Sometime Friday 21 September, the adserver here at the Bitchery was hacked and malware code was appended to the ads and the spaces that house them, causing a heaping pile of trouble, which most of you saw as a malware/danger warning from your browser.
Thank you to everyone who emailed or tweeted or messaged me to alert me that something was wrong. I really appreciate that you did.
After a lot of hunting, scanning, dumping of databases and cursing, the Captain at Hosting Matters, the fine folks at Securi, and I cleaned out the malicious code, and as of this morning, Google reported no malware present on the site and we're clean and fresh!
It's terribly embarrassing and I was so upset about it, not only that the security of the server was compromised (and way too easily – that chaperone was not worth the effort) but that malware was running amok and possibly using my site to hurt other people.
First: I am so sorry that this happened. I'm taking steps to make sure it doesn't happen again, but I am so sorry that the site was down and that our security was compromised. It's like we've been revirginized again – and I've got, like, eight new chastity belts protecting the site's back end. I can understand why SBTB was targeted from a readership perspective, but honestly, I wish hackers would do something more interesting with their time. What a mess.
Second, if you haven't scanned your computer for malware or trojans in awhile, here are some tools to help you do that.
PC users:
Here are some step by step instructions to remove malware in Windows safe mode, and here are some options for malware and spyware removal tools:
- Ad aware
- Malwarebytes Anti-Malware * The free version has to be run manually by the user. The paid version runs automatically and continuously once installed.
- Spybot – Search & Destroy
- SuperAntiSpyware Free
Also, anyone online should have antivirus software on their machine. There are loads of choices, some which cost some money, like Norton, some which are free, such as Avira's Antivir
Mac users:
Alas, there are not as many to scan for malware and viruses. That could be either a blessing or a curse.
- MacScan has a free 30-day trial and a paid version which costs $39.99.
- ClamXav2 (who named that? Holy smokes) is a free virus scanner for OSX.
If you're running a website, back it up regularly. Depending on what CMS you're using, there are options for WordPress, Drupal, or ExpressionEngine, and they're relatively easy to set up and start using. Backups are your friends.
Plus, there's a kickass service called Securi that scans your site (or sites) and helps get rid of malware, defend against attacks, and if there is one, helps you clean it up. A one-year subscription for one site is $90, and since I've signed up with them I've been monster impressed with their services. So if you're considering increased protection for your site, have a look at their services. Thank you to Kirk Biglione for giving me the heads up about this service.
I'm so sorry this happened, and I'm working to make sure it doesn't happen again. I missed you guys like whoa, and I'm so happy the site has been given vouchers again and is ready to dance. Gangnam style!
Welcome back! Sorry this happened to you. Was this a security flaw in EE or something with the host server?
I did see this last night, and my husband was concerned about what websites I was visiting! No harm done at all. Glad to see you’re back safe and sound once again! <3
Not EE – the adserver, Open X, which I now understand is protected by a chaperone who is constantly sleepy. I’m looking for new adserving options now.
Welcome back Sarah. I’m sorry that this happened to you – it jus plain sucks all around (hackers need to get a life). Thanks for all of the links.
Hackers are such assholes…but not enough to mess with the Bitchery!
Scary stuff. I seriously never considered this happening. My site is still small—only about 400 views a day, but it’s something I will think about. I am so happy all is now well in the land of bitchery.
Happy that the site is back!
Welcome back, Sarah. I hate hackers too. Happy it’s over, and hopefully your you fixed that hole in the wall. 🙂
Also, thanks for the tips, I have some, but will look into the others you listed.
Glad to see you’re back. Horrible that you had to spend your weekend cleaning up after hackers.
Sorry you had to deal with such a headache, and we’re glad you’re back! Not that the Twitter feed wasn’t cool to read though. I’m not sure how I feel about the re-virginization though. I kinda liked the thought that this place might be a bit on the feminie-free-to-fuck side. Still, thanks for taking our safety/privacy so seriously.
I can’t help noticing that at about the same time Jessewave was also hacked: http://www.reviewsbyjessewave….
Does someone have it in for the big Romance sites? Or is that just a coincidence?
Welcome back! I missed you, even though the douchebag hackers didn’t have your site down _that_ long. Kudos to your security guys, too – send on a “good job” from me. 🙂
It’s certainly widespread: last year an ad-server at a major metropolitan periodical’s website tried to serve me up some malware! My personal wordpress got hacked repeatedly at one host who refused to upgrade the provided wp install so I moved hosts to someplace with a better sense of security.
Nobody can be bulletproof but it’s amazing how far these hacks will percolate
Wellcome back
As someone who just got her computer out of the shop because of a virus, I urge everyone not to live dangerously like me and put some protection on.
Gee, your hair smells terrific!
Lol at Gangnam style. Kpop in SBTB. The awesome.
Thanks for the tip on the Mac virus scanner. I’ve been looking for something for my new iMac. I’ve got my PCs covered, but this is my first Mac and I’m still learning software. 🙂
I actually had a business fold because the site got hacked and I just couldn’t get it clean enough again. So, I’m glad you got it sorted out quickly! Also, Sucuri is awesome and they have a free website scanner too, if you’re unsure if your site is hacked or not.
My last site was WordPress and I was hacked three times. The most frustrating, angry-making time of my life. So sorry you have been dealing with such a shitty headache. Bloody hackers.
iAntiVirus works for macs and there’s a free version as well.