We inspire people to learn, work & live differently.
For companies and organisations who want to understand & effectively use social media.

Blog Post

«
»

MediaSnackers Website Exploited


A hard lesson in web security

(WORLD) Well if you hadn’t noticed, the mediasnackers.com website had gone messy over the past few days, I’m pleased to say that its back in action and so far, all is healthy. Without Kieran Mastertons help, we would have been screwed, because even though I’m the ‘web dude’, I’m far from knowledgeable about server intricacies to know what to do in the event of matters so catastrophic as what we’ve just experienced.

So what happened exactly?

A little link in our admin area that said ‘upgrade’ wasn’t clicked—so small, yet so important.

From that neglect, the site was compromised, code was placed all over our pages. Google, Blogger & Twitter blocked us, plus anyone that tried to access the site through Safari, FireFox, Chrome and many others. However if you’re an IE user, surprisingly (or unsurprisingly) you would have just seen our temporary page showing the site was down.

It would be easy for people to think ‘Oooo, WordPress is baad’, and it would be easy to think that ignoring a warning message was the fault, but much more than that, not understanding the implications and repercussions of ignoring a warning message is far, far worse than any ignorance on its own.

Post exploit, it’s now all about damage limitation.

One of the first things that was done, was removing public access to the site by putting up a temporary holding page, redirecting and informing all visitors of how we can be contacted, and then trying to identify the malicious code and remove it. Apparently the database had been compromised, so no matter what I tried to remove from the pages itself, it would always reappear. The full extent became clear after setting up Google’s Webmaster Tools for the website which reported malicious code on 7 pages.

Kieran confirmed that many of the WordPress core files had also been breached—nothing more we could do but remove the site, sweep the database of all the malicious code that could be located and reinstall. Finally dropping the clean database back in, adding the theme and plugins, getting everything running again, checking all the links to make sure everything works and pushing it live.

However, things will not be perfect for some time. Google needs to run a sweep of it again to check that its safe to let visitors back, including Twitter as well, not to mention a number of other sites and servers which we aren’t aware of.

Looking forward, it’s obvious to ask what can we do to prevent this happening in future? The truth isn’t so easy to swallow, as the answer is nothing. Nothing can guarantee that a website won’t get hacked, a server won’t be breached or a database compromised. The most any of us can do is to make sure passwords are as secure as is practically possible, plugins are updated with the latest versions, and any warnings about ‘upgrades’ are not over looked.

Fingers burnt, lessons learnt, and hindsight is 24hrs too late as usual. Ho-hum. Apologies for the turbulence people, normal service will resume shortly.

How about you? Have you had a similar experience? Or a security headache to deal with? Let us know in the comments.

Author: mark - 27/01/10

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Subscribe without commenting