Been Hacked? Worried About It? Some Helpful Hints

Back in November of 2007, I mentioned that someone hacked my htaccess file, and did even worse stuff. Well, it seems that someone has done something similar to my good blog friend Beth at Blue Star Chronicles, as well as a few others, such as A Few Good Pens and Artist By Nature.

They have been getting spammed left and right, and there was damage to their files.

The first thing to do to avoid getting hosed is to protect yourself. I highly recommend Bad Behavior (paired with Akismet) to stop tons of spam and provide a good level of protection, Pete’s Custom Anti Spam for comment protection (very easy to use plugin, but, if you have upgraded to 2.5, you will have to edit the file either before uploading or through web ftp, since WP no longer has a file editor built in to the admin module), and Comment Timeout, which is easy to use and very configurable.

Furthermore, change your passwords now and then, and not just for the WP admin site. Change it for your host access, your SQL, and your FTP access. And make them long and with letters and numbers.

Next up, understand your htaccess file. If you do not know how to do web ftp, your really, really need to learn how to do it. Usually, if you access your files by networking through you “computer” or “network” module on your computer, you will not see the .htaccess file. And WP 2.5 does not give you access at this time. Plus, if someone hoses you, or it goes wacko, web ftp will allow you to fix it.

Make sure you make a copy when it is good. Keep it around. Go in to web ftp and check the file now and then. This is one of peoples favorite hacks, and can take down your site, redirect it, and other f’d up stuff.

Next up is if you are hosed. Web ftp is important here, too, since the files should be time stamped, so, hopefully, you can see which files got changed quicker. And hopefully see them quicker.

I’ve mentioned in the past something which A Few Good Pens mentions, as well. Namely, the source code. In IE, click View then Source. In Firefox, View then Page Source. It’s similar in other browsers. You can see what is running. Pay particular attention to what is in the head and at the end. A Few Good Pens made a good catch

……I removed the 600 lines of code from the header.php file, but on Saturday discovered that several hundred others had been added, referencing two different sites but similar content. In both cases, the blocks of code were surround by <font> tags that caused the text to be hidden.

What happened to me was in some other file, but, it is something to watch for. What I ended up doing is finally upgrading my version of WP. Fortunately, when Dreamhost does the auto upgrade, they put in a clean copy and import the data, plugins, themes, and other stuff, but the main types of files are brand new. That may not be so easy for everyone else. I would take a look at the post at A Few Good Pens, and see what the source code looks like. That can, excuse the language, fuck your world up with Google, Yahoo, etc, who think you are a bad site after a few days, and will drop you.

And the spam will slow the hell down your site, use your resources, and waste your time. I hate to sound preachy, but, be proactive. Safeguard thyself!

Save $10 on purchases of $49.99 & up on our Fruit Bouquets at 1800flowers.com. Promo Code: FRUIT49
If you liked my post, feel free to subscribe to my rss feeds.

Both comments and trackbacks are currently closed

6 Responses to “Been Hacked? Worried About It? Some Helpful Hints”

  1. This is the info I left over at ‘a few good pens’. It’s not spam. Really!

    I’m sorry to hear about your ‘hack’ problems, but even more pleased that you were able to solve the frustration.

    Unfortunately, things like google, intenet explorer, word press, et al are high profile ‘hook’ targets simply because those things are so common.

    Might I recommend ~not using googlag ad sense advertising? Amazon is a good start, but there are many other high quality, reliable ad networks. Try here for ten good choices. I chose ‘Chitika’, but it’s your preference. I was simply tired of being ‘evil’.

  2. Raven says:

    Great! I don’t do *ads** because they look tacky on most blogs- AND because someone said a couple yrs back that using Google Ads would put your site at risk for this very thing. Even non blog sites have been hit recently with this hacking. It’s all about spam and nothing more- one would thing the spammers would see how this totally defeats their purpose. But alas they’re probably liberals LOL!!!

    Teach what software do you use for ftp?? I need to get one.

  3. Hey, appreciate the info, locomotivebreath. I pretty much try to stay away from any Google integration, including their stats modules. I have toasted a theme or two that I like because I couldn’t get the stuff out of the template. I’ll check those ads sites out

    Hey, Raven. What I do for ftp is two fold. For PC ftp using a Windows device, I click on Start>My Network Places>Add a New Network (this is using my corp. laptop, will have to see if diff on my personal one with Vista).

    You will obviously need the correct settings. On my corp laptop, the connect shows under network places, on my personal laptop it is under the My Computer.

    I use this type of ftp basically for uploading, viewing, moving quickly back and forth, and copying the stuff there and pasting to my hard drive, particularly with folders. My web ftp is not so good with handling folders, except for deleting them.

    Most of the time, I use web ftp simply for deleting, checking the htaccess file, and looking at time stamps to see if stuff has been changed that shouldn’t. I use regular ftp about 90% of the time.

    Are you using Mac or Windows? If Mac, you should be able to set it up in almost the same way.

  4. steveegg says:

    While the main file editor is gone, the plugin editor is still there (at least on my freshly-installed 2.5 test blog). Go to the “Plugin” page and either hit the “Edit” link for the plugin you want to edit or head to the global “Plugin Editor” subpage.

  5. […] the motto is, “It’s not about being right, it’s about being drinking.” – William Teach has a few tips for those bloggers either hacked or worried about getting hacked. Go, read. – Kate has […]

  6. Peter says:

    Yes, I can confirm that my WP 2.5 install still has the plugin file editor 😀

Bad Behavior has blocked 10757 access attempts in the last 7 days.