Be aware of Malware and bad links — did the Biodiversity Offsets Blog get corrupted?!

Last night I got an alarm­ing e-mail that it might be pos­si­ble that some kind of mal­ware was installed on a pri­vate com­puter via down­load­ing a file from the Bio­di­ver­sity Off­sets Blog!


Now, this is a very spe­cific blog that — despite its world­wide audi­ence — might be neg­lec­table in terms of absolute num­bers (there are cur­rently around fourty vis­i­tors per day which I think is already great). So, I didn’t expect any secu­rity issues and of course, I had taken pre­ven­tive mea­sures, too. Any­way, it is not hun­dred per­cently sure whether there was a prob­lem with the site and whether there pos­si­bly still is. But as I don’t want you to take any risk and pos­si­bly cause incon­ve­niences, please be alerted.

Experts out there?

If any­one can help me how to solve this — either you have another idea what I should do or think that I have done every­thing pos­si­ble, please do tell me!

Here’s what I’ve done so far to ana­lyze and fix the problem:

  • googled how to detect hacks to a website
  • did online scans of the web­site –> noth­ing was found
  • con­tact our sys­tem admin­is­tra­tor at work –> he couldn’t find any­thing at first glance, but did give me some gen­eral good hints and con­firmed that detect­ing mal­ware might be a tough approach (i.e. it’s pos­si­ble that there is some­thing buried some­where that you’ll hardly ever find)
  • con­tacted another admin­is­tra­tor (who has installed and uploaded my blog) –> he checked and responded that there “might” be an issue, pos­si­bly through a plugin
  • so, I updated all plu­g­ins and got rid off the less impor­tant ones
  • deleted all users (obvi­ously mostly spam sub­scribers, kept only the few ones I could identify)
  • installed the “word­fence” (secu­rity) plu­gin and ran another scan –> every­thing is ok
  • still sus­pi­cious, I also con­tacted my host­ing provider to check –> wait­ing for response
  • and finally, wrote this post to tell you to be cau­tious with all links!

What has changed for the blog?

As men­tioned above, I have reduced the plu­g­ins to a min­i­mum, i.e. some fea­tures no longer or at least tem­po­raily don’t exist. This includes:

  • the Google trans­late but­ton in the side bar (I don’t think it has been used that much)
  • the view counts at the end of each post or page — how­ever, the “most viewed posts” in the side bar are still there
  • there’s no sub­scrip­tion form avail­able any­more as I had too many spam sub­scribers, if you want to fol­low the blog, check daily (I am post­ing almost every work­ing day), fol­low me on linkedIn, where I instantly post all the updates or use rss feed


Be aware of Malware and bad links — did the Biodiversity Offsets Blog get corrupted?! — 1 Comment

  1. I’m not sure if it’s related but I’ve had the fol­low­ing mes­sage from a cou­ple of times while look­ing through this site:

    “Safari might have detected an intru­sion in your sys­tem , All attempts to block this intru­sion might have failed, Hence sys­tem is halted to pro­tect you from Iden­tity theft or any loss of per­sonal infor­ma­tion. Please con­tact Tech­ni­cal Depart­ment Live at +44 151 528 8463.”

    I then just need to close and reopen the browser. The notice appears very inter­mit­tently — I have it about 3 or 4 times now.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>