Do not visit this site!The domain name was created 18 days ago and is said to be owned by someone named MichellGregory.   The IP address says the server may reside somewhere in the Ukraine.   The contact information for the site lists Michell as somewhere in the 2767729 zip code with a phone number of 1-387-900 fax: 1-387-900.    I tried calling but couldn't get through.  Hmmm.  Maybe I'll drop him a letter in the mail.

I would like to talk to Michell.   I would even pay for lunch just to find out how he might be connected to a recent attack on a number of websites, (one I cared about) that ruined yet another weekend, and most of today, cleaning up after some hackers that spewed their code like some out of control school kids with an attitude problem.

I understand hackers with a cause.   We were here!   You suck!   Obama is Satan.   John and Sarah are a perfect match.   Whatever.    I would never spend my time this way, but i understand it. 

Sites that hijack your traffic, and redirect you to pay-per-click adult sites.   I get it.  It's nasty, but it's a monetary model with a history of generating revenue.

Here's the Warning

If you run a Wordpress site, or any CMS, be alert to any unusual errors.  You might see a simple PHP error, either from the front or the admin side of a site.   In our case, one of our users was unable to upload a file.    Could have just been some harmless permissions setting.    What I found was pretty scary.

First some remote access software had been installed on the site.   It gave anyone with knowledge to that location full file access to the entire server.    A script had been run that appended and inserted some java script into just about every index.html along with random PHP files.   (Not actually a great hack, as it should have prepended the code, rather than tacking it on to the end)   And inserting it randomly into PHP files?   That's a bad plan as all that will do is alert people to the problem.   Anyway, it was a mess.    Without a clean backup plan, the site would have been toast.

If you should run into this, you can check out Stephan Miller's blog as that's where we exchanged some notes about this today when it was still unfolding.

Oh yeah, one more thing:  Don't trust your hosting company to fix these types of events.   If they do, consider yourself lucky.   Make sure YOU are doing your own backups and have actually tested the restore process.  

Hey Michell.  If you're reading this, drop me a note.  Lunch is on me.

 
Posted by E.Kasey Kasemodel - Ann Arbor, Mi - Tech Advice on 10/20/2008 08:56 PM   Comments (2)   Wordpress in the Technology and Tools Channel   security  

2 Comments on prevedvsem123.cn eats Wordpress sites for lunch

OCT
24
2008
581,394 Points 95 Featured Posts Localism Sponsor Outside Blog Hit Router

Kase, how do you back-up WP ?
5:08pm • #1

yup. pretty simple.  if you have a host the offers cPanel, here's all it takes.

http://apin.com/help/backup

if your blog updates lots (which I'm guessing this applies to you)  you can schedule this to happen every day at 2am so that you don't have to worry about remembering.

if you would like, let's get together and i can give you a quick review of how you're configured.
8:33pm • #2

This blog does not allow anonymous comments
 
Rainmaker_large

E.Kasey Kasemodel - Ann Arbor, Mi - Tech Advice

Ann Arbor, MI

More about me…

API Network Corp

Address: 32 N Washington, Ypsilanti, MI, 48197

Office Phone: (248) 581-8806

Cell Phone: (734) 622-0231

Email Me

A bunch of potentially clever ideas to help attract new buyers and sellers via internet activities.


Links

Archives

RSS 2.0 Feed for this blog

Find MI real estate agents and Ann Arbor real estate on ActiveRain.