Some of you visited my site in the past month and received a notification from either your browser, or your virus protection saying that my site was hosting malware. I thank you all for notifying me immediately of what you all were seeing on my site.
After thinking it was a rougue plug-in and trying to find off-site links in my site, I couldn’t find anything. I contacted my host about it, and they told me that my site may have been compromised, but it sounded like the issue was coming from your end.
After ignoring my site for almost a month, Google decided to black-list my site until I investigated in further detail, removed the malware, and prevent future attacks.
At this point, I was upset.
Tearing through my website, I discovered that there was an admin user other than myself on my install! But it didn’t stop there, no. My entire grid was infected. Every WordPress install I had on my server, was infected with this attack by “johnnyA.” Naturally, I Googled it. I found this article explaining what happened, how to fix it, and what was going on about it.
To my surprise, this attack was only a Media Temple related WordPress attack. They gave me good information on how to fix attacks by johnnyA.
None of my database tables were infected, to my surprise, only theme files, and jQuery files. Naturally, after safe removal of everything, I changed all passwords, etc for basically everything.
So. The point of this post is simple: If you’re hosted by Media Temple, and have a WordPress blog, you need to make sure that you were not attacked. Just check your admin users and make sure you’re the only one there.
Thank you all for your continued support of AlisonFoxall.com!