Hacked again...
On receiving an email from Google Webmaster Tools earlier today (14th Jan 2013) telling me that my 'old' website (at somerandomnerd.com) was serving up malware, the first thing I did was yank the website offline and put up this holding page (a bare HTML file) and start figuring out what the problem was.
(At least, that is what I thought I had done. But because my browsers weren't letting me visit the actual website - because Google was reporting it as containing malware - I couldn't see what was happening.)
So, the first place I looked was my Theme files- the ones that actually generate the HTML code that gets served to visitors. Sitting in my custom theme was an iframe, which linked to what looked like a Wordpress update script (judging by the URL), sitting on a .ru domain name. As my CMS is not Wordpress, this looked pretty obviously out of place.
(The slight worry is that I do have Wordpress installations on my server, so I'll be checking them over for any issues- as anyone/thing that can rewrite one file might be able to rewrite another.)
The second place I happened to look at also had a nasty, foreign iFrame. As did the third. So, some script has clearly run through my server, found every file that looks like it generates an HTML page, and made it do something I don't want to do.
It was about this point that I decided to check to see if this page was appearing instead of the compromised page by visiting it on my phone - which promptly bounced around about a dozen different URLS, before landing on some dating site. (As you can see, I've fixed that problem. At least for now.) The second problem turned out to be a modified .htaccess file (which is a file that usually is used to tell the server what to do if unexpected things happen – if pages have been moved, '404 page not found' errors etc.) which had been changed to redirect any visitors to a different site. An easy fix once you know what the problem is, but not (for me) a simple problem to find.
Annoyingly, my home router broke down yesterday, so I don't have a broadband connection at home. Meaning that I'm having to figure this out (and fix what I can) over a mobile connection. Oh- and mobile coverage of my house is hit and miss, dropping in and out pretty much at random. Which makes it even slower and more frustrating than it would be otherwise. (Also, as an added bonus, my 3 and a half year old son decided against sleeping this evening.)
So, right now I'm wondering if I can be bothered with the effort of ongoing server maintenance etc, and just moving everything to Tumblr or Squarespace or something where I don't have to worry about security, spammers and malicious scripts, and can just get on with writing things that I never finish again.
At least I know what I'm doing with that...