My wordpress got hacked

Last week while doing some Google searching, I notice my SEO meta data on this site had been hacked. Oh joy… A little poking around quickly confirmed the issue/problem. Oh joy, again… Time for a little cleanup. Thought I’d share the process in case any of you find yourselves in this predicament.

The process:

  1. Make a backup, just in case things go horribly wrong. For me, since I knew what I wanted to preserve, I just grabbed a copy of my database and uploads folder.  If you’re not familiar with WordPress, you might just want to grab everything.
  2. Quick assessment/documentation of the site – plugins, theme, site configurations – anything you’ll need to put back.
  3. Decision time: to clean it up or blow away and start fresh.  For me, I decided it’d be easier to blow everything away and start fresh – I only have about 500-ish posts and only about a 100 or so uploads.  And this site has been through various themes, conversions, etc., so the database, along with the hack had grown way beyond anything I wanted to try and clean up.  Miss something and all that effort could go down the drain, so it’s was just easier to start fresh.  Your mileage may vary.
  4. Next I disabled any plugins I wasn’t interest in keeping – an attempt to make the export process as clean and simple as possible.
  5. Export “all content” using the export feature of WordPress.  You want to be sure you’re exporting from the most current version of wordpress.  More precisely, you want to make sure whatever version you export from will be the same version you’ll reimport into.
  6. Now that you have your content (the XML file WordPress just exported for you) and other important files you snagged from the backup process, you’re ready to blow away your existing WordPress install. For me: I simply created a new database, along with a new database users and password for safety.  I then blew away all the WordPress files except for my /wp-content/uploads folder.  Now, you need to systematically go through your uploads folder and verify everything in there belongs and is clean – don’t just assume – verify or all this work could be for nothing.
  7. Now go download new/clean copy of WordPress – don’t use your existing files since they could have been compromised.  Again, it’s important that your versions remain consistent, so be sure to use the same version you exported with earlier. Upload your new files and configure WordPress to use your new database.  The configuration/install process is triggered by simply accessing your website URL after you’ve finished uploading WordPress.  Be sue you use a new admin password, you old one is compromised – it’s also a good idea to steer clear of the “admin” username period.
  8. Now that WordPress is functional, but empty, go download plugins and themes you may need.  Again, these should be fresh downloads, being sure you keep the versions consistent.
  9. Ready for import.  Simply click on tools import – WordPress. You’ll have to download and install the WordPress import plugin, but if you made it this far, you’ll make it through that.  Once the plugin in installed, you simply import the content.  You’ll have the option to reattribute post to existing or other users.  You can also decide wether or not you wan to download/import files.

A couple of things about about the import process.  At the time I’m writing this it’s WordPress is 3.7.1 and the importer is 0.6.1, things do change.  The first time I ran the importer I didn’t check the “download and import file attachment” option.  Remember, I left my “cleaned” wp-content/uploads directory in place.  This preserved all my image links and such, but didn’t populate the media library – it was empty.  Not exactly what I wanted, so I dropped all the table in the database and went through the WordPress configuration and import process again, this time checking the “download and import file attachment” option.  That populated the media library, but create a couple new problems:

  1. It duplicated, and in couple of cases tripled all of my files.  I assume this was because the import process was acquiring/downloading and writing the files to the same directory and simply append the file names with a 1, 2 or 3.  Oh well – no biggie.
  2. But on some posts it also didn’t edit the img link correctly to reflect the new file name it just created during the import process.
  3. Most, if not all, relationships between the media library files and the posts they were used in were broken – not attached.

Not to worry, all isn’t lost. I simply examined all the post that had image links. Using the Search Regex plugin I searched all posts for  img tags.  That’ll help you identify the posts, then basically you just have to examine and repair any posts where the image link got fouled up.  During this process I also relinked these posts to the media library file so those relationships would exist. Finally I went back through my uploads folder and deleted all the duplicate files the importer plugin had created.

