Add to Technorati Favorites

Privacy Policy

At Gen Plus, we respect your privacy. Your information will not be shared with or sold to any other vendor. Third party applications (such as feed subscription) have their own privacy policies in place and are not affiliated with Gen Plus.

Gack…hacked.

One of the challenges with using open source websites (Gen Plus is created on WordPress.org) is that you are a bit more open to hackers.  And hacked I was.  For that past couple of days my site carried a site advisory, that malware was resident on the site.  No more….it’s been cleaned, but it was quite the effort.

For those of you who run  your own websites, here is what I did to get clean.  First, Google is fantastic…you receive a notification that your site has been hacked and on the webmaster tools are all sorts of tips and tools to clean it yourself.  I could have hired a specialist for $200, plus another $150 to hard code the site, but it turns out that I was able to clean the site myself, with a little help from WordPress plugins, a very helpful tech at my host (Bluehost.com), and customer support at SiteLock (you’ll now see the little SiteLock certificate of security on the bottom right of the home page.

There are two issues to address when your security is breached.

1) Get rid of the malware

2) Get your site reviewed by Google once it is clean so that you are again considered a “safe” site.

For issue #1:

I immediately changed all my passwords — both on email and on the entry port to WordPress.  Then I ran reports on Google webmaster tools to find out what the malware files were.  As soon as I had that info, I went into WordPress and made sure all my files, plugins and upgrades were taken care of — this got rid of the malware files pretty quickly.

SiteLock and WordFence (a WordPress security plug-in) both identified all the corrupt files, which I removed…basically deleted the posts or just deleted all the links so that no hidden malware could be lurking around.  I had to run scans several times to ensure all the posts were clean.  I also removed all the links from my Gen Plus List.  Sadly, I’ll keep the list off the site for now, since those links were hacked.

It does take a few hours to clean up all your files, so it might be worth it to spend the few hundred dollars and have a specialist do all the work for you.

For issue#2:

After the malware and flagged files were taken care of, I ran a final scan and got a “clean” report from WordFence and SiteLock.  Once I had the clean reports, I posted the certificate on my site and then (again in Google Webmaster Tools) did a site index and requested a site review.

Happily (as of today), the review worked and my site is back up and running.  I’m hopeful I was able to resolve all the issues.  If not, I’ll be plugging away, again, at finding and removing malware before I know it.

Thank you, also,  to the fine folks out there who let me know about faulty links and bounced email.

2 comments to Gack…hacked.

  • Thank you, Janet! This is very useful information.

  • Since we spoke about your blog just this week, and now here is a post after a long hiatus, I believe we’ve just experienced a “Frishbergism”, a word my father created (circa 1948).

    A Frishbergism is characterized by hearing a new word or concept one day, and then hearing/seeing that word/concept not many days later.

    It’s not coincidence/serendipity/chance, and, perhaps the word itself, Frishbergism, will prompt some to find the word Frishberg in the not distant future…

    I believe what happens is that we’re surrounded by words all the time, and when one catches our attention as ‘new’ it really was there around us before we paid attention, and then we are sensitized to it and register it consciously…

    I know, kinda deep for this early in the morning, but everyone has experienced it, and now can put a word to the experience!

Leave a Reply

  

  

  

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>