My Malware Nightmare – and what you can learn from it
“Once this behaviour happens – your site gets blacklisted fast.”
Top 9 Posts
Subscribe to our Ace Newsletter.
Today, I’d like to share with you what I’ve learned you need to do to really lower your risk of having your website compromised by a malware attack.
Remember, I’m not a website security expert, but this is the stuff I wish I’d known earlier about WordPress and how to keep myself and my business safe.
First, let me tell you quickly what didn’t happened. I didn’t have data stolen, I didn’t have all the images on my site replaced with skulls and penises (though both are popular with hackers) – no, my attack was what’s called a ‘malware injection’.
This means that a backdoor is opened into your site and the hackers can then bounce massive amounts of data through your site for their spammy products. This means they can offer generic viagra and dodgy sunglasses with impunity, because it’s your site that appears to be spamming things not theirs.
Once this behaviour happens – massive volumes of emails and the like – your site will get blacklisted fast. And once it’s blacklisted, it’s a nightmare to get it listed as clean again. Which means your clients will see that horrible ‘this site is infected/back to safety’ page and you’ll have no traffic. And a bad reputation.
If you ever do get blacklisted like that – fight it of course – but it might actually be easier to get a fresh domain, a fresh name and start again. Bummer.
So it’s to be avoided at all costs. And as my background is in creating CGI for Hollywood films, I’m pretty geeky and aware of such things. I’ve lived behind a firewall most of my adult working life as all the big film studios are super paranoid about their data, but my business website… not so much.
I noticed the layout of my site was a little off just after Christmas. This turned out to be the only symptom – and thanks to my geeky graphics side, I was relentless in pursuing it. I bothered the theme support people, my hosts support team and got several high end Technical Service friends involved.
After a week of looking, we eventually we tracked it down to my config file being compromised. And by that I mean – it should have been about 1000 lines of code long… mine was 30,000 lines long. And those extra 29,000 lines of code were all redirects to rubbish spam and ways to make it look like my sites were sending it. ALL of them were now corrupted. And as I’d only recently ported to new hosts… I could see how it had used to be and what needed to change.
Does that mean I got it from my new hosts? Well no, it can happen anywhere. This is rather the point. They’re clever and it’s very tricky to work out where the injection was.
So things you must do (that I was doing already – and probably kept me safe a long time):
- Keep you WordPress plugins up to date
- And your WordPress version to the latest (but wait a week before upgrading in case there’s a security issue)
- Keep your theme up to date
- Remove your ‘admin’ login and replace with something more obscure
- Back up your site daily
- Get on WordPress optimised hosts
- Get a theme and hosting with really good support (I use Elegant Themes Divi and Siteground – both were amazing).
- Get Wordfence and scan your site regularly
- Get your hosts to scan your site regularly for Malware
- If you find anything suspicious on your site, delete it completely rather than mark it **_old – as it can still be a back door.
- If you can, get behind a firewall (not a rubbish one like mine, but a good solid one)
Now those last two are interesting – as all during my malware nightmare I was being sent regular emails saying ‘your site has scanned malware free’. But of course, I knew it wasn’t. And I was lucky that when I reported it to my hosts, they didn’t just delete my site completely immediately. Many hosts do as they want to protect themselves.
My malware seems to have been injected but not activated and now I’ve removed it and corrected my configs, all seems to be fine. My layout is mostly back to normal and I now have a much larger set of information about what needs to be done.
So, what’s the thing I should have done – that you should do – that I didn’t know about? Well it’s the industry standard, wherever you go to read about ‘so your website’s been hacked’ then one company comes up as the go to protection over and over again.
It’s these people – sucuri.net Now, I’m not an affiliate, and I get nothing from this – but really you need to get their $200 a year protection. I realise that sounds like a lot, but they are the go to people, get behind their firewall and have their experts look after you. It’s not cheap, but neither is losing your website and your business.
And this is all these people do – do the rest of the things on the list up there – hell do more and tell me what you’re doing… then get sucuri involved. They know what they’re doing and you want them on board before they’re picking the malware out of your site… you want that to never happen, I can tell you!
Now all this hunting for malware, has meant that our launch of Mastering Mastermind our Mastermind training program was rather put behind. So we’ve got a rather speedy launch going on in Jan 2016
Check that rather special deal here