How To

How did your site get hacked?

Posted by on February 28, 2013 at 9:16 am

Everyone who has had their site hacked wants to know how it happened. Unfortunately there are a lot of way to get hacked and no single method for stopping it. I created this plugin because of a vulnerability in timthumb.php that got widely exploited about a year ago. This very useful timthumb script had a weakness in the way it was written that allowed hackers to place any script on your site thereby enabling them to gain access to your files and spread their infection. A newer and stronger timthumb.php was release to stop this abuse and it is fairly simple to update this file to keep your site from being exploited in this way. One of the things my plugin will do is to find old timthumbs and update them.

But, of course, there are other ways for your server to get infected. Many people don't realise that having their site on a hosting account with other site means sharing the vulnerabilities of all the other sites. Having your site on an isolated account, all by itself, can be a great improvement to your security. You will also need to make sure that your site up-to-date and has no vulnerabilities of it's own. Make sure the plugins and themes you have installed are secure and well trusted.

A lot of people think that they need to change there FTP passwords. This is not a bad idea but it's extremely unlikely that the a hacker is using your FTP account. Once a hacker has exploited a security hole in you website, hosting account, or server they will plant a script on your site to gain full access to your files. Then they don't even need your FTP to inject more malicious code and spread their infection further.

Unfortunately it may be very time consuming and costly to figure out exactly how you got hacked, but stay vigilant and take any security measures you can to avoid being an easy target. With every step you take to secure your site you become harder to hack and less of a target.

Aloha,
Eli Scheetz

Website blocked or blacklisted by Google?

Posted by on January 3, 2013 at 1:19 pm

Happy new year! I get questions about still being blacklisted after removing malware infections all the time so I figured I would share this to help people regain their reputation on the web.

If Google crawls your site and finds malicious code they will blacklist the site. Then Google will display a warning to users when they attempt to visit your pages from Google search results. Hopefully you are able to remove the malicious code (maybe by using this WordPress Plugin) but then you will also need to get Google to take down that warning and get you back on the search results.

You can check the status of any site on Google's Safe Browsing Diagnostic page:
http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http://gotmls.net
(replace "gotmls.net" with yout domain name at the end of that link ;-)

If you see the following message at the top then this site has been blacklisted:
Site is listed as suspicious - visiting this web site may harm your computer.

You can wait for Google to crawl your site again and this warning may eventually go away, or... you can login to Google Webmaster Tools and "Request a review" on the "Malware" page under the "Health" section.

It usually doesn't take more than a few hours and you can come back to that page to check on the status. Hope this help you all to a speedy recovery.

Aloha,
Eli Scheetz