UPDATE (4:17 pm): Attack Repelled?
After a day spent counter-hacking, Study Hacks should once again be back in business. That being said, please help me keep a wary eye for anything else amiss — it’s always possible a backdoor was left open.
I apologize for the few hours this afternoon when the site was down as I scrubbed it clean and updated it. For those who are interested in this type of thing, the attack I suffered is called the Online Pharma Hack. It’s a clever beast that presents the normal site to every user…except Google’s index spider, to which it presents spam. The idea is to hijack the site’s reputation in Google’s eyes to increase the ranking of certain keywords. The effect of the attack will still be seen for a while in Google search results (search for study hacks cialas to see what I mean), but hopefully, with re-indexing, they will eventually return to normal.
Finally, someone in the comments was worried about their e-mail information from subscribing to my feed. The e-mail subscription is handled by FeedBurner and all of your information is safe.
Study Hacks, Perhaps Ironically, Has Been Hacked
It appears that hackers have gained access to Study Hacks and have been inserting spam ads, among other intrusions, throughout the site. (Search for “Study Hacks” on Google to see the attacker’s “brilliance” in action.)
I’m working with my host company to re-secure and sanitize the site, and it should still continue to work fine in the interim, but there may be some weirdness in the near future as I update my software, etc., so be warned.
Two Notes:
- If you notice any hacked pages, please e-mail them to my attention to aid my efforts in cleaning things up ([email protected]).
- If you know anything about Wordpress hacking/securing and want to help, I would appreciate any assistance.
I’m crossing my fingers that any inconvenience will be minimal…
Feeling a lot more insecure about filling in my mail over here!
Still do it, good luck Cal.
Hope everything clears up soon.
Your e-mail subscription is handled by FeedBurner: it’s completely safe and unaffected by this attack.
I think we’re out of the woods with this attack. But let’s keep our collective finger’s crossed.
Lol. Picking the site owned by a guy who has a PHD in computer science from MIT to hack was probably not the best choice.
When I Google Study Hacks, the page link still says “Online Pharmacy FDA Recommended”
You should just write the blogging software yourself…
small, task-focussed… secure..!
With your background that’d be pretty easy…
WP is just to famous… the more people use it… the more people will work on hacking it…
A reader wrote me to say that Moveable Type is pretty secure — sort of the linux of blogging software: simple, under the radar.
P.S. don’t tempt me to write my own blogging software; it’s the type of thing I would do…
So THAT’S why my university blocked the site yesterday…..
I was so upset at the college’s filter. I knew you didn’t have anything up that was inappropriate or annoying.
Funny thing – at the same time, my college’s filter had a bug and was blocking random, harmless sites.
So glad you’re back on!!!!!!!
I noticed this like a week ago, but I thought it was purposely done. I’m glad that’s all cleared up. (^_^)
Well I do know of movable type but i don’t know how secure it really is.
Have you tried looking for the Pharma Hack on wordpress.org..?
Though i couldn’t find anything… after searching for Pharma, the following result popped up:
Well considering how they are obviously not capable of keeping spam off their own site, i recommend you just try some other blogging software!
Additionally since you’re a smart guy they probably didn’t get access by hacking your password. Since hosts are pretty good nowerdays, that shouldn’t be the issue either… therefore removing the hacks and changing the passwords won’t change the fact they can again somehow get access and do the whole thing once more… so changing the blogging software seems to be the only way!
I’m not an expert, all i know is that webspace hosts are generally pretty good at what they’re doing (if their security is breached, they normally reset all changes afterwards) and hacking a password that isn’t your last name requires the brute-force method, which should be blocked by WP as well as your host. So obviously the issue is the software itself or the computer you’re using to access your admin panel!
Someone correct me if I’m wrong..!
In fairness, I was running an out of date version of word press.
Glad to see you are back up. I noticed I couldn’t get on the site yesterday and for one scary second I thought you had just decided to stop the blog!
Call me crazy, but I don’t think the search result for this site (using google) should say “Online Pharmacy FDA Recommended……..:D
Hacking happens. Like any other crime, there is only so much prevention you can take. Cal, consider it a lesson learned. Do what you can and move on. 🙂 Glad the site is back up!
You are not alone in being a wordpress user who was hacked. My site was hacked three times within a six month period. As I was looking for how to fix it I found that many, maybe 100’s, of site had the same problem. At the time, I was also hosted by a large, popular company.
This company had many of its sites hacked. This company never took any responsibility for what happened nor could they explain why it happened. They did try to help though while at the same time trying to place blame on those who may have had an out of date version of Wordpress running. (Even folks with the updated Wordpress were hacked.)
Right after the last round of hacks I moved to a small hosting company where the service has been excellent. The company also keeps their servers up to date and my loading speed is better.
Anyway, I doubt is was a focused hack, but a script that searches for Wordpress sites on particular hosts. That’s my guess.
I’m having some difficulty trying to load your blog. I have read it many times before and never gotten something like this, but now when I try to load something it just takes a little while (4-11 minutes ) and then just stops. I’ve tried with www or not. Does anyone know what the problem could be?