In early December while on vacation in the popular Malaysian beach resort of Langkawi, I discovered that some malware had compromised my website/blog. It took me awhile to fully comprehend the severity of the havoc wreaked by this malware – in essence, all my search engine traffic had been hijacked and redirected to the spam website. The story of this hijacking was chronicled in a prior post.

After the realization that my online presence was totally crippled by this insidious bug, I pleaded with My Webmaster to see if he could find a fix. Initially he was stumped, but with dogged determination he discovered both how the hijacking was accomplished and a very simple fix – my FTP was hacked and a lot of white space/blank lines was added to the .htaccess file, followed by some lines telling the web server to forward any clicks coming from search engine results to the spam site.

The fix he said was quite simple – all he had to do was remove the extra code from the .htacess line. In addition, he recommended that I change my rather simple FTP password to something more complicated to make things difficult for potential hackers. For a full explanation of how the malware was removed from my site I suggest you visit his website and read about “The Fix”. A must read! In addition, while troubleshooting this malware issue, we came across another site that also dealt with the same problem (and offered a similar fix). Needless to say, after the nasty little bug was extricated from my site, I was quite relieved.

While discussing why my website was targeted, my webmaster came up with this explanation:

“If the errant webmaster targeted thousands of sites to be hijacked, then even if each site only gets 20 hits/day, that builds up to 10s of thousands of people directed to his site instead. Even if only 1% of those people buy the products, he’s making a lot of money. Furthermore, most of the websites that are hijacked probably have low to mid range Google Page rankings (2-4) like yours, so that he’s less likely to attract too much attention. It’s a shitty, low, repugnant thing to do, but some of these internet marketers and immoral webmasters resort to using such tactics”.

What can you do to prevent your website from being hijacked? I have come up with some handy tips to protect yourself.

• Use Firefox as your browser, minimize your use of Internet Explorer
• Avoid clicking on popup windows – especially those that offer free system or virus scan of your computer or those that offer freebies
• Generate some complex passwords of at least 8 characters for your FTP access, blog log in, e-mail logins etc. Use a tool like PC Tools password generator
• Keep your antivirus, malware, spyware definitions up to date. Remember to use your Firewall at all times.

Be Safe out there!

This is a story of how my travel blog (and website) was hijacked by malware. Apparently the hijacking took place while I was staying on the island of Langkawi, one of the most popular beach resorts in Malaysia. I had checked into AB Motel on December 5th and I decided to pay for their daily internet access at 10RM per day (about 3.50USD). While surfing on the internet on my first or 2nd night there, a very loud popup ad appeared on my screen - the popup was luring me to do a free antivirus scan of my system. My gut feeling was that this invitation was bad news, however I clicked something which initiated the download. It took a while before I was able to halt the progress of the download, as the damn window would not go away immediately. I didn’t realize it at the time, but I have a feeling that is how the malware was able to sneak into the very core of my website.

Later on that evening, I tried updating my Wordpress Blog in the Firefox browser using the Wordpress automatic updater plugin and received a warning from Norton Antivirus that my computer was being attacked, and the installation of the update was aborted. I clicked on the link requesting more information on this attack, and I got the following explanation from Norton (see picture). Undeterred, I tried installing the update with Internet Explorer – this time, I didn’t get the warming from Norton, but the browser informed me that this address couldn’t be displayed at this time and to my check my browser settings. You know the standard stuff…

Somewhat disturbed about this new development, I called my Webmaster in Thailand. We concluded that a bug had corrupted the WP automatic upgrade plugin, which caused the installation to fail. In the days to follow, I continued to blog about my 30-day travel odyssey, but when checking my traffic numbers I discovered that visits to my site had dropped over 80%. Very disturbing to say the least, but I let the matter slide! It was only several weeks later, after returning home to the USA, that I realized the true nature of this nasty malware - how it attached itself to my website like a leech, stealing all my search engine and web traffic.

Here’s how the malware worked – Using the Firefox browser, when people clicked on a search engine listing which linked back to my blog/website, they were either directed to a different and totally unrelated website or if they had a malware detection software on their computer, they received a warning that their computer was being attacked. In the latter instance, when using Internet explorer, the clickthrough would bring up the standard “this address couldn’t be displayed at this time and to your browser settings”. In addition, any hyperlinks to my site sent by e-mail, would behave the same way. No wonder, my traffics figures were way down!

Next – how my Webmaster figured out how to extricate the malware bug from my Website (the Fix), and how you can protect yourself your website from being hijacked!