We’ve Come Of Age
As with every successful venture, our SiliconHalton.com site was hacked. In the spirit of openiness that Silicon Halton inspires to be, we’re publishing the incident and resolution.
The Symptoms
We received a small handful of scattered, intermittent reports of browsers displaying a malware warnings and Kaspersky Antivirus detecting a virus. The frustrating aspect was that neither were reproducible. Additionally, our site came up clean when tested using Malware detection sites, for example: http://www.google.com/safebrowsing and http://www.avg.com.au/resources/web-page-scanner/
The Investigation
Over a recent weekend, a number of us undertook some investigation and then actioned the fixes. Turned out we attracted links to two websites containing exploit kits that where somehow embedded into our site.
The Resolution
The resolution came from an article that outlined our exact symptoms. We did this next:
- Eliminated the malicious code from footer.php and header.php
- Upgraded all the plugins
- Upgraded the WordPress instances to the latest version
- We tightened the bolts down again. Every account reset their password.
- Some secret stuff we probably shouldn’t openly post here.
An Apple A Day…
Going forward, we will:
- Scan the site regularly for viruses
- Endeavour to ensure WordPress and plugins are updated regularly
- Find a security expert to join our team and own security.
In Closing
We’re not going to publish the malware names as we don’t want to give any more attention to the miscreants who created it and wasted our time resolving the problem. While understandably everyone is embarrassed about being on the receiving end of a hack, I’m of the personal opinion that unless you have the resources along the lines of the Department of Homeland Security, no one can afford to spend the continual resources necessary to ensure a 100% bullet-proof site. Eventually some hack, some bot, some person with no socially redeemable qualities will detect the tiny gap in your site and exploit it. Our defense is to take reasonable, commercially available, efforts to protect ourselves. Of course, always interested in learning what the Silicon Halton community’s thoughts are. (post blog note:) to quote Joseph Menn keynote address at the mesh conference on May 18/10 in Toronto, the good guys are being “creamed” when it come to cybersecurity.