My blog was hit by Malware infection

Malware infection, this must be every blogger’s nightmare. Imagine clicking on your blog, Facebook or Instagram LINKS, and you get redirected to some apps download, spam or even porn website.

SengkangBabies wish to bring you FUN, not virus. Our blog was infected earlier this month and I hope to share the cleanup “challenges” which I encounter.
cover page

Confusion, Panic, Frustration

(Most) Bloggers know how to add content and change a few fonts, but we are helpless when infected.
– We might not even realised our blog is infected. Do we know the source of infection, is it questionable plugins, un-patched WordPress, hacked passwords, or perhaps host was compromised?

– Assuming you know the source of infection or virus, you will Google for solution right?
There are so many links out there which claim to have the SOLUTION. Many are click-baits, but HELLO, how do we identify reliable websites? After getting spooked by Malware infection, I am paranoid that a website providing “solution” might inject more Malware into my blog Argh!
google for help

– Do not expect me to troubleshoot lines (thousands!) of PHP codes to find which code (or codes) is infected! I cannot even identify the strain of malware 🙁
malware2

– Assuming if you do find a reliable website, the steps to remove the Malware might require you to have some coding skills. I am quite a techie, but I struggle to find the affected codes (plural as in there are likely more than one infections).

– Enterprises and bigger establishments might have their own IT folks, but bloggers and small webshops are on our own. It was disappointing, my host could not even provide a “repair” quotation!

Good luck finding a reliable (and affordable) vendor in Singapore. Some quoted me $200 per hour (without guarantee that problem will be solved). I was literally under vendor’s chopping block.

– This leads us to the most important question. When was the last backup performed?
We might need to restore the root folder as part of the remediation steps.
And how many of you are comfortable with navigating Cpanel (Control Panel)?

Desperation, Accountability

You might ask why is it so critical to ensure your website or blog is not infected.
It is all about reputation and accountability.
malware3

Although SengkangBabies do not do online transactions, we are in the business of generating Content.
People read our content because our experience is genuine and authentic, I hope they find our tips useful.

Our stakeholders are our readers.
Our blog should not infect readers’ machines when they are researching for the next staycation.
I own SengkangBabies, and I must be accountable for the blog.

The last thing you need is to be blacklisted by Google!
You can say bye bye to your traffic and reputation.

Damage Control, Recovery

In the end, I had to pay good money to Sucuri to secure my blog (scan and firewall) for the next 12 months.

In addition, I have changed all passwords, keep WordPress and plugins updated, and ensuring my Host is backing up my Blog more frequently. All these additional steps are required to give myself more assurance, and to keep my readers safe.

Even with all these mitigations, I am still not optimistic of the future.
output_Yr3E30

Malware are notorious for re-infecting websites, as they have some back-doors.
Is my blog really safe now?
Do I need to extend my contract with Sucuri to keep my blog safe?

The anti-malware sector needs more resources. The lack of responses from authorities and vendors, are as unnerving as the Malware itself! I tried at least 5 vendors in Singapore without success, someone please share your “Security consultant” with me.

– SingCert might write in to inform you about infection. Instead of warning that my website is infected, they could be more helpful in advising on next steps forward. Or perhaps NO, since Singapore Government is shutting down Internet access too!

singcert warning

** If you suspect your blog is infected, use the FREE Sucuri scanner https://sucuri.net/scanner to scan your blog.
malware

In summary, self-hosted websites are more vulnerable, compared to blogger or WordPress.com
After your blog is compromised, you feel like you are all alone and so vulnerable.

After engaging Sururi, most of the Malware infections (injected codes) had been removed.
Suruci is like an anti-malware concierge, very proactive in ensuring that their customers’ concern and questions are answered.

Although I am impressed with their services, I sincerely hope your blog will not be infected 🙂
More reading materials available here.