All-in-all, it sounds a lot worse that what it was.  If the importer plugin had worked correctly, this would have been a piece of cake, even so, it just took a little extra effort to clean up from the import process.  My almost 50MB database had been reduced to just over 1MB, the site nice and speedy again and my Google searches where no longer polluted with a bunched of hacked up meat data after a few days.

This time I’ll do a better job of keeping my WordPress, plugins and themes updated.

Words

Words

My pal smays.com turned me onto the idea of summarizing your plan for the year in three words.  The idea is for these words to govern your efforts and act as a guide throughout the year. So, every November/December my mind starts to chew various thoughts into something that can be digested.  My words for 2010 were; people, priorities and performance.  This year they are; service, understanding and freedom.

It’ll be interesting to see how these hold up over the course of 2011.  It’s all about change in my work life as we’ve taken an axe to the IT infrastructure we’ve built over the last 15 years or so.  We’re questioning everything, in effort to better serve our customers, understand their needs and set them free from the typical IT standardization crap that is generally a battle about control.

The only constant is change

The only constant is change

My pal smays.com made a suggestion to me today, to write about a technological revolution that’s taking place where I work.  I’ve always been reluctant to write about technology and what I do, basically because I live, eat and sleep this stuff daily and I thought writing about it would be too much.  But, perhaps writing about it isn’t such a bad idea, I mean, I haven’t written much here in a long time anyway.

So, this blog will take another shift for awhile and we’ll just see how it goes. I’ll continue to post softball and baseball stuff, but with my metamorphosis from coach to dad as of late, I definitely need a new focus here.

Facebook virgin no more

A few clicks and just like that I’m on Facebook…  I resisted it for years, not sure why, perhaps because everyone was doing it and and I simply enjoy the path less traveled.  Not to mention this blog has been my online existence for many years and I just didn’t see the need.  The thing that made me cave was a Google search that turned up an old friend who happened to be on Facebook, like the rest of the planet.  So I signed up, I still have no idea what I’m doing or why, but managed to find a bunch of friends I haven’t seen or talked to in twenty plus years – a few of them had major impacts on my life.

The struggle now, is do you reach out them or is it better to leave the past in the past.  Things are rarely as good in the present as they seemed in the past.

Passionless in IT

Can “IT crawl out from under the ambition-crushing, innovation-sucking, soul-destroying minutiae of just keeping the digital lights on.”

An interesting line from a recent article in Computerworld.  Seems the passion within IT of truly engaged professionals has fallen from a high in 2007 of 12% to only 4% in 2009.

Without a doubt it’s been a difficult couple of years – the pressure to keep doing more with less and less takes a toll.  I personally can’t remember a conversion in the last few years that didn’t primarily revolve around cutting cost.  And we’ve amassed quite the pile of half completed/tabled projects over the years.

I’d also add that technology these days is a bit disjointed – HA!  Few things seem to work out of the proverbial box and interacting with manufactures support; well most would rather have a root canal.  Technology has always been a bit like putting a puzzle together without a picture, but these days not only is there no picture, it seems someone tossed in a bunch of extra pieces (from another puzzle) just to make it more fun.

ComputerWorld’s article does a good job of describing the situation. However, the question remains, what can be done about it?

Back online

It’s been a busy few weeks, I think, since the ole blog has been functional.  As I’ve alluded to previously, it was time for a fairly serious change at philatkinson.org.  Baseball and softball will remain a passion here, but I expect it’s influence on this site to lessen as I’m able to spend more and more time on photography.

Technically, not only has the design and focus changed, but so has the underlying technology.  Most of you won’t know or care, but as part of this overhaul I’ve migrated from Drupal to WordPress.  It wasn’t an easy task, but it was a lot easier than I thought it’d be.  Personally, I found Lincoln’s article over at Social CMS Buzz quite helpful.  It’ll get you through the heavy lifting, but I found there was a bit of SQL clean up necessary.  That shouldn’t be a big deal if you’re used to Drupal (more specifically MYSQL), if not, you’ll just have to educated yourself a bit first.  Just remember to backup the database before doing anything you’re unsure about and you’ll be OK.

