I am somewhat embarrassed to admit this but it must be done, because this blog is about honesty: it appears as though my site has been compromised. Again. As such, I must extend my deepest apologies to anyone who has heard weird music on my site the past few days, been redirected to spam sites, been lambasted with popups, had their Antivirus tell them terrible things about me, etc.
Now not everyone appears to have had this problem with my site– I think Adblock Plus kept a lot of the gunk out– but I know many people did, and since I have, from Day One, maintained a strict “NO ADS” policy on this site, it was rather distressing to me that this all happened.
Furthermore, I find myself wondering what I’ve done wrong. See, I’ve always been of the school of thought that if something like this happens, much more often than not it was preventable. And so you can imagine how embarrassed I am when I feel all secure with my hugely long letters-n-numbers-n-symbols passwords, and my Firefox and NoScript, and crap somehow manages to get past it all anyway. It’s frustrating.
Anyways, you did not come here to hear me rant, I think! Mostly I just wanted to offer this apology and also ask for blog readers to be on the lookout: I think I got rid of the parasitic code that was causing the problem but if you’re still getting weird redirects or popups, let me know. Heck, I’ll back everything up and rebuild this blog from the ground up if I have to in order to maintain the integrity of this site. I want this to be a safe, ad-free place on the internet.
THE MORAL OF THE STORY (because I like those, and I like excuses to make them): If you are a blogger, you can’t be too secure. Change your passwords frequently, make backups, use Exploit Scanner (awesome plugin), and keep an eye out for anything suspicious. The internet is like the “wild west” of today. Wild and untamed and ready to be claimed, but bandits abound and you gotta know your self-defense. And not die of dysentery. /nod
WELL, back to writing~
Aw, Pike! D: I’m sorry someone’s out there being a dickwad. We all understand, and hope everything gets worked out soon!
Also, dysentery is gross. 🙁
It happens to the best of us don’t worry about it, though I am considering getting myself an authenticator more and more.
Also thanks for the link to the plugin, just hope I remember to install it.
Good luck writing!
PS. I’m not stalking I’m just bored checking Twitter a lot :p
More than likely, it’s some newly discovered WordPress exploit. I’m not here to say that other platforms are better. Just that there are occasional exploits that pop up in WordPress (I know because that’s what I use for my blog, when I’m active).
I hadn’t been getting redirected to any websites. And I have the sound off when I’m just surfing websites, so I don’t know if I would have gotten any weird music.
I was, however, getting Cookie requests up the wazoo from websites I had never heard from each time I visited your blog for the past couple of days. You must have fixed at least one thing, though, because this time I didn’t get a single one. 🙂
I wish you luck in finding out whoever did this and stringing him up by his doodads.
Don’t let it get to you. I’m sure everyone that reads this blog regularly knows that you would never do anything malicious. The clarification is appreciated, but no apologies necessary.
<3
It really is ridiculous the amount of sheer attacks and malicious intent there is going around these days. It is something I have to deal with on a regular basis on my sites, particularly my wow related sites.
I really don’t know what to do about it either. I’m not sure if anything can be done except do your best to avoid being a target.
It’s sad really …
Being “patient zero” I thought something strange was going on, but the way the redirects were hitting I couldn’t tell if it was my end or your end that was flipping out. Good to know that it’s been sorted out. 🙂
Was it some kind of bogus PHP file being included somehow or what? Might give some clue as to how it got in and how you can keep it from coming back…
It might also be worth checking with your host that php and mysql are up-to-date on the server, as well as making sure you have the latest version of WP.
Ooooh, so THAT’S why my Antivirus program went crazy whenever I loaded a new page here! 😮 Glad to see that it’s been somewhat sorted out.
I feel your pain though. Even though I use Firefox and NoScript and don’t go to any suspicious websites or open odd emails, my WoW account got hacked. o.o I have no idea where the keylogger came from, but it was there. Since then I’ve started to run a virus check on just about everything I download before doing anything else.
… *gets paranoid and runs a full virus check on her computer*
That would have explained the music and talking I heard. Let’s just say the “vocal” ad would not have been work safe. I also don’t know why I didn’t fire off an e-mail to you, aside from the fact I was incredibly busy that day.
And on an amusment note – Oregon Trail ftw!
Heya Pike – That bites. I’m glad you were able to get it straightend out.
Any tips on the cause? An article about on how you secured AoTH form the usual charm and perspective that we have come to love from you would be a great, albeit off topic, read.
Stiff upper lip. Even the biggest sites get hit and hosed from time to time. *looks over at Google*