prevedvsem123.cn eats Wordpress sites for lunch

By
Services for Real Estate Pros with API Network

Do not visit this site!The domain name was created 18 days ago and is said to be owned by someone named MichellGregory.   The IP address says the server may reside somewhere in the Ukraine.   The contact information for the site lists Michell as somewhere in the 2767729 zip code with a phone number of 1-387-900 fax: 1-387-900.    I tried calling but couldn't get through.  Hmmm.  Maybe I'll drop him a letter in the mail.

I would like to talk to Michell.   I would even pay for lunch just to find out how he might be connected to a recent attack on a number of websites, (one I cared about) that ruined yet another weekend, and most of today, cleaning up after some hackers that spewed their code like some out of control school kids with an attitude problem.

I understand hackers with a cause.   We were here!   You suck!   Obama is Satan.   John and Sarah are a perfect match.   Whatever.    I would never spend my time this way, but i understand it. 

Sites that hijack your traffic, and redirect you to pay-per-click adult sites.   I get it.  It's nasty, but it's a monetary model with a history of generating revenue.

Here's the Warning

If you run a Wordpress site, or any CMS, be alert to any unusual errors.  You might see a simple PHP error, either from the front or the admin side of a site.   In our case, one of our users was unable to upload a file.    Could have just been some harmless permissions setting.    What I found was pretty scary.

First some remote access software had been installed on the site.   It gave anyone with knowledge to that location full file access to the entire server.    A script had been run that appended and inserted some java script into just about every index.html along with random PHP files.   (Not actually a great hack, as it should have prepended the code, rather than tacking it on to the end)   And inserting it randomly into PHP files?   That's a bad plan as all that will do is alert people to the problem.   Anyway, it was a mess.    Without a clean backup plan, the site would have been toast.

If you should run into this, you can check out Stephan Miller's blog as that's where we exchanged some notes about this today when it was still unfolding.

Oh yeah, one more thing:  Don't trust your hosting company to fix these types of events.   If they do, consider yourself lucky.   Make sure YOU are doing your own backups and have actually tested the restore process.  

Hey Michell.  If you're reading this, drop me a note.  Lunch is on me.

close

This entry hasn't been re-blogged:

Re-Blogged By Re-Blogged At
Topic:
Real Estate Technology & Tools
Tags:
security

Spam prevention
Show All Comments
Ambassador
920,196
Missy Caulk
Missy Caulk TEAM - Ann Arbor, MI
Savvy Realtor - Ann Arbor Real Estate

Kase, how do you back-up WP ?

Oct 24, 2008 10:08 AM #1
Rainer
26,353
Kasey Kase
API Network - Mequon, WI
I'm not really a pirate

yup. pretty simple.  if you have a host the offers cPanel, here's all it takes.

http://apin.com/help/backup

if your blog updates lots (which I'm guessing this applies to you)  you can schedule this to happen every day at 2am so that you don't have to worry about remembering.

if you would like, let's get together and i can give you a quick review of how you're configured.

Oct 24, 2008 01:33 PM #2
Show All Comments

What's the reason you're reporting this blog entry?

Are you sure you want to report this blog entry as spam?

Rainer
26,353

Kasey Kase

I'm not really a pirate
Ask me a question
*
*
*
*
Spam prevention

Additional Information