If this can happen to Alan November, it can happen to any of us using WordPress as a blogging platform on a self-hosted website. Vulnerabilities like this are not limited to WordPress, however, they can happen to any website. YouTube was hacked on July 4th this year, and Justin Bieber’s videos seemed to get the worst of it.
You’ll note a simple Google keyword search today for “building learning communities” does show Alan’s website first out of over 8.8 million hits, but the website “meta information” (title and description) suggests the site is for “Cialis generic online | Online Canadian Pharmacy!” This looks distressingly familiar to a hack I experienced on my own WordPress installation back in September of 2008.
By viewing the source code of Alan’s site using the Google Chrome browser (choose VIEW – DEVELOPER – VIEW SOURCE) it doesn’t appear the hacked code is still on his site homepage. Hopefully Google’s indexing engine will catch up to this fix and correct the meta info for BLC and novemberlearning.com. Interestingly, the same search on Bing today has over 27 million hits, but the meta info for Alan’s BLC site (which also comes up first in search results) does NOT include the apparently “old hack” for Cialis drugs. I’d be interested to know if Bing does NOT include this faulty meta-information because it’s faster (already picking up the fix) or slower (not updating as often) as Google’s search algorithms.
This hack to Alan’s site seems a bit ironic, since I’ve been hearing him talk about the importance of students understanding “the architecture of the Internet” so they (and we) can manipulate it to our advantage for years. Like many things, I’m sure this will provide a teachable moment for many which Alan and others may point out. Since I wasn’t at BLC this year I don’t know if it was mentioned.
The risk of having your website hacked is real for anyone online, but the responsibility for “fixing” problems like this can fall on your shoulders if you self-host a blog installation or other website content management system. Getting professional support to fix problems like this is a good reason to blog on a commercially supported site like Posterous, EduBlogs, WordPress.com, or Blogger. The support community for open source blogging tools like WordPress (WordPress.org) is GREAT, but it definitely CAN be stressful when you have to figure out how to fix a problem like a hacked site on your own.
One of the best ways to protect yourself from ANY type of security risk or hack online is to keep your computer (whatever type you happen to use) up to date with the latest versions and security patches of operating system software as well as separate software programs you use. Doing this for your software (including WordPress) CAN (but won’t necessarily always) insure you’re safe from malicious attacks.
It can be a dangerous world out there. As with dangers encountered in the face-to-face world, it’s best to be pro-active in your preparation for online threats, and also have a good network of support to turn to when you run into trouble. That’s just another great reason to build and maintain a PLN!
hack, website, alan, november, alannovember
If you enjoyed this post and found it useful, subscribe to Wes' free newsletter. Check out Wes' video tutorial library, "Playing with Media." Information about more ways to learn with Dr. Wesley Fryer are available on wesfryer.com/after.
On this day..
- Use Video Camera Like a Pencil - A Blog Like a Textbook - 2014
- Wind Energy in the Classroom at Podstock 2013 - 2013
- Lessons Learned Teaching Mapping Media Last Semester as a Blended Course - 2013
- A Video Lecture You Won't Soon Forget: Video Games and Storytelling - 2012
- Webcasting with Ustream, an iPad, a Tripod & an XLR Boundary Microphone - 2012
- It's not a real spider, it's just a smartphone - 2011
- River Rafting in Colorado with Buffalo Joe's on the Arkansas River - 2010
- A free online musical - But watch out - No ratings here... - 2008
- Know any fantastic Drupal developers? - 2008
- 50 iPhone emails today - 2007
These are particularly frustrating hacks, and the offensive code isn’t always easy to track down (even viewing the HTML source). I’ve noticed tha WordPress is unfortnately a frequent target, due in no small part to it’s popularity. In addition to what you mentioned, it’s important to make sure your php files are secure, as that is a popular way of stealing authentication information. Also, users of solutions like WordPress and Joomla that use third party plugins should keep those updated as well.
These problems could really hit home for schools in the next couple of years as the FCC will likely disallow E-Rate funding of web hosting, forcing many smaller districts to host their own sites for the first time in many years.
Best of luck to Alan and everyone else dealing with these problems.
Sorry to hear this, but I find it interesting, when you consider the total shutdown of http://nlcommunities.com a year ago because they were not able to keep up with the software upgrades needed to maintain their blog. No chance to transfer to another platform. Nothing, except word that it would be gone – soon. And it was. My school’s student newsletter that was hosted there for three years is now gone for that period. Luckily, I mirrored (most of) it on a personal site. While I appreciate the philosophies, motivational speeches, conferences, etc – it does make me wonder about priorities there…
Wow Mark, I had never heard that about blogs on nlcommunities. What a bummer. Glad you made mirrors of most of the content. There’s an important lesson learned in itself.
Usually, the hacked WordPress sites will show Google a different page than normal web browsers, so the owner or users of the site do not notice anything different but Google will get incorrect information. I had a site that was hacked, and the reason I noticed it was because the hack screwed up the RSS feed for Google Reader. It was a bear to track down because when I would troubleshoot the site I would get the correct RSS feed, but Google Reader would still be messed up.