By day, I’m a computer security professional. It’s nowhere near as glamorous as it sounds (unless it sounds not glamorous at all, in which case you’re spot on!). But it has its benefits, and one of those is that I get to learn about mistakes other people make — so I can avoid those mistakes myself! And also so I can share the lesson with you.
There’s safety in numbers.
What’s It Do?
I’ve written a series of posts about protecting yourself, your ani-blogging website, and your readers. The category is called Blog Safety. It’s been about a year since the last safety post (as opposed to the Safety Dance), but something has come up that I think you should all know about. It’s a very real threat that that a recent article in ZDNet called “today’s largest WordPress hacking operation.”
The attack is devastating. It installs a back door into your site, which means they get complete access to your site — and everything in it. The infection immediately replicates itself to every theme that’s installed. If your site is on the WordPress shared server, the infection will spread to other WordPress sites on that server.
The criminal group controlling the infection is called WP-VCD. They way they make money, as the article I linked to above says, “involves inserting keywords and backlinks back to their distribution sites.” They also use their infection to make your site display their advertising.
And just to make sure no one gets the wrong idea: No, WP-VCD do not look like or act like “criminals” like Revy from Black Lagoon. The are serious, seasoned professionals who are, unfortunately, very good at what they do. Not that Revy isn’t good… Capture from the Hulu stream.
A Self-Inflicted Wound
Here’s where “no free lunch” comes into play. WP-VCD appropriated many paid WordPress themes — themes that reputable vendors offer to customers like us ani-bloggers. Those vendors charge for their work, though. Internet culture being what it is, an unsuspecting blogger will come across one of these hacked themes for free, figure it’s worth the risk, and install it.
Within seconds, their site will no longer belong to them. In some cases, they might not even realize it right away.
So, the lesson to take away from this is not to use pirated or stolen themes. It’s not worth the risk. If you don’t have enough money to buy themes, stick to the free ones available in the WordPress marketplace. They are some great choices there. I’m using Editorial Plus, and it’s doing everything I want it to. At least for now.
Getting rid of the infection isn’t a task for the faint of heart. The best procedure I could find is from MalCare. It’s a clearly written approach, but it will take time. Time you could be spending writing. Note: The MalCare post mentions they have a plugin to automate removal. I’ve not tested it, so I can’t comment on how well it works. If you’ve used MalCare, please let me know in the comments — I’d love to know how it worked.
Getting rid of the infection is a lot more work than Ryuuji had to work to get rid of the mold on his baseboard in Toradora. Capture from the Crunchyroll stream.
Keeping a blog running can be a lot of work. Heck, the act of writing itself can be a lot of work! You can protect yourself from even more work by not installing pirated or illegally obtained themes or plugins. It’s not really an issue of right and wrong. It’s an issue of keeping your site yours! I enjoy reading your content, and I want to do my part making sure you have the time to write it!
7 thoughts on “Ani-Blogging Safety Tips: Keeping Your Site Yours — No Free Lunch Edition”
As they say, if you are using pirated software, you are basically asking to get hacked or have malware infect you computer as one doesn’t know if someone sneak in a backdoor or a trojan The same goes for illegal anime stream sites.
You know, you and I know a lot about managing systems. We have a different perspective from most bloggers. We know that loading untrusted code borders on insane.
But folks who don’t have that perspective?
What’s common sense for those of us who build and administer systems is sorcery to others. I just wish there was a way I could distill the lessons I’ve learned without having to impart the technical knowledge.
And don’t get me starting on the infections resulting from illegal streaming sites… Forget the arguments about licensing and the creators getting paid. The conversation should be about not catching the electronic equivalent of STDs!
Good thing you are warning us about the dangers of installing pirated themes. “If it’s too good to be true, it probably is” bodes very well – especially with WordPress themes!
Thanks! Glad you think so.
This is particularly dangerous because free themes feel so much like fan-subs — available free, without consequences. But these themes will really ruin one’s day!
Thanks for the heads up