Recovering from another blog hack attack

Things may be a bit quirky and strange around here, the most obvious would be a 6-month gap between this post and the rest of the posts in this blog. That’s the casualty of another episode of hackers taking over and screwing with my blog.

It was a total nightmare! I thought my theme were injected with malicious code again and once it’s removed the problem would be fixed. However, the problem was more serious than I thought. No matter which theme I use, the problem was still there; my pages and posts would only be displayed up to the title and the rest of the post/page just vanished.

The strange thing is, only the Archives page displayed as it should. However, I cannot make sense why this was so. I checked and re-checked the theme files of every theme in my blog and found no malicious code. This was something more complicated for my meager PHP/CSS programming skills could handle. For I found a folder in my root directory containing codes that inserted spam into my blog’s posts and pages. Since the hackers have already set a foothold in my blog, drastic measures had to be taken.

So with frustration and sleep deprivation settling in, I had no choice but to resort to deleting my old blog and starting again from a clean install. Everything went fine until it turned out that the latest copy of my blog’s database was damaged. So I had to revert to an older copy which I made six months ago. Meaning 6 months’s worth of posts went down the drain. Curse those damned hackers!

So now I beefed up the security of this blog, installing additional plugins like the Theme Authenticity Checker which scans each theme for malicious code as advised by my good friend Jaypee. I’ve also changed the password to a longer more secure one and I’ve also disabled user registration.

Another lesson in blogging learned the hard and painful way. Hopefully, this would be enough to protect my blog from hackers and spammers. Stay safe everyone!

*Image by gutter, licensed under the CC Attribution-Share Alike license.

6 Comments

  1. Sorry to hear about the loss of 6 months worth of blogging. Btw, have you tried recovering the posts via Google Cache? It might work for some recent posts.

    Anyways, its good that you found out about it right away before it got totally out of hand or more damage done to your blog. Also try installing Login Lockdown and WP Firewall to add more security to your blog and make sure all of your plugins are up-to-date. Hopefully this will be the last time that this happens.

    Reply

    1. I’m making sure this would be the last time this would happen. After I get back from a two-day seminar, I’m sitting down to further secure this blog of mine.

      I’ve already installed some of the plugins you’ve mentioned and will blog about it soon, so that others would learn from my experience.

      Also, I’ve tried Google Cache to recover some of the recent posts but it seems that Google had cached the garbled pages so it’s next to useless. But I’ve found a way to recover 90% of the posts I’ve lost! 😀

      Will blog about real soon. Thanks for the help dude!

      Reply

  2. That is nasty bro. Oh my…can’t imagine that happening on my blog.

    Good thing you are back, but 6 months of blogging is really a truck load of infos and posts running down the sink hole.

    Reply

  3. the good thing is it's up again. i'd like to read about more updates and lessons learned because i've also experienced some attacks lately. good thing I always have fresh backups of my databases.

    Reply

  4. Hmm I remember this happening to me a few months back:
    http://www.atmaxplorer.com/2008/09/my-experience-with-blog-hackers/
    Aside from stealing all my blog’s content (database and all), they had a script that turned my site to a spam machine and ulitmately deleted all it’s contents.

    Thank God I had a setup a weekly and monthly backup.

    BTW, are you on shared hosting or on a VPS? It’ll help to find out how the hackers gained entry by the access logs (bit of warning, it’ll be a LOT of digging). I suggest contacting your host and asking their investigative help :D.

    Reply

Leave a Reply