WordPress hack is nasty – check your site security

Measure of Security

Image by B Tal via Flickr

If you run a WordPress blog, drop everything and go check your blog security!  Wait… I mean drop everything except reading this blog.  Read, then drop.  Right, hope that is sorted out now.

The point is that there is apparently a security hole in WordPress that is A) a serious pain in the ass, and B) nobody is quite sure how it is spreading.  We were his with this on the Ignite Phoenix blog, and it took us the better part of a day to get back on our feet.

What It Is

We saw the problem when people visiting any of our pages were redirected to malware installation sites.  People using Chrome were getting errors immediately, and it was triggering anti-virus software from AVG to Norton’s.  After some research and help from Chuck Reynolds, we determined he had a variant of this Cloaking Hack. Originally just adding keywords to the infected site, the new version we had put the redirect into every page on our site.

We tried to scrub it from our files and database (yes, it messes with your database) but we kept getting re-infected.  We finally ended up having to move to a whole new host and reinstall everything from the ground up.  This was tricky since we could not reliably do an export from the previous site.

If you get it

Huge thanks to WP blogger’s cloaking hack post for getting us started down the road to repair. If you’re hit, I suggest starting here.  This bugger also hit Chris Pearson, the developer of the Thesis Theme, who made a great post on diagnosing and repairing the pharma hack (our problem was a variation of this).  The two of these are great resources and point to other places you can look to if you’re hit.

Secure your blog!

Do not want! Trust me, take the time and do what you can to avoid this.

  • Remove any old plugins and themes you’re not using.  Some hosting providers install a ton of themese by default. Get rid of them.
  • Use strong passwords. Don’t use something simple and easy to guess, or even common terms. This is good advice in general, but is is amazing how often it is ignored.
  • Keep up to date on software versions. Don’t let your plugins in or core installation lag behind.
  • Run a database backup plug-in, like WP DB Backup. You can have it back up your database and email it to you every day/week. We had to use one of our backups to restore to when we rebuilt the site.
  • Follow these WordPress security tips if possible.  Some of these may be tricky for some people to do, but try all you can.  #4 should be simple for everyone, and an absolute must.
  • There are other good posts on WordPress security if you want to get deeper, including some recommended WordPress security plug-ins.

Take the time to review your site(s) and tighten them down. If one good things comes from our meltdown, let it be that we can help stop it from happening to someone else.

Reblog this post [with Zemanta]

Year in review and the Ghosts of Topics Past

FirstFridayFreeze
Image by Moriartys via Flickr

I’ve never been a big celebrator of the New Year – a reset of our planetary lap timer – as having any particular meaning.  I reset my life, goals, directions, and attitude whenever it seems time. But 2009 was a completely crazy year for me in nearly every possible sense.

I rode the Light Rail with no pants on, leading to the formation of ImprovAZ.  I posed as a coroner, welcomed back strangers at the airport, and dressed in spandex and a skull mask in broad daylight.  I left my job at Intel at the height of a recession, started to launch my own venture, then left-turned into joining a digital marketing firm. Ignite Phoenix went from 140 people to nearly 600, with the last one including a band, a radio station, and a t-shirt firing robot. I started chairing the Phoenix Social Media Club. I helped found the non-profit Phoenix Innovation Foundation to support local events. I attended a mountain of great local events, and a most excellent SXSW for the first time. I was featured on the cover of the Phoenix New Times. I met so many great and interesting people that I think I could have a full time job just trying to have coffee with them all.

I also received quite an education about social media, the Phoenix community, and most importantly about myself.

During much of all this there were interesting conversations that flew about on blogs and Twitter, but I became less involved as the year wore on. Partly was for lack of time, and partly was due to the nature of some of the conversations. Hindsight being what it is, in some cases I think I made the right call, but others I’m not so sure.  Sitting here now, there are some things I want to say. Nothing profound, nothing earth shattering, just things I want to clear out of my noggin’ for my own year end restart.

I’ll likely start here, then kick some topics over to Improv Media as I get going.  Hopefully it won’t be too much navel-gazing, and hopefully it will help me get back into a regular writing cadence.  We shall see.

As always, comments and thoughts are welcome.

Reblog this post [with Zemanta]

Do you have the skills for Social Media?

A long time back I set up some job alerts at different career sites like Dice and Monster.com for Social Media positions.¬† I hadn’t received an email alert from Monster.com in a while, and I’d almost entirely forgotten I had it still active.

Until this week.

Monster.com is either drunk out of their minds, or there is a deep change coming in the Social Media landscape.¬† The same alert that once returned positions like “Community Manager” and “Wiki Administrator” in just Arizona have now returned:

  • Emergency Medical Science Instructor in Kinston, NC
  • 911 Dispatcher in Yuma, AZ
  • Lawn Tech in Ocala, FL
  • Triad Associate Dentist in Winston/Salem
  • Assistant Thai Cook in Destin, FL
  • Special Ops Personnel (Military Combat) in (No location given)
  • Manager at House of China Restaurant in (No location given)

The message is clear. Social Media has moved beyond trying to drive authentic, dynamic conversations and is now a critical component of every facet of our lives.  Where once you needed to just know how to set up WordPress, now you must know CPR. Where once you just had to know how to use Friendfeed, now you have to be able to carve shrubbery into funny animal shapes.  Where once you just had to know how to filter Scoble out from every damned Internet tool on Earth, you now must be able to infiltrate enemy governments while cooking Asian gourmet food AT THE SAME TIME.

I, for one, welcome the challenge.  And if you happen to be looking for a job yourself, I think there may be a Web Developer position opening up really soon over at Monster.com

Meanwhile, back on the blog ranch…

Just cleaning up and getting this place up to WordPress 2.6 and refreshing a few of the plugins. Once upon a time it used to be a pain to maintain web sites, then blogs came along to simplify the content management and posting.¬† Now blogs have become so feature rich I sometimes think we’re back at Square One.

Most of my blog time has been going into Ignite Phoenix and Writing Is Cake, but I hope to restore the balance a bit.  Also trying to get my wiferoni blogging here, which should be an interesting prospect. :D

Blogaholism… a dangerous disease

I think I’ve finally started enough blogs to fill my drunken, insatiable need for the things.

This blog was morphing into a writing blog, but now I’ve spun up Writing Is Cake with some folks from my writing group, so all my writing nonsense is now over there.

I’m also in the process of kicking off Ignite Phoenix with Halfacat, and that’s coming along at a reasonable clip.

Between all that and work (and my actual writing for myself!) my fingers are wearing down to nubs.  That should cover me for a bit, so if either of those categories interest you, please check out the sites.  If you just want info on me being me, that should start up again here.

If anyone sees me starting another blog, please shoot me.

Some people never learn

…and I am one of those. Way back before the interweb was open to the great unwashed masses I ran a computer bulletin board system (BBS) in Arizona called first SHO-TRON, then The Rock Garden. It was on this BBS where I first learned the dangers of yammering about things upon which I had any sort of a quasi-formed opinion. I came, I wrote, and it kicked my ass.

I learned to keep my big mouth shut for the most part. Then a year or so ago a coworker talked me into starting a blog on my company’s internal blog site and yea, verily, did history up and repeat itself. I nearly got myself fired, created quite a mess, and became fascinated with the whole blogosphere. It’s the great-great-grandsomething of parts of the BBSes I used to use, and I still have no idea what I should talk about.

Fortunately that doesn’t usually slow me down. Now I’m setting up a wordpress blog on my long neglected web site, and we’ll see what happens. Should be amusing if nothing else.