Cleaning Your Hacked Website

Although we specialize in WordPress sites, I’ve seen dozens of hacked websites over the years, and although there are millions of creative variations, there are pretty much four basic types of hacks that I’ve seen.

malware-on-websiteBackdoor:
A backdoor lets an attacker gain access to your environment to do anything they wish. They’re the most dangerous, because they can even delete your website, but they’re not all that common.

Drive By Downloads:
These are awful, and will download software right onto your user’s local machine.

People are gullible, and they’ll click “yes” and agree to anything, and end up with all sorts of malware and viruses. Again, these aren’t all that common.

Pharma Hack:
The pharma-hack and it’s many variants are very common, and they usually involve placing doorway pages on your website that end up getting indexed by Google.

7-13-2015 12-28-54 PMIt’s so named because in the beginning it only seemed to be pill sellers, but over the years it’s evolved to span all industries.

When this happens to you, your search results end up getting marked by Google in an effort to warn users away from visiting your site…

Malicious Redirects:
This hack redirects visitors to other domains, which then may deliver a malicious payload, like installing spyware and adware. Unfortunately, this is pretty common  and we see this one all too often.

How can you protect yourself?

  • Do weekly backups of your website
  • Store those backups somewhere other than your webhost
  • Upgrade your WordPress core as they are released
  • Upgrade your WordPress plugins as they are released.
  • Replace WordPress plugins that aren’t updated regularly
  • Remove unneeded software, FTP accounts, and database users
  • Make website maintenance someone else’s problem

What if you’re hacked already?

Here’s a very detailed guide to identifying and removing your particular hack.  It talks about the four types of hack,  and the various symptoms and methods.  Quite often, it’s pretty easy to figure out what’s been done and clean it up, but that’s just the beginning.

Besides cleaning up their mess, you also have to identify how they got to your site in the first place, and then patch that security hole, which can be tricky, and feel like a never-ending battle.  In most cases, it makes sense to $200, and have someone like Sucuri do it.  They’ll not only clean your hacked website, but they’ll keep your site safe for an entire year.

Will Your Site Disappear April 21, 2015?

When users are searching from a mobile phone, Google will be prioritizing the results to show  mobile friendly search results before the others.

This means that if your site is not “mobile friendly”, then your website is essentially going to “disappear” for people that are using mobile phones! I made this short video to demonstrate…

Here’s where Google made the announcement, and here is a link to Google’s tools where you can test your own website .

All of the sites we’ve built for the past few of years are 100% mobile friendly, so if you need help with yours, don’t hesitate to get in touch!

We’re Sorry, Your Form is Broken

2015-04-09 15.33.16I’m writing this as an apology to all those sites we’ve worked on in the past, and all the sites that we maintain now, which are using Gravity Forms.

As far as we can tell, Samsung S4 and S5 phone users cannot fill in their phone number with the Gravity Forms plugin that we put on your website.

This morning it came to my attention that for Samsung Galaxy4 or Galaxy5 Android users, they cannot type in their phone number on a mobile phone without it coming out backwards.

I got a note from a client that her form seemed wiggy from her phone, and when i looked, sure enough, it was screwed up.

At the time, I didn’t realize we both had the same phone, so I began testing other sites with the Gravity plugin everywhere, and the results were the same.

Typing 503-761-2931  comes out  139-216-7305

After confirming the problem on every single site I visited,  I began asking others to test, and it turns out that iPhones work fine and so do some older Android phones, but so far, there’s no clear pattern emerging beyond Samsung S4 and S5, but there was a Motorola Droid that had problems too.

How Can You Fix It Right Now?

4-9-2015 4-29-28 PMThis issue has been reported to Gravity Forms already, and while I’m hoping for a fast fix from them, we did change forms on  quite a few client sites.

We had to remove the default “Phone Number” field and replace it with a single line text box. The problem there though, is when you delete the old phone field, you’re warned that you’ll lose the old phone number data, so if you may want to make a copy of the form first.

Will You Help Troubleshoot?

If you have an Android, would you please try the form below? Don’t even submit it, just click on the phone field and begin to type.  Does your phone number go in the correct order for you?

Demo - Gravity Forms Android Bug

  • Enter your phone number from a Samsung S4 or S5 and watch it come out backwards.

See?

Please reply in the comments below if you have any insights. We’re still trying to figure out which phones are affected…

 

 

 

Scentsy Theme Menu Fix

Scentsy recently made a change to the About link on their consultants corporate site to point to a different URL, and didn’t redirect the old URL to the new.

