Wondering where I’ve been? This post should give you a good idea. However, this post has nothing to do with sex. It’s pure blogging geek. Feel free to skip this is you’re not a blogger. If you ARE a blogger? I suggest you read this, and if you’ve got your own contingency plans, share them in the comments.
One day you can be skipping along, tra la la, and all is right in your little bloggy corner of the intarwebz. The next it could all go kablooey and you’re surrounded by rubble goin “WTF just happened and where the hell is my blog?!?!” It can be your own doing, or it could be thanks to a nasty strain of crawler bots that I’ve seen making the rounds lately. I’m going to talk about both situations that I’ve been through this week because it might help someone else.
Part 1: The Sneak Attack Crawler Bots
In the last few weeks, I’ve seen “crawler bots” hit e[lust], Coy Pink, and Tied Up Events (as of this writing it’s still being fixed/moved). Each acted a little bit different but the result was the same – they got in through a sidedoor and either inserted a php file, a virus or changed php files. This resulted in redirects (visitor comes to your blog and then gets automatically sent elsewhere), trojan/phishing thingies laying in wait for visitors to arrive, an inoperable WP dashboard, or your hosting provider suspending your account because suspect that YOU are running a phishing site.
The only common thread between the aforementioned sites is that we’re all self-hosted WordPress blogs. Perhaps we all had a plug-in that had a security hole; I’m not really sure. Coy Pink’s wonderful hub Alec helped me get e[lust] back up and running a few days before their site got snagged. On e[lust], according to the log files, the crawler bot came in through my contact form (cformsII) which hadn’t been upgraded in a little while. We know it was a crawler bot because we could see the site who accessed it; visiting their website they claimed to be an SEO crawler, who harmlessly goes through your site and if you want a report on how ot better your SEO, you can email them. Ummmm, they’re doing it without permission. Website Grader does the same thing except you sign-up for it FIRST and give permission and it’s all above-board. The only way that e[lust] was easily saved was because my domain & hosting is through GoDaddy. GoDaddy automatically backs up my site files and keeps at least a few days worth. All we had to do was go into my hosting control panel there and do a restore/rollback to a few days before the crawler bot hit me and changed all my files. Yes, it changed all my files. How did I know? Because in the file manager at GoDaddy I can see the “file last modified” date and it was all the same.
On Monday, Diva was checking her stat counter for her sites and noticed some very odd activity. Namely, IP addresses all over the world were accessing (or trying to access) WP files, some of which didn’t even exist. Somewhere along the line they managed to install something and I think a phishing email was sent out – hence all the attempts from various IP’s. We think it was an email sent because most had no referring site, they just appeared, but one had a referral of an email program. It acted like a virus but yet even a “security scanner” plug in couldn’t detect it. Since she hadn’t checked Stat Counter in a week or two, it wasn’t caught in time. The damage was done. Shortly after it was noticed, their host (Midphase) decided to suspend their site/account while we were trying to get into the file manager control panel. After following Midphase’s instructions of what needed to be done before they’d unsuspend, directories/files that the crawler had created for phishing were deleted…..but it harmed the structure of the database. The WP dashboard was gone. Images were disappearing because database “links” were broken. The site is still there but just barely. Since Midphase charges you $30 to rollback to the night before’s file-snapshot, that did us no good. The day before was also corrupt……plus it was $30. The log files also only went back a day, so we couldn’t learn the origination of the attack. We couldn’t fix the current problem, but we could prevent it from ever happening again, so they’re in the middle of transferring the domain and hosting to Godaddy. Some people might not like Godaddy but I can tell you this: My blogs have never gone down because of server downtime, my ass was saved because of their automatic backing up and free rollback options, and I feel that their control panels are easier to navigate. Plus their hosting deal was less than half the cost of Midphase.
Tonight I am going to be working on e[lust], as we expect TiedUpEvents.com to be fully transferred over to GoDaddy sometime tomorrow. The moment it is, and I can access the file manager, I’ll be restoring their posts (thankfully only a few so we can do it the harder way) and designing them a new theme. This past week though my time was spent trying to fix up the NYC Sex Blogger Calendar site that I designed just a few weeks ago for Tess and Diva. We had found it necessary to transfer the domain and hosting from the name of the blogger who originally set it up over to Diva & Tess and therefore GoDaddy so that I was able to change the theme and design. We didn’t ask the right questions after the transfer was “complete” and as it turned out, we found on Monday while dealing with TUE that SBC had actually not truly transferred. When we were altering the theme, creating new posts, etc we were still accessing the old blog at the old host. I had 4 days of gut-wrenching stress and pins-and-needles while trying to untwist the messes of the funky database export and the lack of some very, very necessary files that would have gotten this all over and done with in half a day instead of 4 (also if all of Godaddy’s tech support people were as knowledgeable as the one who finally helped me get what I need and make it all work together, it wouldn’t have taken 4 days). I’ve learned to never rely fully on anyone now no matter what. However in Part 2 I want to talk about this kind of a blog mess and how you can prevent it for yourself.