My website was attacked by spammers!
Good morning, afternoon or evening, depending where you are in the world! Today is a pretty gloomy day here in the UK. I just wanted to reach out to you guys today to give you a quick warning about keeping your website version and plugins up to date. Some of you may already know, but yesterday I discovered that my site had been attacked by spammers. Now I must point out that this wasn't the fault of Wealthy Affiliate. This was down to a security issue with WordPress itself.
I first noticed something wrong with my site yesterday when I saw a sudden and quite large drop in the search results for a couple of posts. I thought it was strange as I had been trying to push one of my posts higher for some time and it was making good progress. The sudden drop made me take a closer look at the post and that's when I discovered some unusual content within the page that I had not created.
I began to go through all of my posts and pages and sure enough there were quite a few that had been effected. The spammers had very carefully placed hyperlinked text randomly throughout quite a few of my posts. There was also a post that had been deleted completely. Strangely the post that had been deleted was doing very well in the search results.
I have no doubt that you might want to check your own websites for these kinds of spam attacks. I took a few screenshots as I was cleaning up the mess so that you could see what it looked like.
You can see here that the links were all pointing to "biturlz" links.
There were also a couple of posts with garbled code and basically just a mess!
And lastly there were also a few crossed out links, pointing to the same URL's.
So how did this happen?
The reason that this happened was simply down to a security hole within WordPress. Updating to the latest version of WordPress will hopefully stop this from happening. WordPress were aware of this and they did announce it. However, I was unaware of it at the time.
Although I am usually very good for updating both WP and my plugins, it goes to show how easy it is for this kind of thing to happen. Chances are that my version of WordPress was only outdated for a couple of days, but it was unfortunately enough!
Every Cloud!
Like everything in life there is always a positive that you can take from these situations! In this case I was pleased to learn that you can bring back previous versions of all your posts within WordPress. I had never used that feature before, but yesterday spent several hours using it!
Everything is now back to normal as far as I can see. Even the post that the hackers deleted was brought back.
This was an experience that I could have done without. But on the positive side, its another piece of valuable experience that I can share with you guys and something that we can all be careful of in the future.
UPDATE: You can read about a further issue that we experienced on our website here:
Yuzo Related Plugin Hacked - See How It Affected Our Website
Take care everyone,
Andrew
Recent Comments
68
Hi Andrew,
so sorry for what happened to you. This is all invaluable information. Good to know that it's possible to restore previous versions of posts!!! Just not to get a heart attac when spammers attack ;)
Thank you for sharing your experience!
Marina
Sorry to hear of your problem, and glad you were able to clear it up...There are folks out there that work so hard to do such things, I am quite sure just working as hard on a legitimate business effort would bring more benefits...Once more a good reminder to keep up with those updates on WordPress and all plugins we are using! Cheers! Dave : )
Hi, Andrew, sorry about your problems, but it always pays to back up your site and install the latest WordPress update as soon as it comes available, this is meant to block any security holes that may exist in the previous version.
Not to worry, Andrew, nice to see you're back on track, and another valuable lesson learned.
Yes indeed. However, I don't know about you but I don't log into my website every day. I keep things up to date as much as possible and I'm on there a LOT! But there you go, one of those things!
See more comments
I'm so glad everything is back to normal. Did you check out WP Bruiser?
Yes I did thank you for that!