I’ve been hacked…

A couple days ago, I tweeted about being hacked and then I thought I would just write a dedicated post regarding the issue (as you know, normally I don’t post on Thursdays). I started noticing something was funny with my account several weeks back when I was in Montreal. It was then that I was suddenly locked out of my WordPress account and the admin page starting showing words in Russian. Real scary, I know. Thank goodness for my tech-savvy husband, who quickly googled the issue and found that many other blogs/sites were being hacked as well. The hack came through various plugins that were unknowingly vulnerable and compromised. We had attempted to delete the code that was enabling the hack and then all seemed fine while we were on vacation. Then when we returned, on Monday, I clicked on The Beauty Nerd URL and was greeted with a warning stating that malware was found on the site. If you have visited my site in the last couple of days, you may have seen the same message.

Source: Connie on Pinterest

Anyway, my hubby spent hours this week googling, researching and trying to understand the full issue once again and it appears that the first time we deleted some of the code, we had only deleted some of it, but the ‘hack’ still lurked in other places in the code. This time, we knew we had to take extreme precautionary measures, so we took down all the content and then re-uploaded everything as a clean slate to ensure that there are no chances we have missed anything. It nearly broke my heart thinking that all my conversations with all you lovely people was lost. Luckily (big, big sigh of relief), we were able to recover everything.

Anyway, I just wanted to give you guys an update that we have been on top of this issue, and we would never want to jeopardize your security on our site. Our blog would be nothing without you, and to us, you are always our first priority.


Related Posts Plugin for WordPress, Blogger...

Tags: , ,

  • http://twitter.com/JoshuaRyan_ Joshua Ryan

    I did mean to tell you, This blog of yours has been making my dinger go ding for my virus protection and firewall. It has also taken me to phony websights about 3 different times.

    • http://www.thebeautynerd.com Connie

      Thanks Joshua – we took everything down and put it back up again as a clean slate. I apologize for the inconvenience it may have caused. Things should be ok now, but please let me know if you still see something unusual!

  • http://www.whattastyfood.com Kelsey

    One of my websites is doing this as well.. gotta figure it out :(

    • Connie

      Peter here replying on behalf of Connie:
      Google the “timthumb.php exploit” – there are lots of sites out there which will give advice if you are technically savvy on how to go into your web host and eliminate the files.
      Before you do anything back up all of your files, using the WordPress interface to back up your database (which contains all of your comments, posts etc, I think), and then back up the contents of your upload directory (I did this via FTP to our host).
      See the following link for help: http://wordpress.org/support/topic/site-hacked-newportalsecom/page/2

      If you can’t stomach the technical gobbledygook it would appear that this company will clean up the mess for you and then monitor your site for the next year for a fee… see: http://sucuri.net/
      For many users this is probably a less headachey way of solving the problem, as they will also deal with other stuff for you like managing your “reputation” with google and whether your site is bad or good.