Repairing the damage

What you see here now is only temporary. Early this week it was discovered that my server had been infiltrated by some sort of hack that injected nasty code into almost every home page that existed on my server, and mind you I host several sites on this server. It sucked…still sucks…and this is the first step in recovery.

One hell of a mess

I got my first warning from one of the guys at my Redline Derby message board that reported his malware blocker alarm went off when they tried to visit the site. I checked it out and was welcomed by a bunch of PHP errors, which isn’t normal. I investigated to find that somehow the index.php files had gained an iframe tag that was loading some sort of hacker web site…probably Russian. After some of my own inspection and then some Googling, I discovered that this had happened throughout my server, not just the Redline Derby site. In a frantic panic I spent my lunch hour at work downloading the files, ridding them of the bad code and then uploading them, all the time knowing it was a futile effort. It kept my sites up just long enough for me to officially shut them down. As of Tuesday evening, all of my sites were offline.

I can only blame myself

I read up on this hack and all signs point to a hole in old versions WordPress blogging platform I use here and on every other one of my sites with a blog. Even though Redline Derby and Morning Toast were the only active WP blogs, I had other installs just sitting there doing nothing. Shame on me. And of course there were all rather old installs of WordPress because a) I’m lazy and b) my host only supported PHP4 and newer versions of WordPress required PHP5. Go figure. So the recovery process starts with updating WordPress to a current version that is less likely to have holes…and that’s what you see here.

Actually, this whole thing has some silver lining because it has forced me to clean house. I’ve had several domains that have come and gone but I left all there code in place. Lots of themes and plugins have come and gone, and I suspect one of them was the cause of this whole mess. And since every site on the list was offline it gave me the perfect chance to update my host to PHP5 and move to MySQL5 databases without much risk. So while I benefit from an upgrade I now have to go site-by-site and repair blogs and other stuff.

It’s unfortunate that the solution to this problem was clearing the forest and planting new trees, but I guess that’s the only way ever, huh? Consider my lesson learned. I got lazy and I paid for it but thankfully I don’t host sites for other clients anymore so the only person that loses is me. I’m also just thankful I was able to migrate data without losing anything. As you can see, this blog goes back to 2005 and that’s a lot of my life I’m not interested in losing.

I’m not sure how long things will remain this way, probably a while. Even though this is my primary blog, the Redline Derby site has daily traffic in the form of blogs, message boards and an online game, so I’ll be working to restore that to full function first. The reboot of Morning Toast serves as proof that this whole mess can be mended pretty easily and reliable. Step 1 complete.

Upgrading WordPress painlessly

I had to upgrade my WordPress to 3.3.1 (the latest) and found out it’s really easy doing it manually, assuming you have access to your database and files. I was upgrading from WordPress 2.8 and this is what I did without any trouble.

First thing I did was clear out all previous WordPress files a folders. I backed it all up so I could get to stuff but otherwise removed everything from the server. I then did a new install of WP331 like you would if you were starting from scratch. I let it create new database tables and everything, but I gave it a temp_ prefix so it didn’t cause any problems and would be easy to spot later. This is on the same database as your old WordPress data.

Once the config file for 331 was written, I edited the prefix variable so it would point to the old WordPress tables. Then I went to the admin page and WordPress prompted me to upgrade my tables…it does this automatically for you.

After that I was able to login and change settings to account for new URLs or whatever other changes needed to be made. No big deal. And that’s it. I was up and running on WP331 within 15 minutes and all my data was still there and happy. As long as your database records aren’t screwed, starting over with WordPress is easy.

 

Categories: Web World

Tagged as: , , , ,

1 reply »

  1. The same thing happened to me about 2 or 3 years ago. It’s a pain in the but trying to get everything up and running again. I never did put everything back out there. Why do people have to ruin things for everyone?

Leave a Reply

Your email address will not be published. Required fields are marked *