Hacked and mangled -- yet again

For the second time in two years my WordPress site was hacked, this time by Viagra spammers. Here are a few of the hard lessons I learned.

By  

Fortunately for us, our Web host Doreo quickly identified the cause and fixed that vulnerability within a few hours. This time the cause and the fix were a little harder to suss out.

We ended up paying Code Garage to scan our site and remove the malicious code. They pointed the finger at TimThumb, a WordPress utility that automatically produces thumbnail images for site landing pages. Last August, a zero-day vulnerability affected TimThumb that allowed hackers to execute their PHP code on any site that was running it.  As it turns out, the WordPress theme we bought for the site employs pieces of TimThumb code – including the flaws that were exploited.

Now we have to wait for the spammy search results to evaporate from Google’s cache before everything returns to normal.

Why did hackers do this? Odds are eSarcasm was simply part of a bundle of redirected traffic that was bartered on underground exchanges for a few pennies per page view, says Paul Henry, security and forensics analyst for Lumension, an endpoint management and security firm. 

Even if you religiously update your WordPress installation (and we’re generally pretty good about that) you may be vulnerable thanks to some easily hackable plug in, says Henry.

“My best recommendation for keeping your site secure is to gain tight control over any extensions for your WordPress installation and disable any you don’t truly need,” he says. He also suggested hiring an outside firm to periodically scan the site and validate each page several times a day.

Henry said the hacking problem is so insidious and pervasive even well-known tech security pros have fallen victim, much to their embarrassment. I asked Henry if it had happened to him.

“To date I have not been embarrassed,” he says. “I’ve been lucky.”

Wish we could say the same.

Got a question about social media? TY4NS blogger Dan Tynan may have the answer (and if not, he’ll make something up). Visit his snarky, occasionally NSFW blog eSarcasm or follow him on Twitter: @tynan_on_tech. For the latest IT news, analysis and how-to’s, follow ITworld on Twitter and Facebook.

AttachmentSize
esarcasm viagra hack cropped 600p.png128.08 KB
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

IT ManagementWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness