Website Hacking – the latest worm.
Posted by Elizabeth Richardson | Under Website Hacking Sunday Sep 20, 2009Dear Website Owner,
I thought it important to inform you of some dramatic developments currently happening in cyberspace. Website Hacking.
Just like viruses and worms on your computer, a website can be destroyed, abused or hijacked by individuals or robots that trawl the internet searching for security vulnerabilities.
THE BAD NEWS – There has been a dangerous worm that has invaded many websites over the last few months. Sometimes called the “wordpress worm”, (though that isn’t quite an accurate description as other website software has also been reported to have suffered), but this is the one WE have experienced directly.
Find out more here – http://wordpress.org/development/2009/09/keep-wordpress-secure/
As a matter of precaution and courtesy, at no charge to you (and without causing alarm), I investigated all the websites in my care and found that MOST HAD BEEN COMPROMISED (INFECTED), INCLUDING MY OWN.
If you have noticed a decline in website traffic, lower page rank or your adsense earnings have dropped off just recently, then they are the direct symptoms of this initial attack.
Read more at http://lorelle.wordpress.com/2009/09/04/old-wordpress-versions-under-attack/
How did this happen? There are many theories and I won’t expand on them here, but I will tell you what happened in most cases to the websites I have dealt with -
- New users were mysteriously added to your website and were given administrator privileges. Most were not even visible in your wordpress dashboard, but they existed never-the-less and had the capability to do anything. I actually had to go into our major control panel to find and delete these mysterious users.
- Upgrading to the newest version of website software (wordpress) and auto uprading plugins FAILED.
- Malicious code had been added to various scripts and files. I also checked for that code, used a decoding device to decipher what it was trying to do and changed or deleted it when relevant.
- Hundreds of thousands of websites are probably infected and most do not know.
THE GOOD NEWS – The websites currently in my care are NOW CLEAN and the software has been upgraded to the latest version of wordpress.
I was working almost non-stop for three days to clean up your websites behind the scenes. The first day – 20 hours straight. I only took emergency jobs during that time and notified everyone else they would have to wait. Needless to say, I have just had a crash course in website protection, coding, decoding and php which will help me be able to serve all my clients much better in the future. Phew…!
HOW TO PROTECT YOUR WEBSITE IN THE FUTURE – Update your website software as soon as a new security level version is released. It is advisable to sign up for notification of these releases here… http://wordpress.org/download/.
BUT do check that everything on your website is functioning properly after the upgrade, as occasionally a plugin or theme breaks that then prevents your website from working as it did before.
There are no guarantees that this or something similar won’t happen in the future, but wordpress still provide the best, most secure and easily updated system that I know of, providing you keep updated with each new release.
SPECIAL REQUEST – Please do NOT forward this email on to your friends. There is no need to cause more drama and this information might not even be relevant to them. If you strongly feel the need to forward this email, PLEASE read these instructions for how to forward emails properly…Forwarding Emails The Right Way. This is very important.
If you have any questions, problems, praise, or concerns, please leave them in the comments box below, as answering individual emails or phone calls will get too time consuming. Make sure you subscribe to further comments if you would like to be notified of follow-up comments I really appreciate your assistance with this matter. I’ll need some sleep as well.
All the best,
Elizabeth Richardson
H Elizabeth thankyoui for all your hard work I hope you have a good sleep. I have one small problem no categories thanks bye Lorraine
Thanks for letting me know Lorraine…I’m straight on to it…no rest for the wicked!!!
That’s all fixed Lorraine…lucky you spotted that.
Thanks for your efforts on our behalf Elizabeth, we had indeed noticed our website disappearing and were going to get in touch but as we are still quite busy ….. you know how it is.
Looking forward to seeing ourselves on page 1 again as we constantly get comments on our beautiful website
Elizabeth, What would we do without you! I was blissfully unaware of a problem. All appears to be well on my site. Thanks for the herculean effort.Rest well. Linda
Update on the website ‘wordpress worm’ attacks…
Only 3 out of 35 or so websites I tested weren’t effected by this secretive worm (or so I could best tell) … most people won’t even have a clue this is happening because it hasn’t defaced their websites in any way, just hijacked their traffic, probably sales and definitely their adsense revenue as happened to me.
Its’ potential to do further damage was immense as ‘the worm’ had gained partial control of the administration area and could run ‘scripts’ (that’s tech talk for commands) at will.
I read masses of reports and complaints of annoying attacks coming in overnight at several different stages over the last few months.
Some damage was obvious as it messed up page links and added mysterious users in their dashboard, but generally the visual damage was virtually zero to an untrained eye, so it will really only be seen by dedicated technicians, webmasters and those who TAKE NOTICE of the security alerts.
I foolishly ignored the SECURITY warnings for several months, thinking “it wouldn’t happen to me!”
Several of my clients even mentioned that page rank or website traffic levels had dropped – sorry I wasn’t listening.
I read about one webmaster who takes care of over 100 websites. He has a huge job in front of him…but each client will pay for the cleaning service he does.
I did a quick clean of each of the websites in my care out of concern to keep my good name and my commitment to your website success.
The next time I do maintenance work for any of my clients, I will automatically check with a more thorough clean (just like doing a virus and spyware scan on your computer). At the moment though, the scans we do on websites are all manual labour, NOT automated and quite time intensive. Fortunately, after hours and hours of research I had a better idea where to look for damage which made it a little easier.
I do have to remind you though that it is YOUR RESPONSIBILITY as a website owner to keep track of your own site statistics, comments and feedback from customers…and this time if you tell me, I will listen more closely.
Wordpress is still by far the BEST content management system to build your website with. It was wordpress who notified us they has discovered a potential security flaw and provided us with an upgrade immediately…not only one, but two, within several weeks of each other as new discoveries were made. And they did this even at the risk of looking bad for not having fixed it completely with the first release.
I cannot guarantee that this or something similar won’t happen again but I am very grateful that I’ve learned how to better manage my clients websites…thank you for your tolerance when I brushed aside the questions about page rank and traffic drop and especially for putting your trust in me to build your website right from the beginning.
Here’s to even better website SUCCESS.