Posted Friday, September 25, 2009 by momscashblog |
Here is a guest post by my blogging buddy Plin of
myfrugalways.com, he helps us understand what happens when we are hit with the dreaded “Reported Attack Site” on our blogs and how, what, and why this happens.
Plin:
Here is a post I wrote up. Hope this helps people that is looking for more information regarding Malware.
Malware, short for malicious software, is software designed to infiltrate a computer without the owner’s informed consent. The expression is a genereal term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.
There are many different types of Malware including computer virus, worms, trojan horse, ect. Each different types of malware varies in the way they infect the user’s computer and how much control the Malware has. One of the most common issues bloggers encounter is known as iframe injection attack. In an iframe injection attack, the malware inserts a piece of code that looks like:
/<iframe src=”*some bad website*//” width=1 height=1style=”visibility:hidden;position:absolute”></iframe>/
into your code base. The most common target files are index.* since it is the first page loaded by any website. Essentially what the </iframe/> code does is it forwards your website to the bad website. As a result if a user visits your site they will be directed to another site that might be filled with even more malware.
There are numerous ways in which the malware can infect your account but two of the most common ways are a result of hosting servers and ‘FTP. In the case of hosting servers, some hosting company does setup their security setting properly and as a result when an account is comprise the hacker gains access to other accounts as well. E.g. suppose JJ and my blog sits on the same server and I am running a very old version of WordPress. If a hacker hacks my account and the security is not set up properly, he can now access JJ’s files too even though JJ is very vigilant in keeping her copy of wordpress up to date. This is a known problem for some of the hosting company and it is why one should be wary of free/cheap hosting solutions. If you have ssh access to your account, make sure to change the permission of your files to the highest level.
2. FTP password. Most bloggers work on their wordpress files on their local computer before FTP the files to the server. As a result FTP passwords are often a target of malware. If you visited some unclean website, your computer can be infected with malware that sniffs for FTP passwords. The moment when you upload your files to your FTP account, the password is captured by the hacker and they can now automate the iframe code insertion process using your FTP password. In fact, it is better to use secure FTP (SFTP) so the data exchange between your computer and the server can’t be easily sniffed.
To cleanup after an iframe injection attack:
>Keep your anti-virus software updated on your home computer
>Update your WordPress to the last version. WordPress is known for security flows and they constantly release security patches.
>Change all your passwords. A good password should have a mix of upper case, lower case, and numbers.
>Avoid use applications that requires your password in on a public computer. Internet cafes are especially deadly.
>Check all your wordpress files for <iframe> tag and remove them. The key files are index.* However, other files might also be affected.
>Investigate how the attack was originated. This one is a little more difficult but I would suggest try to think whether you have downloaded unknown software recently
.
Some good blogging practice to keep your account safe:
>Rename your administrator account to something other to admin or administrator account. This will prevent attacks where the malware uses admin as username and simply try all the words in the dictionary. (Hint: using dictionary words as password is a very bad idea)
>Backup your database on a scheduled basis.
Posted Friday, September 11, 2009 by momscashblog |
Last week I had a Malware Virus to deal with, so upon visiting my site you may have seen the blog but also gotten a warning to stay away from this site or you could get a virus. (Don’t worry, it’s very safe!) For those of you with certain virus protection you did not see my blog. In it’s place was a red warning page titled “Reported Attack Site” and a paragraph saying this site was under attack… which is how I found out I had a virus on my own blog! I thought “well, I’ll just go to my WordPress and see what’s up. (Duh!) My site was taken down so there was no WordPress to go to. Also my webmail was taken down, and my blog’s name and domain was removed from all search engines. I’m told that if my blog did get into the search engines it would have had a warning saying not to come to my site. Ouch! But with the help of Hostgator, GoogleWebmasterTools, and Lloyd Lopez, I got through the malware attack pretty much unscathed. I didn’t lose anything and in the end, it was much less traumatic than I expected. Of course, when it first happened I was stressed, but so far, so good.
The message “Reported Attack Site” is a little confusing to me. I’m thinking maybe they should say “Report an Attack to Google” because that is what you have to do. Google detects the malware virus and shuts the site down to prevent it from going any further and protect anyone visiting the infected site. It is then your responsibility to get it fixed and send a report to Google. When it finally gets a clean bill of health they will put your site back up.
I found out that many new bloggers just abandon their blogs when they find the “Reported Attack Site” message because they don’t know what to do about it.Malware virus/hacking is something that all bloggers could encounter, so I will pass on the process that I went through to get my blog back up and running. Keep in mind that there are many different types of hacking and viruses, but mine was a malware virus. To learn more about malware viruses and how to protect your blog, go to WordPress.
1. Call your blog hosting company. Whenever your blog goes down you should call or e-mail the company who hosts your blog. I’d much rather call than send an e-mail because I like instant feedback, so make sure you have the telephone number(s) of your blog host in a notebook ready for these occasions. I use HostGator for this blog and they’re also the host for the MCB Free Blog Tutorial. I cannot say enough good things about them. They are patient, very helpful and easy to talk to for a non-techie like me.
1a. Send e-mail to host security requesting help. HostGator told me I had a Malware Virus and that I had to send an e-mail to HostGator Security to request help and tell them of the warning Google placed on my blog. Security immediately sent notification that they received my request and gave me a case number for the process.
(Of course, you could skip the initial call [1] and just send an e-mail to Security [1a], but I’ve always communicated better through phone… or face to face… and the call was very informative and reassuring.)
2. Wait for notification from host security. It took a while but I finally got an e-mail saying that HostGator assessed my blog and I indeed had been hacked with malware. They told me I was hacked into from WordPress versions that had not been updated, and that my site was now clean.
Problem Solved! (Just kidding!) Now you have to notify Google and wait for Google to approve you.
2a. Report to your Google Webmaster Tools. HostGator told me I now had to let Google know that my site had been cleaned of all badware, so I did. I then checked off the box saying “Please review my blog”..
3. Let Google review blog. I assumed I was in the clear, but Google informed me that they were still detecting “badware” on my site. So I called HostGator and they fixed each problem as Google told us of them. In my case this whole thing took about 3 days before my site was declared “cleaned of badware” .
3a. Wait for OK from Google. I checked my mail constantly and on the third day I was finally got the message: “Status of the lastest badware review for this site. A review for this site has finished. The site was found clean the badware warning from web search are being removed. Please note that it can take some time for the change to propagate.”
Keep checking to see if blog has propogated and you should be up and running when you see your blog online!!
Since my older version of hacked WordPress was hacked into, I had to change my passwords (for Cpanel and admin. log- in too) and make them very strong and I will be changing them often. If you haven’t started a blog yet, make sure you have a notebook or two to hold all of your many passwords, telephone numbers, and dates of expiration for your domain name, blog host, etc.
To decrease the changes of being hacked make sure you have very strong passwords with numbers and symbols mixed in and change those passwords often! If there is anyone who has had this happened to them or can share more information on this type of problem and/or would like to share in comments section or interested in a guest post please leave a comment.
