So, you may have noticed as of late the site has been… uhh, let’s go with erratic. The basic story is this, and I’m typing this now under the assumption it may return to wonky goblin-fed shitmess in the next few hours —
So, a few months ago, the site went down a couple times. Just down. Gone. Erased. Brought from back up, fine. Updated everything, that stopped happening. Then it was replaced by a Chinese search engine. Replaced from backup, fixed again. Then, a couple week ago — ads started showing up on the site. Google ads.
First, found the ad code in widgets.
Deleted the code.
Ads went away.
Then, two days later, ads came back up, this time found that plugins had been installed without my permission — !! — and those plugins were creating widgets and using the code. Deleted plugins, shored up security.
Ads went away.
Two days later — ads were back. Took forever to find where they were — it was code in my theme. So I disabled that theme, went to the default theme annnd —
Ads went away.
Six hours later, they came back. And this time they were cascading through the backend of the site, and it became largely unusable. So, we shut down the site and applied new security protocols and here we are, once again, no ads.
No idea how long it lasts! So, I’m sending out this message in a bottle to update you. Still chasing down goblins in case. More as I know it! Apologies for chaos!
JJT says:
Hopefully you’ve already changed your admin login password – note that often the first thing they do is create a different login so they have a backdoor. So, be sure to check for any additional admin logins that may have been created to get back in each time you fix things!
Also, get a bottle of goblin-b-gon.
February 15, 2022 — 9:09 AM
Julie Means Kane says:
Good luck! I suppose you could consider this the cost of success – you must have enough traffic to be worth the hackers’ time.
February 15, 2022 — 9:26 AM
Steve Feu says:
I hate those guys! And they do it just because they can! Have you checked that old tunnel in The Rambles?
February 15, 2022 — 10:24 AM
Cheryl says:
Sympathies. One of those utterly frustrating expenditures of time. This is the modern world. Unsolicited: I’ve used WordFence(.com) with success. Even the free plugin. Optionally, the ‘help me with my hack’ service. Best regards.
February 15, 2022 — 10:44 AM
cchrisman says:
wow that sucks! sorry you have to deal with that!
February 15, 2022 — 12:34 PM
Suzanne Lucero says:
Genius you for finding where the problems were. I’m basically a Geek Squad girl, myself. I envy you the amount of money you save by doing it yourself.
February 15, 2022 — 1:34 PM
slipperywordswriter--JD Blackrose says:
Sounds terrible, but it is up and working now.
February 15, 2022 — 1:41 PM
Lynn Foss says:
I get your newsletter, and, don’t know if this is happening because of your goblins, but my inbox shows that it is from The Newark Times ( which is the genuine address of an email I am subscribed to). I have a screen shot of your email but don’t know how to attach it to this comment.
February 15, 2022 — 1:54 PM
terribleminds says:
That’s… definitely odd? I get my own email subscription too and it says terribleminds and no, uhh, Newark Times. Weird!
February 15, 2022 — 3:00 PM
terribleminds says:
(I note here that the actual email comes from donotreply @ wordpress . com — so very possible that something in your email address book has labeled it that way.)
February 15, 2022 — 3:01 PM
Val says:
I second the suggestion of using Wordfence I use them and and they are very good. However, in your place, I’d also be looking at changing my hosting provider – all these hacks and code injections suggest a weakness in server security.
February 16, 2022 — 2:13 AM
Pat Cadigan says:
After reading this entry, I can say that I am now, officially, a befuddled little old lady.
February 16, 2022 — 6:08 AM
Jeanne Felfe says:
Weird doesn’t begin to express how odd that sounds. I’m wondering if one of your themed has been hacked.
February 16, 2022 — 10:08 AM
Paul Brennan says:
If it helps, your account was highly entertaining. No, you’re right. It’s no comfort at all, is it? The only answer is to go full analogue. Handwritten newsletters, sent via snail mail. As Ripley says, “It’s the only way to be sure.”
February 16, 2022 — 12:15 PM