ninth level down

As if having my parker1.co.uk site hacked and dropped from the Google index wasn’t enough, I was notified yesterday by Streamline, the host of my ubuntusatanic.org site, that they are going to suspend my site in 5 days’ time! The reason they gave was:

“Whilst diagnosing performance issues with the server that hosted this site, it was noted that large downloads from this site were affecting the performance of the server.”

It seems that even though Hardy is still in beta and the Ubuntu SE changes aren’t even released yet, the downloads of Ubuntu SE have been enough to get me kicked off… and I pay for so-called “unlimited” downloads!

Streamline state in their terms and conditions that they will refund the entire subscription fee if they cannot host a site due to high bandwidth, so we’ll see about that.

Until then, I’ve signed up with BitFolk to provide a dedicated server running Ubuntu Hardy. It’s completely unmanaged and I’ve never run a server on the ‘net before, so I’ve got a lot to learn, but it should be a lot of fun.

Well, it’s been a few days since this site was hacked via a WordPress vulnerability and was dropped from Google. I’ve found out more about what went wrong…

The site was cracked using the “magic include shell”. Not only did it put invisible links in the WordPress main page and in one of my posts, but also in the main page of my site. Here are some links on fixing this and protecting WordPress:

• How to protect your wordpress blog from hacking
• WordPress Backdoor
• Protecting WordPress from Magic Include Shell

I’ve upgraded to WordPress 2.5 and installed a security plugin, so hopefully it shouldn’t happen again.

The more I think about it, the more annoying it is. It’s not really the fact that the site was hacked, but that Google dropped it from its indexes. Sure, the pages only contain details on a few of my hobbies, but they ranked number one for searches such as “mythtv ubuntu” and even “building a shed”! Now they don’t even appear. It’s as if they never existed.

I’ve put a lot of work into them over the years and everything from my Myth TV pages to my Eternity Screensaver project has been affected. I’m sure it will be back up there soon enough, but I can only imagine what affect this kind of thing would have on small business sites – what if this was my livelihood? Imagine if I ran my business from here and 80% of the traffic on the site came from Google?

The fact is that I was naive and stupid, but the punishment doesn’t fit the crime. I know that what Google did was fully automated, but the rules are set by humans. They knew full well that this was a hack as they stated it in the email they sent me. I just think that they should have given me a chance to sort out the problem before taking such drastic action.

I got an email yesterday from Google informing me that this site had been dropped from their index. Sure enough, instead of being the top hit in a number of searches, it’s now completely disappeared from all search results. Don’t really know why I’m writing this, coz nobody will ever find it…

…and the reason… the site had been hacked and contained a load of viagra links. When you viewed the page, there was nothing unusual, but look at the source and there were a load of links to dodgy sites. It was this WordPress blog which had the vulnerability. Two files in the theme, header.php and footer.php had be overwritten and also in one of *my* posts, there was a hidden font reference which contained a load of spam.

I’ve upgraded to the latest WordPress and removed the offending files. It’s good of Google to let me know – they sent an email to all the usual “webmaster” addresses telling me what had happened. Still, it’s a bit annoying that they dropped the site first without letting me fix the problem. It’s a kind of “guilty until proven innocent” approach.

I’ve learnt my lesson, though. I thought of ditching WordPress and using a hosted blog, but there are too many links to my blog from other sites – MythTV questions and the like, so I’m reluctant to do that. I guess I’m stuck fighting the spammers for now.