Someone has inserted malicious code into some of the blog posts on the Antiplanner as well as my other blog, Streamliner Memories, plus a third blog that I haven’t posted to in several years. The code is mostly invisible to users, but I can find it in the WordPress editor. The code consists of some ramblings about cialis inserted into the middle of the post plus some random numbers — hexadecimal? — at the end of the post. So far, the code doesn’t seem to be dangerous to users, but that could change.
In the past, when this site was hacked, my web server would do a scan for malware and send me the results, allowing me to erase or replace malicious files. Now, my server says they won’t do anything unless I pay them $300 a year per web site. Various security companies on the web say they will scan the site for malicious files; when I do that, they all report there are no malicious files but if I pay them $300 to $500 a year they will guarantee to clean out the malicious file they couldn’t find.
I am uncertain what to do about this. Although I only plan to post to the Antiplanner once a week or so, I’d like to leave past posts for people who want access to the data and articles I’ve published. I’ve continued to post to Streamliner Memories every day and I’d hate to lose that.
So it seems I have to choose between paying someone hundreds of dollars to clean up the sites; shutting down the sites; moving the sites to a new web server that might not charge me as much to keep the site infection-free; or figuring out how to fix the sites myself. If any readers have any ideas or experience with this, please leave a note in the comments or send me an email.
Unfortunately WordPress is almost impossible to secure. All it takes is one sloppily written plugin for compromise (and most plugins are in fact sloppily written).
Much safer to use a “static site generator” like Hugo, but migrating is not trivial.
If you have SSH access to your server, you can check it for unauthorized changes to PHP files or database entries, but that requires some familiarity with command-line tools and UNIX.
You realize you just spoke a bunch jargon to someone who probably doesn’t understand what you’re talking about?
Move to wordpress.com. You can keep your domain and import and go with a new theme and limit plugins. No need to learn a new platform and security will be handled by WordPress. Cheap and relatively easy.
Or pay a professional.
Ieeeei ei …. amazing these attacks are happening right around you retiring..
” ramblings about cialis inserted into the middle of the post plus some random numbers ”
Some sort of ad for “the little blue pill”?
If you can find it with the editor, can you just repair the affected files? Or are there too many?
JimKarlock,
I estimate that more than 7,000 Antiplanner and Streamliner blog posts have invisible code inserted into them. No two are identical so I can’t just do a find and replace. Deleting them one-by-one would be pretty tedious. Deleting them without finding and deleting the malicious files that inserted them would be pointless.
I am looking into the options suggested by fazalmajid. If the look-and-feel of the Antiplanner suddenly changes, you’ll know that’s what I did.
I’d be happy to chat and/or email about options. From there see if you’d like me to roll up my sleeves or whatever. It’d be shameful for someone with my background to not help out. ๐
For example, I could drop the exports into their own code repo and clean up up with some scripts from there. That would give us a history to see the changes and make sure the content was unaltered.
I really hope that you don’t delete this blog. You are one of the few people on the internet who provides easy to read refutations of the urbanist nonsense that has ruined the city that I live in. I’d have gone insane without your common sense articles.
If it becomes necessary to pay $300 a year to preserve the Antiplanner posts I would be happy to chip in some funds. Maybe start a gofundme appeal if necessary?
We would all hate to loose your blogs!
If you’re not too busy re-reading that Twin Cities by Streetcar back, hit me up. I thought I had your contact info but do not. This may be fairly easy to solve.
If you’re not too busy re-reading that Twin Cities by Streetcar back, hit me up. I thought I had your contact info but do not. This may be fairly easy to solve.