As for why the move?  I love Drupal, I really do, but it was a lot work caring and feeding for it.  Upgrading, redesigns, etc., are fairly large endeavors compare to WordPress.  And for a personal blog, it was just more technical effort than I wanted to keep investing.  Being honest, I’ll admit to becoming frustrated numerous times with WordPress during  the transition.  There’s just so much flexibility and power with Drupal — WordPress often felt like trying to squeeze a square peg into a round hole, but that’s the trade off.  Ease of use at the cost of flexibility.  Even so, I think I’ll be happy with the trade off as I’ll have more spare time to pursue other interests.

Interacting with IT

Jennifer sent me this list a few weeks ago; it’s one of those internet lists that get circulated via email.  I haven’t personally experienced all of these, but over the last 15 years, I’ve experienced my share of them… they’re a lot funnier reading than experiencing for sure.

Years ago an office manager who got sick of Windows 95 decided to upgrade every computer in his office to Windows 98, needless to say the first we heard of it was the following morning when everybody began calling the helpdesk since nothing worked anymore.  It was like pulling teeth getting them to admit what had happened.  A quick trip home to pack, an airline ticket and several days later we manged to get the office operational again.  Proof positive that a little knowledge is a dangerous thing.

Instructions from the I.T. Department

  1. When you call us to have your computer moved, be sure to leave it buried under half a ton of postcards, baby pictures, stuffed animals, dried flowers, bowling trophies and children’s art.
  2. Don’t ever write anything down, especially the error message that was on your screen.
  3. If we ask what the last thing you did was, always respond with, “I didn’t do anything.”
  4. When we say we’ll be right over, immediately find a reason to leave so you won’t have to answer silly questions from us, like “what’s your screen saver password?”
  5. When describing your problem, just tell us what you were ultimately trying to do. For example, just say, “I can’t get my email”. We don’t need to know that the computer won’t even turn on.
  6. Feel free to ignore any email sent from us, especially those marked with high importance. You don’t really need to know about the latest virus that wiped out your neighbors hard drive.
  7. Always send important and urgent emails in all uppercase.
  8. When the copier, or anything else remotely electronic, doesn’t work, call us. Heck, if we can fix computers, we must know all about copiers too.
  9. If the document you sent to the printer didn’t print, send it at least 20 more times. One of them is bound to work.
  10. Don’t ever learn the proper name for anything technical. We know exactly what you mean by “my thingy blew up”.
  11. Don’t waste your time using the built in help files. We already had to learn the hard way, why should you?
  12. If any of the computer cables are in your way or keep moving, be sure to route them across the top of your portable heater or set something big and heavy on them to hold them in place.
  13. Never bother reading any message that pops up on your screen. Just click the X to close it or the first button your mouse gets to.
  14. Don’t ever try rebooting the computer yourself. Call us immediately. Only experienced, highly-trained professionals should attempt that.
  15. Feel perfectly free to say things like “I don’t know anything about this computer crap”. We love hearing our area of professional expertise referred to as crap.
  16. When you receive a huge movie file that’s really funny, be sure to forward it to all your friends. We have plenty of disk space and bandwidth.
  17. Don’t bother bringing a radio to work, just listen to music over the internet. Like I said, we have plenty of bandwidth.
  18. Don’t even think of breaking large print jobs down into smaller chunks. Somebody else might squeeze their one-page document into the queue.
  19. When an I.T. person is carrying heavy equipment, worth thousands of dollars, that’s the best time to ask why your screen saver quit working.
  20. Don’t bother to tell us when you move computer equipment around on your own. We certainly don’t need to keep track of those things.
  21. Your computer case makes a great flat surface for sitting drinks or potted plants on.
  22. Do whatever you can to cover up those ugly open air slots in the computer and monitor.