I received a LinkedIn message on Monday (from a good friend of mine Leland) and after a couple of messages (first Leland thought I was doing some kind of test – his initial message asked if I was security testing with a casino link)
Then late in the evening he sent this:
This is what the site looked like on Monday:
Sorry for the size, but I wanted to show the complete page and look on my Firefox private window. do you see the little tiny black dot on upper left of the page?
I make a big deal about this, because an honest assessment is worth gold in this world.
So with this information I decided to make the switch final, as I had been thinking of moving my site anyway. I had been having some problems with my (now) old hosting company 1and1.com, The company was going to a simpler user interface over the years (was a customer with 1and1.com since 2009)
When I set up Oversitesentry.com I did not add to 1and1.com instead moving to a different host provider inmotionhosting.com, which is where this site is located. I am used to “complex” IT configurations, and in fact know and have used cpanel etc.
Well, cpanel was removed as an option sometime in 2013 at 1and1.com I think. So I have been thinking of moving for a while, and was testing an additional wordpress site on inmotionhosting.com, so I took all day yesterday (woke up at 4am) and moved the site 1 post at a time. I copied and pasted from a new base WordPress install instead of trying to move the database, since I was not sure where the hack was in the WordPress install.
Notice the little dot which I blew up here and placed a large arrow.
I have always wanted to see a hacked WordPress site as an example, so I suppose I got my wish… I have copied the site files etc from the now old hosting company.
In the late afternoon I went to my registrar and pointed the name servers to the new company (ns.inmotionhosting.com and ns2.inmotionhosting.com) Once the site was operational the way I wanted it at http://www.fixvirus.com
Interesting to note here, what used to take a weekend or 12-48 hours to move a domain from one hosting company to another, now takes only a couple of hours. The old servers are receiving only a trickle of email (using the old DNS ip addresses) as of noon. By tomorrow I should be able to pull the plug on the old site altogether.
Just like what we recommend
on Twitter @fixvirus with our hashtag #testforsecurity
A hacked WordPress code is supposedly difficult to find, so I took the other route and just migrated my site off one hosting company to another.
In the future I am installing a Sucuri plugin and making backups more often. Now I have a clean backup with the current 100 posts and 15 pages.
The backups will be easier to manage on the new hosting company.
Let me know how I can help http://oversitesentry.com/tonyz/pubhtml/fixvirus/contact-us/
A future project will be to reload the infected site on a test platform and check for the hack code.
Updated 3/19/15 – made some minor edits