Recently all my hosting was shut off without warning, the host has since apologized and helped me out with tracking down the issues.
WordPress is notoriously a target for hackers, due to people not always staying up to date *cough*. Cleaning up after the fact is quite a burden.
I started finding some rogue files, edits to some of the wordpress files and a few other interesting things. It became whack-a-mole. You see a lot of small time people like me just used shared hosting. So you create an account and you can host a bunch of sites as long as you don’t blow your limits. It’s a good way to try things out for low cost, it is limiting, but good enough for most dabblers.
The reason the above is important is the hackers got through via wordpress and wormed their way through all my sites, wordpress or not, and placed these files everywhere. They would then target those placed files to launch attacks or infect other sites, etc. Heck even someone had hit the old cub scouts website (they have since updated away from wordpress) as it was a referrer that was hitting one of these files.
These attacks started back in October, I found files dated back to then. I felt like I got them all, then checked in a few days later. Bam, more! I was pretty floored. It was a lot of time and effort to navigate all the directories to find the offending files. I used the log stats the host provides to help identify areas I was missing which told me that some of these were nested multiple directories down so my plan of just looking for recently modified directories and files wasn’t enough because some directories looked unmodified until you went a few more down.
My next stop was to try using something to scan my sites myself to look for vulnerabilities. I went after it, spent a bunch of time getting my homebrew updated, getting dependencies installed then it was time for Docker. Well Docker told me to go pound sand, this 8 year old Macbook Air doesn’t have what it takes to do virtual machines. Sadface.
Since that didn’t pan out I knew there were some well known, popular and costly paid options. Keep in mind I don’t make a penny from these sites, they are mini-money pits when you account for the modest hosting cost and the domain costs. It’s a hobby for me I suppose. Anyway…I start searching high and low and try a few, balk at a bunch of others. I finally come across one that looks to fit the bill. So I install it.
So far so good, and guess what, it is freemium, so you get a good out of the box product that does quite a bit. Of course the few outstanding things they tell you you need to be really secure require an upgrade, but it looks reasonable to upgrade if desired. Giving the free version a shot for a bit.
No sooner do I install it, I let is scan, it finds more of these files that I missed, it found other modified core files in wordpress. Also, while I let it fix those things, it started blocking people right away. I was able to look at the logs and see that folks were trying to brute force their way in.
I installed it on some other sites as well, same thing, but nowhere close to the colume to attempted attacks as this gem of a unmaintained and rarely posted to blog. 🙂
Really my only casualty of all this is the Gallery I had attached. I have all the photos, but something broke, and I just don’t have the time to sort it all out and I’m not sure I care that much to do it.