MMM Blog has been Spammed – ignore any fishy links
Looks like the Fortress of the Mustache has been penetrated again!
A spam script somehow hacked into the WordPress system that runs this blog, and sprinkled random evil links for pharmaceutical junk around – one in each article. They are quite obvious, but be sure not to click on them, or you’ll end up sending profits to the evil instigators.
This happened once before in September, and Mrs. M documented how it was fixed: http://www.mrmoneymustache.com/2011/09/05/mmm-has-been-hacked/
I thought we had it fixed yesterday, since the links disappeared, but they seem to be on autopilot, usually gone but sometimes there after refreshing the browser. The HTML code of the underlying articles is unaffected when viewed from the editor on my side, so the hack is deeper in the blog’s php code.
It can definitely be fixed, and everything else is working fine in the mean time. Just wanted to let you know, and my apologies for any inconvenience.
Article: How To Start a Blog
Where to next? Check out a Random Article
|
Stay in Touch: Subscribe to posts by e-mail, RSS Feed, or follow MMM on Twitter and Facebook.
Join the Conversation: Learn from Like-Minded Mustachians in The Money Mustache Community |
Mr. Money Mustache is a family man living in the United States who retired from work, relatively wealthy, at about age 30. After several years of retirement, he noticed that his still-working peers were envious of his lifestyle. They were making more money than he ever had, yet they were somehow still broke. So he decided to write this blog to educate the world on how it is done.
Thanks for the heads-up!
Are you using Akismet? If not, you should. Does a great job.
Akismet + WP-SpamFree works really well. I rarely have any spam comments get thru my blogs or my clients blogs anymore.
Now script hijacking is something you have to stay on top of by limiting how many plugins you use and keeping things up to date.
Also, if links in your comments are NOFOLLOW then spammers don’t really have a use for your website. If your links are follow though, then you’re giving your pagerank authority away to commenters.
Yeah, I do use Akismet and I agree that it works great (it catches hundreds of spams per day!). But this attack was an actual break-in of some sort – either to my own wordpress installation or to Bluehost itself. It was surprisingly easy to fix, which is why I’m a little wary for now – Almost Toooooo easy.
Was it a Complainypants that wanted to take you down? :)
I use wufoo for my contact form. I prefer it over contact form myself.
Try https://www.cloudflare.com/, they proxy all your traffic so you save on bandwidth and they block attacks and it’s free!
You also benefit from their CDN, your content is cached near your visitors so it load faster.
Interesting service, I had never heard of it. I’ll research it a bit further, it could be a win.
I’m amazed they offer a free service! In fact, I’m amazed how cheap everything is for the internet these days – unlimited traffic and storage, etc. This blog pumps out at least 200 GB per month to its readers, which would have been quite expensive in the olden days (I remember 1GB/month limits not too many years ago!), now the $7/month Bluehost account handles it without complaints.
This happened once before in September, and generic keyword viagra
doesn’t look fixed to me unfortunately.
Unfortunately, this is still showing up in the first paragraph:
“This happened once before in September, and generic keyword viagra Mrs. M documented…”
Here is what you need to use with WP to help keep it secure. These are great free WP plugins.
Website Defender WSD Security Scanner
Website Defender Secure WP
Ultimate Security Checker
Wordpress File Monitor
WordPress File Monitor is especially nice since it will scan/log the site files and notify you when changes/additions/deletions are made.
Hope this helps!
P.S. I started using these after a series of hacks last summer in some blogs and no issues since.
You don’t need half of those if you just follow the directions WordPress.org has laid out on how to properly harden your installation of WordPress.
More plugins is not the answer. I set these blogs up all day long for clients without problems.
I’m with MediaTemple.net on a DV and also use the Cloudflare service which is great.
I can tell you this, I shouldn’t be able to type wp-admin and get to your login, and I REALLY SHOULD NOT BE ABLE TO SEE THIS:
The permissions on your site are set correctly, you need to get a blank index.php file in there ASAP as well.
Do you 100% need these? No. Is it a quick and easy way to scan and ensure that you have set your site to the WP suggestions and then some? Yes.
One of the more useful ones here is the monitor plugin. Which notifies you of changes and where they happened. WP has a ton of files and folders and it’s a pain to have to make sure some rouge file wasn’t placed out in your site files. This will at least let you know if/when/what changes in the site so you can know if you did it or someone/something else did it.
* correction, are set INCORRECTLY, looks like wp-content set to 777
Cool, thanks for the tips Mr. Key! The Lady and I will definitely make those changes, and any other advice from blog security experts is very welcome.
You might also want to check out a plugin like WP Security Scan. It’ll look for various common security holes and suggest ways to fix them. It doesn’t scan for blank index.php files in various subdirectories that don’t have them by default, though.
Thanks for all the help everyone! We’ve implemented a few of these solutions and I’m hoping things will run smoothly from here on out. Let us know (via the contact form, please!) if you see anything else that looks fishy.
Thanks!
The blog I write for was hit several week ago. It was a base32 WordPress worm and it infects older wordpress installations – update whenever possible! In our case it kept popping up no matter how many times we deleted the script until we finally reverted the entire hosting account one month back. That seems to be the only fix. Keep checking and if nothing else works try this!