Yesterday, April 10, 2019 (and wanna have it for the records), I had to shut down my desktop, laptop and even phone because I thought I have gotten a virus embedded somewhere in the system causing me trouble to open any window to work – I even believed it was something with my WiFi and home network. After hours of trying to find out what was really happening, I got frankly crazy. I was not sure what triggered the problem every time I tried to open a window to update my websites and platforms. I was all over the place trying to get at least a hint to start fixing or cleaning whatever was needed. Shoot! This time it hurt tremendously cuz I have arranged a call with someone who would be assisting me with some material I needed distributed this week. This person was waiting for me to show her way around the platforms in place and guide her inside the admin area of one of my websites. I had to cancel the meeting.
But something great happened next.
My assistant called me back after reflecting on my situation and seeing how frustrated I was. She went into telling me that not all my websites on the hosting we thought there was a malware installed have been affected. She redirected me to pages and internal places that were working just great. And that was awesome to know because that meant the beginning of my real work with this experience.
When I returned to my office, right then I have a sense of relief. I found that the websites affected were running a phishing script – a code that redirected people to fraudulent websites for any sort of bad intent. For a while, I couldn’t make those websites open any correct page, however, I could have access to their admin areas. Additional to this, standalone pages – ones manually coded with python, php, and plain html – were working as they were supposed to. So that guided me into thinking that the main problem was happening only around few of the WordPress installations we have in our hosting accounts.
The next thing was to check all the WordPress websites and see if they were behaving equally wrong – that’s if they were infected. We found 2 websites were not. And we noticed though that the ones affected were hosted with different hosting providers and accounts – meaning that the problem was not really associated with a particular account, or a particular hosting company, but with a piece of script residing in those common websites platforms. This analyses led me to talk with Bluehost technical support who confirmed our accounts were clean. They sent us an email stating: “That account is clean and there is no malware in the websites.” – anyway that was great to read because in previous conversations, if they would have found malware, they would have deactivated our websites until we get them clean with no idea where to start. And this is a pretty common step when working with this sort of stuff: We have to avoid threats dissemination and, in some cases, this action is legally bound to security policies.
I make my lunch and took a break to think carefully through and relax for a while.
When I came back to work, I brought a list of things I would be doing. A list that looked something like this:
- 1- Put all websites on maintenance mode.
- 2 – Back up databases and files.
- 3 – Protect images folders and take notes of main locations.
- 4 – Start testing every website with modules and plugins deactivated.
- 5 – Create a first report about what may have been the case that triggered the malware.
In step 4, I could determined the main problem was caused by a plugin, in this case called ‘Related Post’. After finding this plugin was infected, I keep it deactivated and the websites were pretty normal and back. Anyway, we (my assistant and I) decided to keep clear notes around this and are still looking for additional plugins that could address (or mimic) the features we have in place with the previous plugin. Otherwise, we may consider manually coding a small script that could be use instead while the original one is been fixed, cleaned and tried.
This was a really bad experience to me since many things rely on my decisions to move things around and approve the steps needed to address these concerns. But at the same time, it was an exciting challenge because it puts me on a place in where I get to test not only my knowledge, patience and previous experiences but also the capacity to try new things, approaches, techniques and practices used by other people on almost similar situations (and I say similar because with viruses everything is new and uncertain). I have to admit, though, that I’m so glad to be a member of tech teams, groups and forums which have become an awesome network of supporters in my career, business and professional life. If I had not shared about this painful moment, my colleagues would not have given me options to ponder – and that is important to note: we have to learn to give back to those who are there for us too, because it becomes a pleasure to see projects working and functioning well thanks to different perspectives. I have that ingrained in my mind now more than ever.
So here I am again, with a happy face after 2 days dealing with this fucking script (don’t repeat what I said). This is a normal life when we are working with technical implementations daily. And remember one thing, my dear, we are never alone with any problem. It is imperative to pay attention not only to small details but also to all those people who provide us with immense inputs.
And you, tell me, ¿What is a nightmare or painful experience you’ve had with your websites or any systems recently? And how did you find a solution?