Seaford Baptist Church Blog

Web design and implementation can be a funny thing.  You may have noticed the theme has changed on our blog – there is a reason for that!  Many use Internet Explorer as their browser of choice and never noticed any issue with the blog, but for those that used Safari, Chrome or Firefox the last couple of days were not good days to visit the blog.  But I digress – let’s look at the technical issues.

On 8/14 yours truly visited this blog in the morning to review statistics.  All was well.  Later that day, I visited again and was greeted with the page that stated the site was a reported attack site.  Perplexed, I needed to get this taken care of!  Here’s some information found for individuals using Firefox about this page (and this great feature in this browser):

Malware is software designed to harm your computer or steal your personal information without your knowledge. Attack Sites are Web sites that try to infect your computer with malware when you visit. These attacks can be very difficult to detect; even a site that looks safe may be secretly trying to attack you. Attackers will often hack a site to turn it into an Attack Site, and sometimes the Web site’s owner won’t even know that this has happened. You can learn more about Attack Sites and malware from stopbadware.org, a partnership among academic institutions, technology industry leaders, and volunteers committed to protecting Internet users from threats to their privacy and security caused by bad software.

Well, I had seen the page before on other sites, never on one I managed.  Time to dig in.  First, we were not hacked.  I keep the blog patched (upgraded WordPress to 2.8.4 on 8/12/09).  We moderate comments.  We don’t have ads on the blog.  Seems we’re doing the right things, but we have a problem.

I followed the instructions found in Google Webmaster Tools, reviewed what was found (a single page that pointed to an attack site) and started my hunt.  I reviewed all comments, any posts with links, everything I knew to do to see if I could find the culprit – no luck.

I contacted the hosting company – and they are the best in my humble opinion – and connected with Richard Carter.  Richard looked over the site and found the culprit – it was buried in our theme.  We had that particular theme for 3 years now, and I have made no changes to it.  The pages in question were dated in May of this year as to their last saved date. but obfuscated in those pages were a line of code that pointed to an attack site.  Richard removed the offending lines of code and we were clean.

(As a side note, Richard also pointed me to WOT – Web of Trust – and I am now using this as a plug in for Firefox.  You can use it in other browsers as well and I recommend giving it a whirl.)

Now I had work to do…since the theme we were using was older and not very popular (online, I liked it), it made sense just to change the theme.  I also had to go back and let a couple of organizations know we believed the site was now ‘clean’ and ask them to review it to be removed from the list (so folks surfing didn’t see the same page I did).

I also got a couple of inquiries as to what was going on, but 2 didn’t seem like many with all the traffic the blog got over this period (so many folks are using Internet Explorer and were possibly exposed to security challenges from a third party site, I have not heard of any negative ramifications to date).  My advise for Internet Explorer users, at a minimum install WOT so you get some indication that a site may be dangerous!  The code in our site was dormant code that was not activated on our site but was activated by a third site on the 14th – and if this happened to us it happened to many others (and could happen to other sites at any given time).

So that is what was going on.  Everything is fine now, but this may be of interest to some that noticed something odd over the last couple of days.

Timeline:

• 8/12 – standard security update applied
• 8/14 – noticed issue in the afternoon
• 8/15 – Had issue fixed thanks to hosting support at 7am
• 8/17 – Site back to normal with no warnings from browser and removed from attack site lists

Well, we had a way for folks to subscribe to stuff on the blog, but it was a bit clunky.  Since that was installed well over a year ago, it was time to look around for something a bit more convenient.  That’s where Subscribe2 came in.

This plugin has been added to the blog.  What it allows you to do is to subscribe to this blog!  Basically, you can find – on the right side listings at the bottom, a couple of links under the heading Subscribe.  There, you can register or log in.

Registering allows you to create an account on this blog.  Once you have registered, you can configure your account to receive the mail as you wish.  Basically, you can get an e-mail any time a post is added.  You can only receive a weekly digest of collections of posts.  And, you can subscribe to the categories you want to receive mail from.  Pretty nifty!

For authors, they can add a subscription area to their post (as I have done to the bottom of this one).  All in all, I hope this facilitates communication and our ability to receive the information we post and you wish to receive.  Take care!