Utter panic overtakes the average blogger when he hears from a reader that his site looks suspicious and browsers are showing the dreaded 'get me out of here' warning!
Recently that happened to one of our clients at WPBlogExperts. We're WordPress setup, theme customization and dashboard experts, so fixing actual malware infections was not highlighted on our services list. When the client asked us to help we took cleanup actions only to see the 'virus' popup somewhere else.
My WPBlogExperts co-founder, Ishan had some experience with fixing his personal site and also another client's site. He started by deleting some bad files and changing web host passwords. Everything seemed fine until more readers reported the site was redirecting to an unreliable url with a .ru domain name.
We tried a different online scanner to detect other bad files.This time it pointed to the Timthumb file being out of date and vulnerable. Several themes like Atahualpa and some plugins use Timthumb software for image cropping, zooming and resizing. About a year ago that software was a throughway in a massive security hole that exposed thousands of WP websites to being hacked. Mark states in his article on how his site was hacked:
"Timthumb.php simply gets a remote file and places it in a web accessible directory."
We upgraded the Timthumb file and the client's site scanned clean, but not for long --- the damage had been done and was spreading.
Resources for Removing Malware
We needed a much bigger malware cleanup campaign I suggested that the client use Sucuri's removal services. In the end they got the job done in a timely and cost-effective manner. The client was able to give a sigh of relief and get on with running his business. The removal was guaranteed and included ongoing monitoring and malware removal. I was surprised when they alerted him that we had put the site in 'under construction mode' a few weeks later!
There are lots of articles on what to do when you suspect your site is hacked. However bloggers aren't that technical and may get a brain freeze if they read things like
"Edit your wp-config.php and change or create the SECRET_KEY definition."
That's why if anyone asks for malware help I recommend Sucuri. WPBlogExperts is now an affiliate so this post has affiliate links to Sucuri for cleanup services. After the removal, we can work with you to take care of any technical work needed in WP or on the host. For example Sucuri might tell you to change your FTP or database password to comply with their scan warnings, or when repeated removal actions don't work.
For the Do-it-yourselfers try these resources to address hacked sites:
Sucuri Site Check - Get a free thorough scan of your site. They cache the last scan results so be sure to 're-scan' after you take any removal actions.
Reported malware sites - use this form to request Google to remove you from the list of blacklisted sites.
Tips: Things you can do to Prevent Attacks
Limit Login Attempts - a plugin to lock down repeated attempts to break administrator password. Make sure your password is strong by using symbols, letters and numbers. Don't use the default setup user name of 'Admin'.
Timthumb-vulnerability-scanner - a WP plugin to check if you have the exposed software. I ran the scanner of a test site and found an exposed earlier version of the active theme. So don't keep inactive themes and plugins - after upgrading your theme, delete the prior one.
Keep WordPress and plugins up-to-date - new releases often close security gaps.
Don't ignore signs that your site is being attacked. One client did not respond to a web host warning for several days because he was too busy. By the time he couldn't even install a new plugin we had a huge cleanup problem.
Share your thoughts
What's your experience with malware attacks, clean-up or prevention? Feel free to share in the comments below.
Ever feel like you want to use white-out on your blog for content you need to remove or replace? If you move from Blogger to WordPress, your posts are sure to contain text that you no longer want. For example I had a post template that added this to the end of new posts:
Notice the spider logo has a bad image address (it's no longer hosted where I had my html website ). I wanted to stop using the spider anyway. Also the signature logo has the wrong background color for this template and I no longer use it on recent posts.
My current post 'footer' is a simple call to sign-up by email. So I scratched my head until a resourceful teammate found this plugin for one of our clients. The client's blog had a funny rss-atom link that was used in the Blogger feed but appeared at the bottom of every imported post. Apparently Blogger screens out the line when displaying the posts.
A simple search for find strings in your database and replace the string. You can search in ID, post-content, GUID, title, excerpt, meta-data, comments, comment-author, comment-e-mail, comment-url, tags/categories and categories-description.
Step-by-step
Add and Activate the Search and Replace plugin. Find the plugin options under Tools on the dashboard. You'll notice and need to respect this warning:
Attention: You cannot undo any changes made by this plugin.It is therefore advisable to backup your database before running this plugin. No legal claims to the author of this plugin! Activate the plugin only, if you want to use it! Text search is case sensitive and has no pattern matching capabilites. This replace function matches raw text so it can be used to replace HTML tags too.
For images, get the current html that you want to replace and do just a search for the string before any replacements. Find a post and view the html mode for exact string! In my case the html for the signature was:
<a href="http://l.b5z.net/i/u/6049594/i/blog/relatedspider.gif"><img style="float: left; height: 50px; margin: 0px 10px 10px 0px; width: 60px;"src="http://l.b5z.net/i/u/6049594/i/blog/relatedspider.gif" border="0" alt="spider logo" /></a>
Place your string in search-only box, check the 'field' box press Go button The Search found 6 posts with that image string. (Write down the names of the posts just in case!)
