More Malware

This content has been archived. It may no longer be accurate or relevant.

PG has recently mentioned a brush with malware.

Mrs. PG’s author website had more than a brush. When PG checked it, some depraved soul had managed to corrupt the PHP file with over 100 nasty bits.

PG learned that a widely-appearing vulnerability in a prior version of PHP permitted malware scripts to embed all sorts of back entrances into a variety of different WordPress sites.

Fortunately, PG had backups, but restoring Mrs. PG’s website required pulling out backups that were several weeks old. Restoring those backups also restored earlier versions of the PHP file (a good thing) and of WordPress prior to a number of updates.

Some of the restorations knocked Mrs. PG’s site into a limbo that responded to visitors with a cryptic error message.

Some of the restorations screwed up other parts of WordPress. PG has a hard enough time keeping track of things that were fixed in the most recent version of WordPress, let alone what was fixed several weeks ago.

Restoring old versions of the website also generated a lot of notices that various and sundry apps needed to be updated from their former state. The final log file was seven pages long, single-spaced.

One example of a single line in the log file: “0020.832 () Cleaning up rubbish…”

PG’s sentiments exactly.

 

 

12 thoughts on “More Malware”

  1. Be sure to upgrade your php installation to the latest. It’s a language utility used by WordPress, but not part of the WordPress installation and has to be upgraded separately. See https://wordpress.org/support/update-php/ . There have been a slough of php vulnerabilities and exploits that have shown up this spring.
    Although I don’t know, it sounds Mrs. PG got caught on some of these. Going back to your old php installation leaves the system removes the mal temporarily, but leaves you vulnerable to the same threats again.

  2. The ugly part is compatibility. Php has been changing. It’s much faster and secure than a few years ago, but they have dropped or substantially modified some functionality.

    My two main sites are built on an ancient theme that hasn’t been updated in several years, and is not compatible with the current php (7.x). That means I have to change themes before I can upgrade php, a task that I have been putting off. I am afraid I will be dusting off my limited php skills soon to get something working.

    Isn’t software grand?

    • Things like this are why I always got cranky when people tried calling me a software “engineer.” We do try – but it’s nowhere near to an engineering discipline.

      • I was always proud to be called a software engineer. It shaped my attitude toward my work. Software engineering is more difficult than civil engineering in many ways, mostly because it changes so fast. Concrete hasn’t changed that much since the Romans used it, but computing gear goes obsolete every 18 months. Basic software constructs don’t change that much, but with ever faster and more abundant compute, connectivity, and storage, those basic constructs can be used in ways we couldn’t imagine a few years ago. And we’ve only recently seen that faulty software can be as dangerous as a faulty boiler. I don’t see software engineering getting easier soon.

    • This is not intended as a snarky question (I’m really interested in the answer) but how do you keep your two main sites secure if you are using the old and vulnerable version of Php?

      • At the moment, I hate to say this, they are vulnerable. Upgrading both themes and and php is on my pending projects list, and I will get to it eventually. I don’t depend on my sites for revenue and they don’t get much traffic, so the project is not a high priority for me. If they were more important, I’d have upgraded a long time ago.

        Using a well-supported and maintained theme is important part of WordPress security that may not be obvious.

        Software security is a fast moving sport. Either you keep up, or you are vulnerable. The long game is harder than it looks because you’re never finished. The dichotomy secure/not secure is deceiving. No software, even “air-gapped” off line software, is completely safe. You you gauge the risk and take the steps that the risk warrants to attain the level of safety you are comfortable with. In my case, since I don’t have that much to lose, I put the work off.

        Most important: I keep offline and cloud backups of the sites, so I can recover if I get slammed.

  3. Since it’s time to complain, how about Yahoo business which wiped out my e-mails from existence. They don’t even have a help desk open anymore, and my domain name it’s held hostage by Yahoo’s incompetence

    • It’s not incompetence. The MBAs say it is the height of business competence to quit investing in a service that doesn’t yield expected benefits. When Verizon took over Yahoo, they said they were going to use it to make money by using Yahoo services to expand into data driven advertising. No money, no service. Has nothing to do with software. It’s hardball business.

      That said, it is a shame that people are being hurt. Myself, the day Verizon issued that statement, I started extricating myself from Yahoo services because I didn’t have much faith in Verizon’s ability to pull it off. Unless Verizon’s course changes, one of the few times I called it right.

        • Sad. If you think publisher’s contracts are harsh, look at this from the Yahoo Small Business TOS:

          “The Company reserves the right, in its sole discretion, to change, modify, add, or remove all or part of this Agreement, including any applicable fee, Policy, or guideline, at any time without notice or acceptance by You. Regardless of whether the Company has provided You individual notice, Your continued use of any Service following the Company’s notice or posting of changed terms will constitute Your acceptance of such changes. It is Your responsibility to check regularly for changes to the Agreement. IF YOU DO NOT ACCEPT AND AGREE TO THIS AGREEMENT, INCLUDING ANY POLICY, DO NOT USE THE SERVICES.”

Comments are closed.