Archive for March 30th, 2011

Hacked: Someone Is Posting Posts To My Blog

Author: Keith Lunt

Mar 30

Imagine the horrible feeling if one day you visited your blog and found lots of posts not written by you advertising adult products. Or suddenly your site is hosting phishing pages or trying to install viruses onto readers’ machines. What are you going to do?

The process all starts before you get hacked. If your blog is currently safe and you do not already do so, make sure that you are taking a regular backup of your work. There are plenty of available useful plugins to do this for you and if the worst happens, then you have a way out.

But, if you have been hacked then what are you going to do? If you are not hosting the blog yourself then you need to ask for a lot of help from whoever hosts the blog and they will need to clean up the hosting. However, with FTP access you should be able to sort it yourself, but you might still want to tell your hosts so they can work out what has happened and why.

And sadly, the first thing to do is to close the blog down. If you can move it to a different host then great, but that is not an option for most people. Run an immediate backup of your blog and store the files produced somewhere safe, but it is likely that you are going to just be deleting them anyway.

If you have been uploading images and videos to your blog then you really need to get your hands on copies of these. If you have the originals then great, else download them back off your server. But virus scan each and every one of them and make sure they are all what you expect them to be. In all honesty, if you can do without them then just delete them.

Next, delete the entire database (hence taking a copy earlier) and delete all of the files on your server. Delete everything, don’t leave a single file there as you do not know what the hackers have done.

Now, reinstall the blog from a safe copy of the files. Download the latest WordPress files or whatever you are using and install the blog again. Finally, look through your recent backups of your blog and find one that is from before the hacker gained entry. Use that to rebuild your blog.Yes, recent posts will be missing but the risk of using the most recent backups is that you do not know what back doors the hacker has left here and there.

To complete the task you now nee to prove that the version of the blog you have restored to is ‘safe’. Look through your settings. Are there any strange permalinks lieing around? What about extra user ids that you don’t recognise, or posts and pages that have been written that don’t belong. Don’t forget that you, or a hacker, could add a post with an old date so that it does not appear at the top of the list. The easiest way to find these is to look through the updated date on the database, just to make sure nothing devious is there.

And once you are back up and running, make sure that you have a strong password, use a good user id, that you are blocking brute force hacking attempts and that your computer is secured. Stop the hacker from coming back in!