Malware: A Precautionary Tale

This is one of those Thank God For The Internet/ Damn The Internet tales. I’ve used this Labor Day weekend to rebuild my blog, which was infected by Russian malware.

An odd glitch occurred when I was posting Friday’s entry — weird code attached to my permalink (the web address of each entry). Didn’t think much of it till I was glancing at my Twitter feed on Saturday. Someone mentioned WordPress blogs (my brand) were being invaded. I went exploring.

Sign of infection: weird code attached to permalink. Oh, sh*t. And an invisible administrator. I went to my user panel, where I regularly delete Russian spam artists. After I deleted everyone, ohhhhhhhh, there was only me but the count of administrators was two. What a creepy feeling.

Like my favorite Edgar Allen Poe story The Masque of the Red Death, no matter what precautions I took, the evil was already inside. And (it took me 24 hours to notice) all the links to my blog entries had already been permanently destroyed.

To make a long, long story short — after much research into possible solutions (for someone who is mystified by “finding the malicious javascript code” among all the files written in a scripting language I don’t understand [might as well be Russian, heh]), I decided I needed to take the nuclear option. Have Network Solutions (my webhosting provider) reinstall the blog, wiping everything out and starting over with the most updated version 2.8.4.

Luckily, I discovered that WordPress allows an export of all text. So, I did that — and took a little detour reading all my 300+ blog entries for the past 13 months (13, hmmmm). After the blog was reinstalled and I assured myself there was only one administrator, I was able to import my entries back. The precious pearls came back, though without any images and with completely different link locations. And my layout was trashed. Could have been worse. Could have been totally wiped out. Then I would feel like an amnesiac — 13 months of my life gone. So, phew.

Needless to say, my password is changed to something that looks like a long string of expletives &(*&22@@lIUY! And I’ve put up all kind of barriers to commenters and registrants.

The problem with the so-called community of the internet is that it’s only as good as you actively monitor for relevant information. If my webhosting provider knew that its WordPress blogs, on its own servers, were being invaded, why didn’t they notify all there subscribers of the danger??? Why did I have to depend on a random tweet to wake me up? Grrr…

Now I’m hypervigilant. I’m changing all my passwords. Someone is out there.

This entry was posted in Techno-Tyranny. Bookmark the permalink.