Someone Doesn’t Like My Website

I know. Utterly surprising. But really, my site has been in a constant state of red alert for the last year, being the victim of several sql injections into my database with the wp-stats trojan, which is easily blocked by any malware detection tool on a computer but unfortunately, renders my site flagged by google. This means that anytime folk come to visit my site (especially on Firefox) they see a big sign (on Firefox 3 it’s huge and red) warning them that my site is a supporter of viruses.

The series of attacks, in conjunction with my lack of posting when trying to fix the problem has brought my readership down from about 250 a week to maybe 15. The attack seems to occur only to my wordpress section of the Bible Archive which supports the idea that there is a inherent vulnerability in WordPress even though I don’t know what it is.

What I’ve done so far is:

  1. rename all my wordpress tables to have strange characters in front of them (so that a scanner looking for “wp_” won’t find anything).
  2. put a security lock on my back end pages access (so I have to login twice to get there)
  3. used strong passwords for everything (so I have to look at a written out document to log in)
  4. prevented write access from certain folders in my backend (so going to a directory gives a warning)
  5. Contacted my hosting provider (to make sure there wasn’t something up with the server)
  6. Ran a site vulnerability program (showing no vulnerabilities)
  7. Tried to backtrack the IP’s that launch the attack (usually go back to a russian site)

But the attack still gets through. I’m trying to get the IP information but it seems to revolve between Russia and the Ukraine. I never had this problem with mambo/joomla. ::sigh::

Facebook Comments

3 replies on “Someone Doesn’t Like My Website”

This is totally offtopic, but I’m curious how blog stats work when people read your blog through the RSS feeds. For instance, I don’t go to any of the blogs I read unless it is to comment. I read them all through the RSS reader in my Outlook (which means that I get ever post as a single email-ish thing). But moving from 250 to 15, I have to wonder if that includes RSS readers like myself.

I haven’t checked my stats on WordPress to see how the rss readers are trending on the site, and you’re right that that may contribute to it. But I’ve been hit pretty hard and had to spend way too much time trying to track down where the culprit is getting through to provide proper content. No content: no readers. =(

I just implemented a ridiculous amount of security including a whole mess of 403 redirects. If you notice anything weird (like inability to post) drop me an email.

Leave a Reply