Last night I got an alarming e-mail that it might be possible that some kind of malware was installed on a private computer via downloading a file from the Biodiversity Offsets Blog!
Now, this is a very specific blog that — despite its worldwide audience — might be neglectable in terms of absolute numbers (there are currently around fourty visitors per day which I think is already great). So, I didn’t expect any security issues and of course, I had taken preventive measures, too. Anyway, it is not hundred percently sure whether there was a problem with the site and whether there possibly still is. But as I don’t want you to take any risk and possibly cause inconveniences, please be alerted.
Experts out there?
If anyone can help me how to solve this — either you have another idea what I should do or think that I have done everything possible, please do tell me!
Here’s what I’ve done so far to analyze and fix the problem:
- googled how to detect hacks to a website
- did online scans of the website –> nothing was found
- contact our system administrator at work –> he couldn’t find anything at first glance, but did give me some general good hints and confirmed that detecting malware might be a tough approach (i.e. it’s possible that there is something buried somewhere that you’ll hardly ever find)
- contacted another administrator (who has installed and uploaded my blog) –> he checked and responded that there “might” be an issue, possibly through a plugin
- so, I updated all plugins and got rid off the less important ones
- deleted all users (obviously mostly spam subscribers, kept only the few ones I could identify)
- installed the “wordfence” (security) plugin and ran another scan –> everything is ok
- still suspicious, I also contacted my hosting provider to check –> waiting for response
- and finally, wrote this post to tell you to be cautious with all links!
What has changed for the blog?
As mentioned above, I have reduced the plugins to a minimum, i.e. some features no longer or at least temporaily don’t exist. This includes:
- the Google translate button in the side bar (I don’t think it has been used that much)
- the view counts at the end of each post or page — however, the “most viewed posts” in the side bar are still there
- there’s no subscription form available anymore as I had too many spam subscribers, if you want to follow the blog, check daily (I am posting almost every working day), follow me on linkedIn, where I instantly post all the updates or use rss feed
I’m not sure if it’s related but I’ve had the following message from Applevirus.com a couple of times while looking through this site:
“Safari might have detected an intrusion in your system , All attempts to block this intrusion might have failed, Hence system is halted to protect you from Identity theft or any loss of personal information. Please contact Technical Department Live at +44 151 528 8463.”
I then just need to close and reopen the browser. The notice appears very intermittently — I have it about 3 or 4 times now.