After four very stressful days, Veraperez.com is back in business.
The good news is that the Google mechanisms to detect and block malware distribution sites seems to work.
The bad news is that the Google mechanisms that detect and block malware rely on the cooperation of your browser. Safari loaded my site every time, there was no warning. Firefox would not load ANY of the subdomains, or even the control panel. I did not bother to try with IE because I could not risk infecting my XP in Parallels.
Still, I have two huge concerns:
1. How the fuck did I get infected? I was using the most current version of Wordpress, and I never work on my sites from Windows, so how the hell did the IFRAME get injected? Wordpress 2.6 came out AFTER I was informed that the site was infected, and I did not see any security advisory, so I can't tell if it was injected through a direct exploit, or through the comments.
I really want to know what happened, because I know too many people that use Wordpress, including a lot of my customers, and I need to be prepared to help them.
2. The cleanup process is way above the heads of most normal Wordpress users. I am a nerd, and it still took me four days to completely clean the site. I don't even want to think what would happen to the thousands of people that installed Wordpress because it promised them a simple, 5-minute install. On top of this, the Google diagnostics page gives you very little details on what was wrong, or so it seems. All information that I needed was right in front of me, but I did not notice it. Had I searched my Wordpress database for the IP address of the malware site that the IFRAME was loading from, I could have fixed this mess in half as much time.
If you are running Wordpress, and you are stuck with it (more on that later), then search your posts and comments for IFRAMEs, and make sure that you are on the most current version of Wordpress. There should be a feed that tells you when new releases are out, so you might as well subscribe to that too. If you are not using Spam Karma 2, go get it. It's free software, so all you have to do is download and install it. If you are running multiple copies of Wordpress, consider switching to Wordpress mu, so you only need to update one copy.
Stuck with Wordpress: that should be a very small percentage of users. In my case, I need Wordpress because I use a custom plugin for my text link ads. The only blog system that they support is Wordpress, so that is what I need to keep using. If you don't belong to that group, then maybe it is time to consider letting somebody else to run it for you. Wordpress.com has free Wordpress hosting, and Blogspot is not that much different from the workflow perspective. When was the last time that either Wordpress.com or Blogspot botched an install, or got pwned?
Also, just because you use a free blogging account doesn't mean that you can't use a personal domain name for it. I am on Blogspot, yet I am using Pedrovera.com for it. Wordpress.com has a similar feature but I don't know if it is free.
0 comments:
Post a Comment