Leaving PowWeb Over Malware Attack

Malware is evilApparently my site, as well as 30,000 other WordPress sites, became a victim of some type or malware or virus. For around 24 hours this site, and every other site I hosted on this PowWeb account, was totally shut down.

How this attack happened, I’m not really sure. My host insists it was an FTP attack which would also mean it wasn’t a WordPress vulnerability, so take me off that list of 30,000 sites.

However, my host refuses to tell me how it happened, when it happened, all files/directories affected and how they plan to prevent this from happening in the future. My username and password for my FTP server are secure, I almost never log into my FTP server and have not used any of the notorious leaky FTP clients.

So it’s after several months of downtime induced by high traffic to my site, and this latest hack, that I have decided to once and for all, leave PowWeb for greener pastures. I am currently looking at Media Temple and LiquidWeb as replacement hosts. They both seem to be far superior, if not at least far more expensive.

I am also planning to write an article on how I secure my WordPress sites. Even though this one was apparently hacked, it wasn’t because of the numerous WordPress security holes, it seems it was the holes in my host’s security. Somehow I managed to not be one of the thousands of WordPress blogs hacked this week! So there is an upside huh?

WordPress Experts, I Need Your Help!

For the last few months I’ve been having issues with pop-up ads showing up on my blog. Originally I thought it was a bug with my new favorite commenting system, @LiveFyre, but that was ruled out. They were even kind enough to look around my blog for the problem and couldn’t find it.

I’ve done just about all that I can think of. I manually went through my WordPress database cleaning out extra tables and entries down to the bare essentials. I got rid of all my plugins and themes, deleted every orphan database entry, wiped my WordPress install and even got my host involved.

They did some searching and twice found an iFrame with malicious code injected in it. They removed the malicious code, twice and the problem stopped, before coming back each time.

I did my own tests, Acunetix, Norton, SiteLock and M86 security scans all came back clean. One of my Twitter friends, @TheDigitalNinja, did his own scans and found nothing. Continue reading