web traffic.
Naturally Timthumb has been fixed by the author since then.
Got to say I take this all very personally – after all CGmascot is a personal blog, my venue for writing and more. What’s worrying is that this can happen again. Worpress is a very fine platform, but like any such a system built on lots of code, database and use of plugins, it is bound to develop holes. Makes me miss old times: I used to make sites by hand, pure HTML, which is hard to crack as then the hackers have to brake in to the server the site is on, not just send some robot software snooping around for WordPress holes and abuse them in masses.
Steps you can take to secure your Worpress blog
I’m no WordPress expert so I will rely on links here for most part. What I can recommend though, is
- Keep your WordPress install up to date
- Make backups of your database and the folder your site is in.
- Make backups of your plugin settings and your theme settings so getting them up again becomes easy.
- Consider plugins you install for security, don’t just go nuts with them. Less plugins running means a faster site, too.
- Read about .htaccess, what it is and how to secure it. My approach for now is to make it unwritable – nobody but me can access it and even I have to edit it by hand from server side.
Following links should be of more help.
- How to Secure Your WordPress
- Comprehensive quide to htaccess
- WordPress Backups
- Hardening WordPress
- WordPress.org, FAQ My site was hacked
- How to fix TimThumb vulnerability
What’s next for CGmascot?
CGmascot is back and intends to stay. Sure content updates are less frequent than they used to be, but I do what I can. And now the site is all new. I hope you like the upgraded CGmascot 🙂