SEB site notes.

Just a quick blurb to mention that I appear to have finally gotten rid of the malware that was randomly inserting Viagra spam into the entries. It took removing every single plugin except for Akismet along with every theme, turning off user registration, and reinstalling WordPress, but I’ve not seen the files show back up since so it appears to have worked.

Now I’m slowly adding plugins back in and watching to see if the spam returns. The podcasts should be playable once more as I put the Blueberry PowerPress plugin back in yesterday, but user registration is still turned off until I test the plugin that helps to cut down on bots making accounts. I had quite a few plugins installed so this will probably take some time and I’ll be evaluating alternatives to many of them while I’m at it.

In the meantime, if the spam starts showing up again be sure to let me know.

3 comments

  1. Really glad to hear you have made progress against the malware Les. It’s strange though; I never saw the Viagara spam, even once, and I read all the comments. I wonder why?
    Perhaps because I never actually log in? Or maybe the ‘ware used an external link of some kind? .. because I do use a block list. Anyway, glad to hear it!

  2. I never saw it either and most of the folks who did were reading SEB via the RSS feed. It was a really odd bit of malware that worked really hard at concealing itself. Each time it would re-install itself after I had removed it many of the files it used were put in a different location. The only reason I knew it was back was because it relied too much on one file — wp-sitemap.php — which isn’t part of the core build. Well, that and some folks would say they were seeing the spam content again.

  3. This might be more of a pain than it’s worth for you, but as a web developer (ExpressionEngine) I track my development on most of my projects with Git. With the site in Git, I can then deploy right from that repo in a number of different ways and schemes. The only changes to the site happen in my repo, which is separate from the actual working version of it.

    Sure, uploaded pictures are a change, and I don’t generally put those in my repo, but I’m not aware of issues of malware masquerading as images.

    There are scripts (or you could create your own) as well as services such as Beanstalk (repo hosting) which can update the production version of the site in such a way that the site files get entirely replaced (and extra files removed.)

    I would think this would be a great method for dealing with malware. You could deploy a fresh copy of the site as often as you like and depending on your setup you could do this with a push of a button and it would take just minutes. Learning the basics of Git and the initial setup would be a pain and take a little time (though it’s a great geek exercise) but it would be worth it to beat down the malware issue once and for all. In the end, it would probably save you time.

Leave a Reply

Connect with:

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>