I am a sweet woman–a grandmother, even. I write a blog to share stuff I know with readers who may not have as much time to research stuff as I do. I am not important. I am usually nice. But if I had a gun and was in the room with whomever hacked my blog, someone would be missing kneecaps and fingers. Just saying.
This morning I got a message from DD#1 about the email I sent to some folks about the Ice Bucket Challenge video. She was very upset. When she clicked on the link for my blog from her cellphone, it rerouted to a porn site. PORN on my blog. I investigated from my computer and found all was well. I called her back and said so.
Long story short, she wasn’t convinced and when she took her computer in for a tuneup, she told the tech about it. They both tried going to my site –from their respective phones–she got porn and he got a Russian site. She called. I tried from my phone. PORN.
I immediately got in touch with HostDime who host my blog. Sent a repair ticket. A few minutes later I tried my site from my computer and it was shut down. They were already working on it. The email report said malware had somehow gotten the password for my cpanel and had installed mean and vicious stuff in all the php folders. If you don’t know what that means, well, I got lost myself after cpanel. They cleaned files, changed passwords, and sent me a list of to-dos. They also sent a list of trusted sites for programs to scan and remove spyware and malware from your computer.
I’m using a Surface Pro which is only a few months old. I have already taken it to the Microsoft Store once and it was totally infected with spyware and malware. (Yes, I am protected, but . . . )Now this!!
I tried to follow Hostdime’s direction to upgrade the WordPress software. I was a disaster. I worked on it for 3 hours, then sent them a pitiful note admitting I couldn’t do it, didn’t know how to do it, had downloaded the same update 4 times but had no idea how to launch it or where to put it and I needed to go to a neighborhood party where alcohol would be involved and I was giving up.
And I did.
When I came home, a tech had replied with one simple instruction and an apology for creating so much stress. He said they weren’t allowed to upgrade it for me, but that if I could not do it, he would. Then he said the magic words. Go to this place, a place I had been many times today, and look for the blue arrows. To install updates, you click on the arrows. It took 30 seconds. BUT–the instruction to click on the blue arrows was not written anywhere on the screen. A-r-r-r-r-gh!
Now — How did the malware get into my computer? I am notoriously non-trusting of any site or message that comes from a source I don’t know. I don’t install things I don’t know about. How???
It seems that reputable products that we have all used for years to get around the internet comfortably are now being used by hackers–and businesses–to get into our computers. Java sends a message that you need to update. This has been going on for years. But now–it might not be Java calling. Same for Adobe. Are you told you don’t have Flash on your computer and you need to download it to view this website? STOP. Go to the website of the program to download updates. Don’t be surprised when it tells you you already have the current version.
Run a scan of your computer to see if you innocently allowed malware to get through. It’s easy. Here are the sites Homedime sent me.
Microsoft Security Essentials: http://www.microsoft.com/Security_Essentials/
Spybot S&D: http://www.safer-networking.org/index2.html
No one single anti-malware application will catch 100% of all malware on-the-wild, so scans with two or more reputable malware scanners is recommended.
I changed the password for my blog stte. You know I am not even sure where the other passwords that were changed are. I’ll look for that another day. Not tomorrow. Tomorrow I will be changing lots of other passwords. And putting pins in the hacker doll I just made.