So let's replace it for real. Rather than substitute a different image, I want to replace the spider logo with a line break: <br/> Be sure to first select where to search/replace --- I checked off 'content'. Paste the string, this time in the real search spot. Place the new string (in my case a line break) code in the" replace" field. Close your eyes and press "Go."
Here's what one post looked like after replacement of spider logo only:
No logo, aligns left
I then did the same for the signature html, replacing it with a blank line.
Tips and Strange Happenings
The results seem to include revision copies of the posts you want to change. And in one case I was editing one of the posts while the plugin was running so it created an autosave which I had to publish to see the removed text! So don't have any posts in edit mode at the time. Also the search only results had various post ids different from the published posts.
I discovered the actual html in terms of upper/lowercase varied so that my search missed some posts where the html had "Float:" instead of "float:" or placed the 'height=' in a different spot within the tag. So I had to find the variations and redo. It helped to search for 'spider logo' then see the posts listed and spot the variations. Perhaps depends on whether post was published in Blogger or WP and how WP felt that day --- who doesn't want a little variety? ... lol
You might ask was this worth it for 6 or 9 posts? Well, yes since the posts may be sprinkled in your archives and who wants to go hunting for them? If nothing else the search-only will give you a results list to go in and manually replace.
Bottom line, it works. Just be sure to backup your database. Happy erasing!
Let me know what you use it for --- leave a comment.
This article talks shows how you can have attractive social icons with counters and a Print Friendly feature. It's smart to have these icons on your post to encourage people to refer your blog on their social networks. As word spreads, you gain visitors and hopefully readers.
Edgy Bookmarks
The most recent release of SexyBookmarks from Shareaholic has a beta feature so that you see counters for Twitter, FaceBook, and other social networks. The counts are very (maybe too) discreet since the digits are partially obscured. There are various headings(in red) to select and many social site icons. You can also omit the heading for an even cleaner look.
Print Friendly
Having a way to print long tutorials can be very useful. Many visitors may want to print your recipes without the images, etc. While attractive the printer friendly icon takes up quite a bit of space:
Use Bookmarks to Replace Print Friendly Symbol
Select the Print Friendly bookmark icon and you can remove the WP Print Friendly plugin freeing up space below your posts. If you select the Shareaholic printer icon then readers can invoke the same print or pdf options that the Print Friendly plugin provides. I suggest you move that bookmark icon to the front of the row for better visibility.
The pop-up text guides your readers as the mouse hovers over each icon. The first one would read "Print with Print Friendly."
Resources
For Blogger:
How to add sexybookmarks on Blogger - I found this post with the template hack to add the Shareaholic bookmarks (without counters). Brings back memories of my hacking days and realization that you have to really want those gadgets in Blogger! I can't guarantee the hack will work for you but I can try to help if you leave a question here.
SexyBookmarks (by Shareaholic) - WP plugin that adds the list of social bookmarking icons to each of your posts. Select the PrintFriendly icon so visitors can see the same choices as outlined in item 3 below. i.e. the same software is invoked.
If you decide not to use Shareaholic plugin above, there are some bookmarking plugins that include a PrintFriendly icon. You may have to look for it in your options. Be careful, some have print icons that go directly to the printer with out options.
Print Friendly - Use the WP plugin if you want the standalone icon for more visibility. When visitors click the icon they go to the site where they select print (with or without images, etc.) or create a pdf.
to print a post found on couponproblog.com
Be sure to leave a comment on what you use and how these resource work for you! Good time to test that 'add to Twitter or FB' icon below this post [Hint, Hint]
I'm Shirley, aka SBA. Follow along as I explore the world of blogging. Learn how to better chart your path. Read my tips for creating and growing your blog. While you're here, grab my next post.
It is not a rare occurrence. Halfway through the what is surely the next bestselling novel, flowing straight from your fingers or pen, you crash head-on into a bout of the dreaded Writer's Block. Like a sickness, Writer's Block strikes at the most inopportune moments. Suddenly the writer is smacked by a lack of motivation, […]
Content is king. We can’t emphasize this fact enough. No matter how the Internet evolves, content will still remain as its key driver. That’s why to future-proof your business and your website, you always need to come up with content that is worthy not only of people’s attention, but also of the time they take […]
Of course there are alien themed online pokies and here weOnline Slots Play Pokies at Spin Palace. Get struck with the excitement offered with Thunderstruck, the online pokies
Online Slots number of other familiar casino slots.
NEW Slot Machines now on our floor!!! Come in and enjoy the best slot machines Casino Online Play!
AU$1000 FREE - the chance to Win BIG at our Online Pokies Jackpots! Online Casinos huge progressive jackpots waiting to be won when you play pokies online.
Recent Comments