Well now it is time for me to get back into some regular blog writing, now that my blogs are working properly again. It has been a while since all of my sites have been actually loading and working correctly. Apparently there were some problems that have been brewing for a while that I didn’t realize were problems. I have all of my sites hosted through Hostgator (no I am not posting a link here, for reasons that will become clear) and they sent me a message about high server use last year. I thought it was all taken care of after I killed a bad plugin on one of my WordPress sites.
Apparently, it was not fixed. Earlier this year I found that my .htaccess file had been held for ransom modified by hostgator so that I could not write or edit the thing. This wouldn’t let me install or run any security plugins or caching plugins that THEY RECOMMENDED I INSTALL! I found this out but the sites were still working for the most part so I ignored it. Sites would load slowly and I would get 504 (Gateway Timeout) errors more and more often. I finally decided to start blogging regularly again and I had a hard time getting to this site to do it.
It was last Tuesday, now a week ago, that all 13 of my sites would not load and were constantly getting the 504 errors. I contacted Hostgator and after about an hour on chat, I was directed to an open ticket from a year ago that I had thought was closed. Well, after some back and forth and me reporting 2 different times about not being able to get into my sites, they finally ran a scan on my account. To my surprise, the scan covered 130,872 files and 13,936 of them were infected with malware.
Well that set up an exciting weekend at the computer for me, and not writing. The malware was in the main wordpress .php files, plugin files, theme files, pretty much most of the .php files in my account. After all of the fun, I had found 3 different forms of the malware, all of which were designed to create backdoors to my sites. A fat lot of good it would do for anyone to break into my sites, with all of the state secrets and tubs of money that go through them. Oh that’s right, THEY ARE ALL FREAKING BLOGS OR INFORMATIONAL SITES!
Ok, deep breath. That rant will be over at CantankerousOldCoots.com later today.
Back to the fun, I found that reinstalling the .php files was the best way to get rid of the virus. WordPress wasn’t a problem, and some of the plugins were easy to install. Other plugins were not available, but replacements were, so they got installed. Some of my theme files and plugins however, were no longer available. You may say, “Just find something else then.” But here is the rub, over the years I have done extensive modifications on most of those themes and some of the plugins, so it wasn’t easy to replace them. So I didn’t. I ended up going through what seemed like 10000 files (I know it was less but I wasn’t counting) and manually deleting the malicious code from each one.
It was a huge deal and took me most of the weekend to do. Finally, on Sunday night, I finished and all of my sites loaded like they should have. I spent Monday updating and working on plugins, some of which still had issues, but finally got all of them finished and working like they should. And I got my .htaccess file back. And finally the security plugins that I needed.
Hopefully, and I really hope so, all of this is finished and I can get on with my sites working and doing what they are supposed to do. There are some very painful and creative things that I would like to do to these people that created this malware and got it all over my account. I should write a book about that, it would rival a Stephen King. But I digress, I will probably just leave it be and write more posts.