Just over 48 hours ago I updated the DNS settings and initiated the switch to the new server. Other than a slightly misconfigured Cloudflare CDN everything has gone smoothly. This is in part due to my experience of having done this a couple of times now, and in part due to the excellent and clear controls that SiteGround offers behind the scenes.
With so much personal data stored online, keeping your password secure is really important.
Troy Hunt, a Microsoft MVP for Developer Security has created a website that allows you to check if you have an account that has been compromised in a data breach.
Have I Been Pwned checks against 41 known data breaches, including 152,445,165 Adobe accounts, 4,789,599 Gmail accounts, 453,427 Yahoo! accounts.
The site is secure, and doesn’t ask for your password: just the username or email address that you’ve used to sign up for an online account. The site then checks it against a lists of compromised accounts.
As Troy Hunt says, “all the data on this site comes from publicly leaked ‘breaches’ or in other words, personal account data that has been illegally accessed then released into the public domain.”
I only use a couple of email addresses. Against one of them I’ve had no breached accounts—hoorah!
Against the other, though…
My main email address was involved in the big one: in October 2013 the data for nearly 153 million Adobe accounts was leaked. Adobe made it public pretty quickly and all users were encouraged to change their password, which I did.
I’m really impressed with this website: using leaked data for good, rather than ill. Check it out and find out if you’ve been pwned: Have I Been Pwned?
Note: the word ‘pwn‘ is geek-speak for ‘own’, implying that you’ve been dominated. It came about probably due to a typo as ‘o’ and ‘p’ sit next to one another on a QWERTY keyboard.
This is the kind of post that I’ve thankfully not needed to post for over nine years. Today one of my WordPress sites got compromised.
It all began with an email this afternoon from AntiVirus a WordPress plugin that scans your theme templates for malicious code injections. The email read:
The daily antivirus scan of your blog suggests alarm.
I had to laugh at the phrase “suggests alarm”. But after I laughed, I accepted their suggestion and for a few moments felt alarm, before realising that panic was no use and besides, I knew what to do.
I’m still not 100% sure what caused the code injection but I currently suspect two potential sources of infection:
I may have been one of 50,000+ victims of the MailPoet vulnerability that was made public days before I went down with viral meningitis! I had that
As the MailPoet site states:
There was a security issue in all the versions of MailPoet lower to 2.6.8, this security issue was making your site highly vulnerable (blog post).
It can really only have been a plugin vulnerability as I have to manually unlock FTP access whenever I want to upload anything. So it had to be an ‘inside job’. And I had MailPoet (formerly WYSIJA) installed that account.
I thought I had patched it…, but, perhaps with my meningitis-muddled head I didn’t do it properly.
How to clean an infected WordPress site
Whatever it was, it injected a bunch of obsfucated code into the top of all the PHP files on that site. A give away was that in the WordPress plugins screen all the plugins were disabled and reporting “the plugin does not have a valid header”.
If something similar happens to you, then you might find the following steps useful:
- Change passwords for:
- WordPress admin
- MySQL database
- Backup all the files on the site. (That took ages!)
- Delete all WordPress core files including themes and plugins (Do not delete user-uploaded content, e.g. images, PDFs, etc.)
- Download clean installation of WordPress.
- Upload clean WordPress files (except wp-config-sample.php).
- Rename wp-config-sample.php to wp-config.php, update with database details and upload.
- Upload a clean version of your theme (remove themes that you are not using).
- Install and activate required plugins including antivirus and security plugins.
- Check other PHP files for compromise, not just WordPress files.
I found this post on the WordPress support site useful: I am getting hacked evry two weeks? Help please. There are some useful links listed on how to clean a WordPress installation.
The main lesson for me to learn from this episode is to make sure I never get viral meningitis again when there are two (or more) critical vulnerabilities in the wild!
Oh, yeah, and always keep your WordPress themes and plugins updated… and if in doubt just delete them before they can cause any problems.
Sunday 19 October 2014
It looks like, based on this blog post from Sucuri WordPress Websites Continue to Get Hacked via MailPoet Plugin Vulnerability that the source of the infection was indeed MailPoet.
With the boys getting a bit older and taking more of an interest in the internet I’ve started looking into installing an internet filter to protect them while we’re browsing online.
There have been a couple of times when I’ve clicked on an innocent-looking video title on YouTube, for example, only to discover that’s it’s not as advertised. Like rickrolling, but more sinister.
While researching Google Chrome extensions I discovered this one called Christian Anti-Porn:
What it lacks in pornography it more than makes up for in gruesome images, this one taken from the Mel Gibson-directed ‘horror movie’ The Passion of the Christ (2004).
I installed it—fully understanding that it’s not a complete internet filter package—and gave it a quick test. What if I were to try to visit the Playboy UK website, for example? Sure enough, it blocked it, showed me a bloody and gruesome photograph of Our Lord on the cross, and a couple of inspirational verses from the Bible:
For if we sin willfully after we have received the knowledge of the truth, there no longer remains a sacrifice for sins, but a certain fearful expectation of judgment, and fiery indignation which will devour the adversaries (Heb 10:26-27).
But He was wounded for our transgressions, He was bruised for our iniquities; The chastisement for our peace was upon Him, And by His stripes we are healed. (Isa 53:5)
Great! It works, I thought.
By “works”, I mean it prevented me from viewing a pornographic website. I certainly didn’t feel inspired by it. It didn’t make me feel any closer to God. I think it may have had something to do with the horrific photograph of a man being tortured to death on the page.
I know that the cross is central to the message of the Gospel. But actually, I’m with Jürgen Moltmann on this one: you can’t separate the crucifixion from the resurrection. It was the crucifixion of the resurrected Christ; the resurrection of the crucified Christ.
Anway, I didn’t think any more of it and carried on with my evening’s browsing. I was working on my last blog post about browser new tab pages, and testing my new myfav.es bookmarks.
Imagine my surprise when I visited the BBC News website:
The BBC News website is porn?!
But I’ve got an app for that installed on my mobile phone.
And Facebook was blocked too. Apparently, it’s also a porn site. I didn’t know that. My Mum’s on Facebook!
And Google+ is too, it would appear.
I’ve uninstalled it. I’ll look for something else. But for now at least I know to keep the boys away from watching the news.
Interesting news item on the PC Pro News website: Lords want sloppy software makers held to account.
The House of Lords Science and Technology Committee is renewing calls for software developers to be held legally liable for security flaws.
Nice to see that software security is being taken seriously. Once they’ve nailed this could the Lords do something about spam next, please?