My site was infected with malware!

Kyle Huang Junyuan Personal, Technology Leave a Comment

TL;DR – It’s fixed.

Just as I posted my first entry onto this site earlier on Saturday (31 March 18), it was hit by malware. So before I continue, I believe it would be necessary for me to apologise to those who were affected by it. The malware injected unwanted advertisements that led a few readers off-site.

For the record, I would never monetise my personal site as I believe my blog should be a tidy and easy platform to share my thoughts or ideas with anyone. Therefore, I would like to thank two friends – Joseph and Tommy who had a keen eye in spotting these suspicious ads that appeared. Joseph pointed out to me that I had many exposed scripts and people could very well mess up my site if they really wanted to. While me being me, still haven’t realised that my site was infected with malware.

Not a professional web developer

To be honest, I am not exactly a professional web developer that is proficient in coding secure websites that can deter the many cyber attacks happening across the web. You see, this malware was a little smarter. It only activated for certain visitors at a rate of 15% for example. It also knew not to inject it when I visited my own site so I had no clue. This incident has reminded me of the real threats in this online world. Many would question the possibility such an attack happening on a low-traffic site like mine but I can assure you the threat is real. Most of it, after all, is done by bots. This further brings out my next point in the importance of hiring the right people to run your websites. The cost you spend for web developers is not a waste of money. You pay for what you get and nothing comes free anyway.

Since I am running solo here, I have taken as many steps as I can to protect and harden my servers. This includes the lock icon you see beside the URL on the top bar that indicates an encrypted HTTPS connection – It helps to signify that your browser and my server are communicating with each other privately. I’ve also implemented firewall rules preventing any changes or access to my server configuration files. Of course, many more other prevention measures behind the scenes. All in a bid to prevent something like this from happening.

But it still happened

I have chosen to use an open source Content Mangement System (CMS) called WordPress. Advise from Joseph as well as many online articles tell you to stay away from it as it has lots of security vulnerabilities. However, at the same time, it makes content management for people like me much easier. I guess you can say the benefits outweigh the harm (for now). It helps a lot with Search Engine Optimisation (SEO) so that search engines like Google can crawl them easily. For a personal blog like this may not require security levels compared to websites like The Straits Times with thousands of viewers daily. WordPress also roll out regular security updates that combat any new vulnerabilities that come to light.

I wiped everything

Just to be safe, I have re-installed a fresh copy of WordPress on this site. Multiple online scanners have also shown my website to be clean. I honestly hope it doesn’t happen again. But just to be safe, I would recommend everyone to practice safe browsing habits such as to avoid clicking on unknown or suspicious links you see online. Even if a new window pops up in front of you, have a look at the URL first to determine its source. If it shows a weird link like luckypushh, close it immediately and inform the site owner.

I hope this has been informative and once again apologise for any inconvenience caused.