Monday seems to be the day that I will have to put out website fires.Usually it’s innocuous stuff but today –no such luck.
I opened my email and there was a message from someone I’d set up a website for stating the that his site was considered by Google to be a site that could harm computers.
I went into the site and after a lot of file examining I saw that in 2 places was this strange block of code*.
It might not print properly because my code plugin seems to have stopped working since I upgraded to 2.3.3
This was in there,too.
A software producing
qualidade-toques.com/toques-de-cel-maker.html for cell phone.
Hmm, so the plugin is working again.But so far that’s the only thing that has gone right today.
Other things that make it a Bad Monday:
- There was no coffee in the house for me when I woke up today.I have to have some coffee when I wake up or I will get a headache.
- It’s subzero weather.Technically it’s 23 degrees but to me anything under 36 is subzero as far as I am concerned.
- Someone left a mug of water in the microwave,which I didn’t see when I tried to make some popcorn…so the it couldn’t pop.I kept trying until the whole bag burned before I saw the mug.I had to pour water on the smoking,stinking, blackened mess I threw out or the trash might have caught fire.
- Ever since my dad’s host troubles for his site and the blog migration and etc to a new host,many of his post’s tags were converted to numbers (a hangover from his last host disabling pretty permalinks).I’ve just spent more than an hour looking through all of his posts and changing number based tags back to word based tags.
In an ongoing fight to improve all of my site’s SEO and Google rankings I constantly check in with Google Webmaster Tools. But not all the sites I managed are added to that dashboard, so the one site triggering Google to list it as a site containing Badware slipped by me until the site owner let me know about it.
One more lesson learned in my education as a webmaster:list every site you are responsible for or chance losing your client’s confidence in you.
And about that nasty little chunk of code:how did it get in there in the 1st place?
The website for stopping badware suggested it could be a hack job.I find this frightening to say the least.If it is a hack job, why was that code only put in 2 places? Why wasn’t it put into the theme template or core files instead of directly into 1 post and 1 page? You’d think a hacker, if they had access to the site’s internal files,would hide the evil snippet more deeply.The way it was added suggests the hacker had access to posts and pages and could edit them,and to do so one has to be an admin user,which means they had access to those template files.
Or perhaps it was just a nasty attack that occurs if you use a bad theme? Something pre embedded? For the site in question I created the theme myself but I did reference a downloaded theme so I could get some template tag questions solved,before I switched the site to my home made theme…and at one point the site was using this downloaded free theme.
Beware free themes even if downloaded from the WordPress ThemeViewer because even though WP ThemeViewer does a lot to weed the baddies out,they can’t catch every one. I’m not saying to avoid all free themes – just be cautious when doing so.
Note* Upgrade WordPress NOW
Turns out it’s none of the above.WordPress version 2.2 has a vulnerability that allows access xmlrpc.php which makes it possible for someone to access your posts.The warning in your dashboard telling you to upgrade and the news from WP about it isn’t just a tempest in a teapot. Google is treating the site that was infected like the plague,every single indexed page has the warning that it will harm your computer.Not worth it not to upgrade if you ask me.