Under normal circumstances, best practices and common sense would dictate that you should take care not to “break” the incoming links that come to their site from other websites,  Facebook, etc. but in this case, Scentsy didn’t do that, so everyone link ended up broken.

When we first noticed it, we assumed Scentsy would catch and fix it, but they still haven’t, so you have to fix it yourself. If you have a WordPress theme of your own, you’ve may have already figured it out under Appearance > Menus.

If you don’t know how to do it, or if you bought your theme from us a while ago and didn’t even realize your  link was broken, here’s a very short video showing you how to fix it…

[imaioVideo v=1]

Changing Our Domain Name?

As a consultant, as far back as 2007, when businesses used to come to me in need of redevelopment, I would tell them that the best thing they could do was to “get WordPressed”.

I explained how they needed to take their dinosaur HTML site and have it converted into the most search friendly system I knew of, and that’s how this particular website was born.

It’s a specialized niche site, to fit the growing industry of converting sites into WordPress, and that’s how the domain name came to be chosen.

Yesterday however, attorneys for the WordPress Foundation sent me an email, saying that we are in violation of the WordPress copyright by using WordPress in the domain name. ;(

On the one hand, I realize that a company does have the right to protect themselves from misuse of their trademarked name or logo, but on the other hand, I’m surprised that they have nothing better to do with their time than go after supporters like us, who provide services based on their product.

Here’s a copy of the letter in its entirety:

Re: Trademark Infringement By

Dear Mr. Hendison:

I write on behalf of the WordPress Foundation to ask that you stop all use of the domain and transfer it to WordPress and that you also remove the WordPress Logo from your site. As you know, our client is one of the world’s most famous providers of blogging and website support services and offers these services under its famous WORDPRESS trademarks. It has used its WORDPRESS trademarks for many years and this trademark is the subject of many trademark registrations throughout the world including the United States.

As I am sure you can understand, in business a company’s brand is its reputation with customers. For this reason it is critical that a company have the ability to control how its brand is presented to the public. Further, the company has set out its domain name policy on the WordPress.org website as follows: “For various reasons related to our WordPress trademark, we ask if you’re going to start a site about WordPress or related to it that you not use “WordPress” in the domain name.” http://wordpress.org/about/domains/

Your use of the domain name(the “Subject Domain”) and your use of the WordPress Logo is without the permission of WordPress and removes its brand reputation from its control since visitors to your website will wrongly believe that the site is controlled by, or at least approved by WordPress when this is not the case.

In order for the company to maintain control of its reputation, we ask that you transfer thedomain to WordPress and remove all uses of the logo from your website. Should you care to discuss this matter please don’t hesitate to call or email me. I await your reply.

Very truly yours,

Steven M. Levy, Esq.
FairWinds Partners, LLC
1632 Wisconsin Avenue, NW
Washington, D.C. 20007
United States
+1-202-341-3722
steve.levy@fairwindspartners.com

Now I really don’t have the time or money to get into some legal battle that I would probably end up losing in the long run, so I said I would come up with a new domain, and would remove their logo (as obfuscated as it is) from our header.

Our communication back-and-forth has been very cordial, and Mr. Levy said that they could give me a reasonable amount of time to make the switch, get the new site indexed, etc. but I can’t find a domain name I like yet this morning.

We’ve established a pretty good  business here, and we’ve got some good search rankings, decent backlinks, and a loyal base of returning customers who know us by name.  Changing domain names is really going to require some thought, and this morning I set out to get one.

My first thought was to follow the suggestions that WordPress makes here and use a WP instead of their name, but when I tried to buy GetWP.com I found that it was already taken.  I was surprised at that, so I tried to visit the site, but when I did,  I got redirected to a subdomain of WP.com, called get.wp.com –  Huh? Could it be?

Yep – I looked up the registrant information, and found that the domain I want –  GetWP.com –  is already owned by the folks at WordPress – The same people telling me to use WP!

Registrant:
   Automattic, Inc.
   60 29th Street
   #343
   San Francisco, California 94110-4929
   United States

I really like the name GetWP.com, and feel it would be a fair substitution – after all, they’re not even USING it!  So I wrote the lawyer back just now, asking if maybe they’ll consider giving me getwp.com, but I’m not going to hold my breath.

Anyway, I thought I’d share – After they refuse, have you got any ideas for me for another good domain name?