Malware Strikes Again

Poverty, of course, is no disgrace, but it is damned annoying.

— William Pitt
Your Ballroom Days Are Over

My websites were flagged by my webhost as containing malware yesterday. After a little back and forth with them, I decided that I would fix the problem myself to save on the hard costs of hiring an expert. The sites in question1 had been hacked sometime in July, but the hacker’s payload was simply a proof of concept – the hacker created a file called lol.txt on each folder on the root level of my server.

Since I’ve been a customer of this particular webhost for nearly 15 years, there was a lot of extra folders left over from various projects that I didn’t need anyway. I took the time to back every single thing to my local hard drive, and then deleted thousands of files.

The malware was installed as a .php file in the directory /wp-includes in two different websites with a WordPress installation. I could have simply nuked all the WordPress files with the exception of files found in /wp-content but I was curious if I could find more traces of malware. I didn’t have anything else more pressing to accomplish today.

Eventually, I cleaned up all the miscellaneous debris left over from Blogger days, lo so many moons ago, and even delved into my Moveable Type installation from the Golden Era of Blogging. All clear, if clunky.

If you have a moment, take a gander at urbanseens.com or my photo blog to see if they are ok. My webhost gave me the all clear, and restored my sites to the internet.

Being told you have malware is like someone accusing you of having lice or a STD or something”

my brother quipped back:

what’s worse malware or herpes?”

Tell Me What You Want
Footnotes:
  1. not this one, but others []

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.