Hacked
On Monday I spotted a strange issue with Blogstorm that was causing the blog to be displayed 4 inches down the page. I suspected it was a browser issue or some kind of hack but the source code was totally clean and it was displaying the same in multiple browsers which was strange.
After some investigation by one of our developers yesterday it turned out that the JavaScript file which powers the tab section on the right hand side of the blog had been hacked and an iframe inserted in the header. Luckily the iframe source was giving a 404 error otherwise my blog would probably have been flagged as a malware site and started redirecting all visitors to somewhere else.
We are still not sure how the hacker got into the blog but I am very careful to only use popular plugins and always update all plugins and WordPress as soon as new versions come out.
Post category: Blogstorm Tweet
Patrick Altoft is Director of Search at Branded3, a Leeds SEO & Digital Agency specialising in SEO, Web Design, Development & Social Media.
Comments
Read the 7 comments below, or add your own!
Hi Patrick – I still see the 4 inch gap…
http://i38.tinypic.com/r8xtg9.jpg
Oh, I did anyway…it’s gone now. Might have been a cached version I was looking at, or something like that.
Yeah, i am the regular visitor of this quality blog and really surprised to see that long header but thought that might be some coding problem. Any way its good that you recognize the thing as early as possible.
For those using WordPress, I compiled a guide on how to secure WordPress, avoiding a Google ban in the process.
Most of the tips. like knowing your plugins and changing default admin usernames, are easily applicable to big boy CMS’ like Drupal and Joomla as well.
Check your FTP program, your computer, it is getting inserted from there. There can be various in your computer, which is taking the FTP password saved in your FTP client.
So never have your FTP save a password, always go for “Ask for password”. Run your computer to malware and virus. Change your FTP password.
Even after that if this problem is not solved, let me know.
Thanks,
Aji Issac aka AjiNIMC of WMW
In firefox press ctrl-a then right click ‘View Selection Source’ to view the DOM Source (the source after all javascript has been executed), you would have seen the iframe source.
I agree with Aji. Check your PCs and any PCs you use for FTP. I had a nasty bit of malware, reformated my PC, everything was happy. Then a couple of weeks later, visited one of my own sites and it was Google Red Flagged.
The malware had ripped the FTP details out of my client software and uploaded them somewhere, and then they’d been used to insert JavaScript into the header of my site. I figured it out by trawling through my FTP logs. After I changed my passwords they still tried for weeks to get in with the old password.