Take a long holiday weekend, combine it with being home with a preschooler and infant twins all weekend with a husband off working, and you have a recipe for several days of I-don’t-have-time-to-read-my-tech-blogs.
Mix in an insidious worm making its rounds and infecting self-hosted WordPress installations, and you’ve got me, right now, steaming mad at spammers, whom I like to frequently refer to as the wastrels of the internet.
This morning at 5:30am, while scanning through some of my favorite tech blogs, I came across a post about this worm, and of course I started checking our clients’ blogs.
Yech, one client has been hacked. The blog is not, thankfully, ruined, but the process that has to be done in order to heal the blog is slightly arduous.
WordPress.org says this:
The tactics are new, but the strategy is not. Where this particular worm messes up is in the “clean up” phase: it doesn’t hide itself well and the blogger notices that all his links are broken, which causes him to dig deeper and notice the extent of the damage. Where worms of old would do childish things like defacing your site, the new ones are silent and invisible, so you only notice them when they screw up (as this one did) or your site gets removed from Google for having spam and malware on it.
How do you know if your blog has been hacked? Lorelle On WordPress says:
There are strange additions to the pretty permalinks, such as
example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”
The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account, but Journey Etc. has a possible solution.
I have clients who opt to hold off on a WordPress upgrade because maybe they are reticent about having to learn how to navigate around a new backend interface, or maybe they are concerned about the time it will take to upgrade (note: the newer versions of WordPress have a great automatic upgrade feature built in, so upgrades shouldn’t take any longer than 5-10 minutes, depending on if you have to adjust any of your plugins for the upgrade). The ever-popular Lorelle On WordPress says it best: “This attack is serious enough to overcome all your fears of updating.” And as far as the cost of having your web team do your upgrade (if you don’t know how to do it yourself)? Far less expensive and much less of a hassle than having to then have your web team clean up after an attack.
Now, if you will excuse me, I’m off to do a whole slew of upgrades, and hopefully no more clean-ups!