Website Drama

HostGatorSeveral weeks ago, I ran into some problems when trying to install Debian 6 on my new ASUS X54C laptop, and I decided to shelve the project for a while. Yesterday, I decided that it was time to try again, but this time with Debian 7, which is supposed to have fixes for the problems I ran into the first time. So, I started the download of the ISO files, and while waiting on those to finish downloading, I decided to catch up on some reading. In one of the blogs I follow, there was mention of a photo utility that looked like it would be useful for one of my blogs, so, I pulled up that blog to try it out.

What I saw was not what I expected. It appeared that my GuestDietBlog had been hacked. The page looked like one of those “parked” pages, full of somebody else’s links.

That problem preempted the planned Debian 7 install. I spent most of the next 6 hours trying to figure out what happened and fix it.

I could not get to the wp-admin login at all. I tried another browser, which gave me a clue about the URL that was hijacking my blog, so I put that site into my hosts file. To my astonishment, the site was still being hijacked, but this time without leaving any clues in the address bar. I grabbed the page source for examination, which actually did come in handy when I contacted support at Hostgator, where I host GuestDietBlog. Next, I tried to connect to the site with Filezilla, and it reported that the server was unreachable. Then I went to the Hostgator CPanel to examine the files in that document root. I downloaded several of the main files in the document root to compare them with my last backup. Everything looked normal. None of the index or load files had been altered.

Next thing I did was to file a support ticket. After writing up the description of the symptoms and submitting the ticket, I went back to look at the site again. It was working! I logged in to wp-admin and did a backup, changed the password, and breathed a sigh of relief. Meanwhile, the Debian ISO downloads had finished. The panic had also preempted dinner, so I grabbed a bite to eat. When I came back, I checked on GuestDietBlog again.

That “parked” page was back.

So, I called the Hostgator support line, and got the message that the estimated wait time was at least 45 minutes, and that I should try the chat support, which I did. Chat support took about 10 minutes to connect, and when I did finally connect, I got to chat for about 5 minutes to describe the problem. The turnaround for each part of the chat was nearly a minute, and I was beginning to wonder just what the support tech was doing during those pauses. Then, he told me to clear my cache and try the site again. It took me a while to find where FireFox 19 had moved that menu item (on the main menu under the orange button on the upper left, it’s History -> Clear recent history), and as soon as I did that, the chat session was terminated. I figured out later that I was also clearing all current logins, which nuked the chat session, too.

When I checked the site, the “parked” page was gone, and I could see my posts page. But it wasn’t fully functional. I logged into wp-admin, and saw that all of the plugins had been deactivated, so I re-activated them. After checking to make sure the whole site was back the way it was supposed to be, I went back to that photo utility to read up on it. Then I came back to GuestDietBlog.

That “parked” page was back.

This was getting really old. I went back to support chat, and while waiting for the connection, I typed up answers to the questions I had gotten the first time in hope that would speed things up, which it did. When I got to the point of clearing history, the chat session was terminated — at which time it finally dawned on me that the two things were related. The third time around, I open the chat session in MS Virus Magnet IE so that clearing Firefox history would not dump me out of chat again.

The third time was the charm. The 3rd support tech showed me how to set up Filezilla to get around the server block, so I could disable all of the plugins by changing the name of the plugin directory. This time, I still could not get to wp-admin. About a minute later, the support tech came back with two pieces of information, 1) there was a typo in one of my DNS entries, and 2) there was a service called that would allow me to get to GuestDietBlog, and even login to wp-admin. (PageWash is a privacy-proxy, but it has other benefits, like the ability to get around proxy blocks, as in this case.) I fixed the DNS entry, wondering why the site had been working for several months with a bad DNS entry.

Since I now had what I needed to work on the problem myself, I thanked the support tech and ended the chat session.

I went through the plugins, and found the prime suspect. It was “Track That Stat,” a plugin that displayed various analytics, similar to “kstats reloaded” but with a bit nicer interface. Trouble was that the plugin had not been updated in a long time, and it wasn’t even listed in the WordPress directly any more. The support page for the plugin was down. There was a “Track that Stat” Facebook page, which had not been updated in a long time. This morning, I posted a comment on the FB to see if anybody responded. I removed “Track That Stat”  from my site (and this one!) and re-activated all of the other plugins that I knew that I definitely needed.

At that point, I could access the site without using I tried it from different browsers, and differ devices, just to make sure it was working. At that point, it was midnight, and I went to bed.

The site appears to be fixed now. Thinking back on what I learned during this exercise, it appears that what happened was that the “Track That Stat” plugin may have been corrupted, and that caused the 2nd DNS entry to become active, which threw me to somebody else’s site, which had a page that resembled a “parked” page in place of a 404 page. Today, we will be removing that plugin from all of our sites.

I hope that problem really is fixed. Maybe today, I can get back on that Debian 7 installation. After I finish issue #44 of Musical Notes Newsletter, and assuming no other crises come up…

P.S. If you don’t already have a hosting provider, or the one you have is not meeting your needs, I definitely recommend Hostgator.

Leave a Reply