Ned Desmond shares the scary story of how a small site he managed that advertised fishing expeditions ended up with 565,192 scam pages
. He also suggests five ways to avoid the same fate.
Cape Cod guide Eric Staplefield didn't even have e-commerce on the site. Most of it was pictures of fish that his guests had caught. Desmond brushed off the first few calls from Eric about the site. But when he took a look, Google clearly thought the site was compromised.
Next I got in touch with Jennifer Zelazny, the WordPress developer who set up the site and had worked on it from time to time. She agreed to dive in. What she found was nasty. Hackers had accessed the site either directly through WordPress or through a plug-in on the site. She found at least 20 suspicious WordPress core files. There were also non-core files on the site with file names like “list.php” and “apis.php,” which to an average user might not have raised any red flags. Their names looked typical, but the time stamps were all recent — since July 2016 — and upon further inspection revealed redirects to other sites. She deleted the files, reset passwords, updated the secret keys in the wp-config, cleaned up other valid files with malicious code and then ran scans with Exploit Scanner and Sucuri SiteCheck scanner to ensure she found every bit of malware.
• How hackers turned a Cape Cod fishing guide’s site into a host for e-commerce fraud (Ned Desmond / TechCrunch)
Image: Moyan Brenn
‘President’ Donald Trump is expected to sign an executive order addressing cybersecurity today, Reuters reports in an item that cites “two sources familiar with the situation.” The EO is expected to be Trump’s first action to address what he called a top priority of his administration during the Presidential campaign.
Last week a software platform used by 1,000 cannabis businesses crashed. The CEO of MJ Freeway says the outage was caused by an “unprecedented, malicious attack.” From Fortune: An MJ Freeway spokesperson told the Globe last week that the attack was specifically targeted at MJ Freeway, which is based in Denver. The company reports that […]
A hacker called up T-Mobile and convinced the customer service representative that he was Jared Kenna. T-Mobile believed the hacker and transferred Kenna’s phone number from T-Mobile to another carrier. Once the hacker had Kenna’s phone number he took over about 30 of Kenna’s accounts, which had been protected with 2-factor authentication. The accounts included […]
Bamboo has lots of uses beyond just being panda food. Things like bikes, roads, scaffolding, and musical instruments are made from the fast-growing grass. But unless you are participating in a tropical-themed LARP, you probably wouldn’t want a shirt made from bamboo stalks. So why do bamboo bed sheets make any sense? Because yarn extracted from […]
If you want to work in tech, but don’t have any desire to code web apps to help businesses sell things to other business, you might want to consider a career in cybersecurity. Judging from the apparent complete infiltration of Russian hackers in American cyberspace, it seems fair to speculate that there’s a major shortage of […]
All moms are different. But all moms like getting flowers on Mother’s Day, and that’s a fact (not, however a fact we can document in any fashion.) Instead of getting chewed out for forgetting to call her on the second Sunday of May, you can take care of it ahead of time with Teleflora’s flower […]