Are you a victim of WordPress extortion? Did the hackers get you too?

This screen met me one morning when I checked into my web site

Do you have a WordPress web site? Has it ever been hacked? Do you know if it has ever been hacked? Have you ever paid to have plugins installed, or have the site cleaned? Have you ever paid for SSL (Secure Socket Layer) or firewalls? I am a victim of WordPress extortion, and maybe you are too.

I’m told that there are roving bands of cyber criminals utilizing bots to troll the nets looking for specific pages in WordPress sites, and when found, inject malicious code into the site.

It seems that as the cyber crime industry began to rise in the online world, so too did the security industry. The two seem to go hand-in-hand — it’s a very, very lucrative business! According to Google, There are approximately 76.5 million WordPress blogs, with some 50,000 websites being launched each and every day. 409+ million people view more than 19.6 billion pages on each and every month. Did I say lucrative?

In 2010 a half dozen WordPress sites I had built were hacked with a php injection while hosted on Network Solutions*. They were riddled with malicious code, and unfortunately Google was the first to give me the bad news. Network Solutions security had backed them up leaving the hack in place, overwriting the good code. So, the sites were gone, dead, worthless, and had to be scrapped. A couple of the sites cost thousands to construct, and to this day, several of the domains cannot be found because Google* removed them from the search databases.

Get this: like a dummy, for two years I’ve paid SiteLock $20 bucks a month to scan the WordPress site and remove hacks. I’m threatened daily by Google that if my WordPress site gets hacked and malicious code is detected I will be eradicated from the face of the earth. It’s like the Mafia and their strangle hold on the drug trade*. But Google isn’t the henchman, the host,* told me in no uncertain terms,

IF you don’t use our services to keep your site clean, Google will ruin you, and your hosting account may be terminated!

So much for purchasing secure hosting. Unlike a decade ago when everyone was selling secure hosting, you’ll note that today, the word “secure” has been removed from their advertising, and the TOS waives all responsibility for hacks. Then they tack on security as an additional fee.

You’re on your own, buster!

Those f#*#*ing bots had been hacking the site every single day. For 20-bucks, SiteLock scans the site every single day, removes the malicious code, and sends me an email boasting of their victory over the hacker. The guys at Sitelock could not say what the hack did, nor could they say why? The site worked perfectly, and there was no sign of spam or forwards.

Finally I got so fed up I decided if I couldn’t put an end to the blood money, I would close down the URL. The story should end here, but it didn’t, and here’s the rest of the story:

One day, a young man from SiteLock called to tell me how they could do a lot better if I would buy a secure socket layer*, and let them install a firewall*. Their fee would merely increase by $130 per month. So, I pressed him to explain what’s happening, where, how and why.

Where is the hack?

He guided me to their site, and the logs for their scans each day. He pointed out where the hack occurs, and how it’s the same file, same place, different code, every day. he said

It’s a bot that trolls the web each day inserting this hack into all of the WordPRess sites it encounters.

I asked how come they don’t just watch the file and the moment it’s hacked they have the crook’s IP address, or footprint? Oh, it’s automated on a timer, no can do.

Since 1994 the site has never produced income. It has been a ‘community service’ to the computer user group community*, all funded out of my pocket. It made a few bucks here and there with Google AdSense* until the Penguin*, and other throttle policies sucked all the wind out of the sails. We’ve had a few loyal advertisers over the years who bought ads directly. Thank you and! All together, revenue totaled about point-zero-zero-zero percent of the cost.

I’m an old timer. This never happened with html sites* — or, if it did, one could easily delete the offending file. After we hung up, I went into the site via FTP* and gave the targeted file (in a CGI* bin) a new name “x” then generated an empty folder and named it the same as the offending file. Then I surfed the site and tried out all the features — finding NO adverse effect from the change. Everything worked just the same.

Three weeks passed, and the young man called once again.

Mr. Showker, did you think any more about our offer? Are you ready to let us protect the site?

I asked if he had been to the site recently, that I had not received a SiteLock confirmation email in several weeks. He said that’s strange, and we navigated to the SiteLock logs to see what’s going on. Sure enough, they had scanned the site but there had not been a single injection since the day I changed the file name. He was aghast. I terminated the account and all seems to be good again in WordPress land.

I still have this nagging voice in the back of my mind who asks . . .

Who would be more qualified to hack a site than the security people? Where do they get their clients, and how do they know who to call?

Just another one of those things that makes one say hmmmm. I’m currently building another WordPress site for … see’ya there.

Thanks for reading.

Editor/Publisher : DTG Magazine
 +FredShowker on Google+ or most social medias @Showker
 Published online since 1988

Don’t forget … I encourage you to share your discoveries with other readers. Just send and email, contribute your own article, or follow DTG on Facebook!

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.