Victim Of Malware Attack, Pharma Hack

Computer Frustration

As Facebook celebrates the “hacker way” amidst its looming IPO, my website suffers from a serious malware attack, inflicted by some bastard, criminal hackers. (Dont’ worry, this infection impacts my site, and will not harm you.)

My ongoing saga…

Last fall, several readers of this site notified me that various pages contained names of several male-enhancing prescription drugs. And then others pointed out that a Google search for my name led to search results littered with the same.

CRAP! I’d been infected with the “pharma hack”!

The purpose of this hack is to gain valuable links from pages that rank high in Google search results, and leverage that reputation to increase search-engine visibility for other sites — in this case, shady pharmaceutical sites located in Canada.

This practice is considered “Black Hat SEO”. It’s illegal, time-consuming and damages my own online reputation, as my Google mojo has definitely been reduced. In fact, Google removed my site for a few weeks back in November 2011, until I could prove that my site was clean. My traffic decreased 50%.

These pharma hackers are some sneaky bastards: The results of the hack are visible only to search engines, while most of the site remains visibly unaffected to users. The pharma hack hid malicious files deep in my WordPress (content management software) folders in order to gain control of my site. The site targeted and manipulated select pages that receive more traffic.

I’m no software engineer, but I went into my site’s content management system and attempted to remove malicious files.

I thought I fixed the problem, but attacks continued.

I sought help from my site host (DreamHost, which recently has been brought to its knees by malicious hackers), but they were pretty useless. Even though I underscored I’m not a technical guy, they sent me some highly technical articles about the problem. Thanks for nothing, DreamHost.

I’m also a paid subscriber of VaultPress, a security and back-up service from Automattic, the makers of WordPress. They were helpful (yet inconsistently responsive) in recovering the site and claimed to have removed malicious files. But the hack kept coming back, indicating to me that they don’t have a firm grasp over this popular malware. Hopefully they will overcome it, because that’s what I thought I was paying for.

So it’s been several months and I’m still getting attacked. The problem is severe and beyond my ability to rectify on my own.

So I recently signed up with Sucuri, a website security firm that has high knowledge of WordPress and the pharma hack. I’m really hoping they can help. If they can, I’ll be sure to report and endorse them.

Finally, I’ll point out that WordPress is wonderful and wildly popular open-source software, but that’s made it popular among hackers. The people behind WordPress are very good, to be sure. But I sure wish they’d do more on the security front.

This malware issue is severe and I’m losing patience.

*If anyone reading this has technical knowledge and can help my situation, I would really appreciate it and will endorse you.

(Photo: f1uffster)


Published by Max Kalehoff

Father, sailor and marketing executive.

Leave a comment