Back in November of 2007, I mentioned that someone hacked my htaccess file, and did even worse stuff. Well, it seems that someone has done something similar to my good blog friend Beth at Blue Star Chronicles, as well as a few others, such as A Few Good Pens and Artist By Nature.
They have been getting spammed left and right, and there was damage to their files.
The first thing to do to avoid getting hosed is to protect yourself. I highly recommend Bad Behavior (paired with Akismet) to stop tons of spam and provide a good level of protection, Pete’s Custom Anti Spam for comment protection (very easy to use plugin, but, if you have upgraded to 2.5, you will have to edit the file either before uploading or through web ftp, since WP no longer has a file editor built in to the admin module), and Comment Timeout, which is easy to use and very configurable.
Furthermore, change your passwords now and then, and not just for the WP admin site. Change it for your host access, your SQL, and your FTP access. And make them long and with letters and numbers.
Next up, understand your htaccess file. If you do not know how to do web ftp, your really, really need to learn how to do it. Usually, if you access your files by networking through you “computer” or “network” module on your computer, you will not see the .htaccess file. And WP 2.5 does not give you access at this time. Plus, if someone hoses you, or it goes wacko, web ftp will allow you to fix it.
Make sure you make a copy when it is good. Keep it around. Go in to web ftp and check the file now and then. This is one of peoples favorite hacks, and can take down your site, redirect it, and other f’d up stuff.
Next up is if you are hosed. Web ftp is important here, too, since the files should be time stamped, so, hopefully, you can see which files got changed quicker. And hopefully see them quicker.
I’ve mentioned in the past something which A Few Good Pens mentions, as well. Namely, the source code. In IE, click View then Source. In Firefox, View then Page Source. It’s similar in other browsers. You can see what is running. Pay particular attention to what is in the head and at the end. A Few Good Pens made a good catch
……I removed the 600 lines of code from the header.php file, but on Saturday discovered that several hundred others had been added, referencing two different sites but similar content. In both cases, the blocks of code were surround by <font> tags that caused the text to be hidden.
What happened to me was in some other file, but, it is something to watch for. What I ended up doing is finally upgrading my version of WP. Fortunately, when Dreamhost does the auto upgrade, they put in a clean copy and import the data, plugins, themes, and other stuff, but the main types of files are brand new. That may not be so easy for everyone else. I would take a look at the post at A Few Good Pens, and see what the source code looks like. That can, excuse the language, fuck your world up with Google, Yahoo, etc, who think you are a bad site after a few days, and will drop you.
And the spam will slow the hell down your site, use your resources, and waste your time. I hate to sound preachy, but, be proactive. Safeguard thyself!
