I’ve been hacked but not on this blog. (and no, this is not an invite.) Three of my own blogs have had some suspicious activity this week alone. I’m an HR and leadership blogger. That’s human resources not a coder, designer, or developer. The cause of the hack after several very long phone calls and internet research seems to be a photo resizer feature in several of the blog themes I use. This resizer is an easy in for hackers to spread malware and phishing attacks.
It’s called the TimThumb Exploit and it sucks. It really sucks. I was made aware of the problem late this week after finding out that one of my blogs contained Malware and was being attacked. Not being a programmer I did a Google search to get started on creating a solution to these malicious blogging attacks.
- Sucuri Website Scanner. (affiliate link) To keep this from happening again, Sucuri is now monitoring my websites and blogs for me. They will now alert me via email, Twitter, or even RSS to any suspicious activity and will fix the errors. It’s worth the cost and my piece of mind.
- DIY Solution. While I’m not a programmer or a coder, here’s a good how to for those do it yourselfers who want to remove the malware, phishing, and close the exploit from Smackdown.
- Patch for Tim Thumb via Woo Themes. This is where I purchase many of my off the shelf themes. These themes also use a photo resizer. I would have preferred an email from Woo Themes alerting me to the problem back in the beginning of August when the problem was first discovered.
It’s funny because I’ve been blogging as a human resources and HR for a while and on WordPress to boot. I have never had any issues like this. GoDaddy was surprisingly helpful. The email I received connected them directly to their Abuse department where I spoke to an actual live person on the phone. They can’t fix the problems for me, but they gave me some helpful information and direction to get started on correcting the issues. As for one of my sites, it looks like I’ll be starting at square one, and that could actually be a good thing. The other two are likely to be saved.
Join us on 3/22 at 9:00 AM EST as we dive into GDPR basics for the recruiter and what they need to know. Register here.
Hackers. Evil Asses. Be Done With You.