If you attempted to visit my blog on Friday using either Firefox or Chrome, you most likely received a warning that the site was compromised and dangerous.  While I’m still not sure how they got through, I can tell you that my blog was compromised.  Code was injected into the site in every place where javascript was being output that attempted to install malware on the computers of people who visited nick.pro.

No it was not because I was lazy and didn’t keep my blog up to date because I did.  The blog was already running the most up to date version of wordpress available.  The compromise most likely came through a vulnerability in one of the plugins or in the theme I was using.

My first inclination would be to pretend that such an embarrassing lapse of security never happened, but I thought that perhaps the tale of how I’ve brought things back up might help others who find their websites hacked as well.

The infection first came up on Wednesday night and was pointed out to me by a coworker.  I spent a few hours cleaning out all the injected javascript and doing what I thought would lock down the site from being infected again.  Unfortunately Thursday night at just before midnight, the infection recurred.  Rather than spend hours trying to clean it out again, I took the entire site down, and left up a simple “offline” message with a 503 status code to indicate that it was a temporary outage (as suggested under Quarantine your Site on google’s “Cleaning your site” help page).

Friday night I did a fresh install of the wordpress software with a new database, new database password, and new password for my user.  I then imported my content from a backup copy from well before the hack (you do make regular backups of your blog’s content right?) and manually copied over the images (and only the images) from a backup as well.

Because I am still unsure how the attacker gained access to my site, I installed only the bare minimum plugins to get my site functioning again, and for the moment am using the default TwentyEleven WordPress theme that comes with a stock wordpress installation.  When I have more time I will make a brand new theme not using any existing theme as a basis in case it was the theme I was using that was compromised.

I held off writing this “I’m back” post for the weekend in case somehow I still didn’t have the leak secured, but the site has not been compromised again, so hopefully the worst is behind me.


Nick Moline

Nick is a Senior Software Engineer at Justia.com, a company that makes legal information freely available online. Besides his work, Nick is an avid enthusiast in areas of Technology, Science Fiction and Fantasy, Musical Theater, and everything Disney.

Related Posts

Blogging

Seven Blog Posts in Three Days

Last week Barbara and I attended the annual Google I/O Developer’s conference in Mountain View.  We’ve attended every year since the first one back in 2008 and were glad to continue the streak. As you Read more…

Blogging

How To: Hide content from search engines, and why you would do it

My latest overview post on Justia’s Legal Marketing and Technology Blog is all about the Robots Exclusion Standard.  I explain reasons why you may need to block certain content from search engines, as well as Read more…

Blogging

A little bit about Structured Data and the Semantic Web

My latest post on Justia’s Legal Marketing & Technology Blog just went live and it is all about Structured Data and the Semantic Web.  I talk and write quite a bit about the Semantic Web Read more…