February 4, 2015 at 17:48 #11008
I found my blog was down today–the theme apparently was broken.
So I tried changing to a new theme, and now my blog displays a PHP error, and I get the same error when I try to get into my dashboard.
This is very aggravating, and I feel really frustrated and powerless to do anything about it.
February 5, 2015 at 00:23 #11010
@cazort Yeah, I’m very sorry about that.
Tea Trade suffered a malware attack on Saturday, which was remediated and then unfortunately was re-infected on Tuesday through a vector that I thought I had already closed. It’s been a long week of clean and repair for me. During the process, I inadvertently deleted a very important file directory and have been working to recreate it since (why there was no backup is a long story). In the process, a lot of functionality on Tea Trade has been removed (now I think for the better, because it is all faster now and much of it was unused features anyhow) but also a lot of themes. The repair process takes time and while I worked with an information security contractor, who I pay for the job, for the malware cleanup, the functional repairs are all me and only me.
I keep Tea Trade online out of love for it, since it was my learning playground for WordPress development. I make no money from it (though I do make money from the things I learn from working on it), and I pay a rather significant sum each month for the server (which is, by no means a small server). The downside of it is that since it is just one person working on it, things take a little bit longer to get fixed when they break and I do it when I have time outside of my 50-hour week day job and professional consulting I do on the side. It also is lower on my priority list behind other websites I’ve created and manage.
Anyhow, I fixed the problem with your site, and I’m sorry about the inconvenience about it. The theme that was assigned to it had some files that were missing some code after the cleanup script passed through it. I saw that it was an older default WordPress theme, and it has now been replaced with the current default WordPress theme. I’m looking to get more themes re-installed to choose from, so feel free to browse WordPress.org’s available themes and let me know if there is one you like and I’ll install it for you.
February 5, 2015 at 02:39 #11022
Same problem with me. Figured it was a theme-problem, went to change themes in hopes that it would fix it, ended up breaking it more. Just a php error now. Should have read the forums before-hand.
Sorry to hear about the attack. It’s a lot of labour and love you put into this site.
February 5, 2015 at 08:15 #11023
I really wish I knew how to fix that @supermoon10 – Pete worked on Alex’s after he got home from work last night but he didn’t have time to explain what he did. He’ll look at yours as soon as he can but I know it won’t be until this evening.
@cazort – the best way to be in touch is on here, or email as Pete never looks at twitter. I do but when I do it means more time delay as I still have to pass on the message to him.
February 5, 2015 at 10:05 #11024
Thank you so much for getting things back up so quickly, and for the explanation.
I definitely understand how things can be really bad with these attacks, WordPress can be much more vulnerable. I check my server logs at RateTea and it has been inundated with automated attacks ever since I launched it, I have to work frequently to keep the software up to date and patch new security holes as I become aware of them.
And I also know what you mean about projects not making money. I earn money from RateTea and a small amount from Cazort.net, but I have so many websites, including ones that I feel passionately about, that don’t earn anything and I feel like I can’t put as much energy into them.
I wonder if there may be a cheaper option for your server. If you get in touch with me by email I’d be glad to discuss this in private! I may have a few ideas.
February 5, 2015 at 17:39 #11028
@supermoon10 – your site is fixed. I repaired your theme and you should have no trouble accessing the dashboard now. Keep in mind that as part of this, all the images uploaded have been lost. I have enabled a tool to make it easier to replace images. The details of the tool I installed can be read about here: https://wordpress.org/plugins/enable-media-replace/
February 5, 2015 at 17:43 #11029
@cazort – I’m pretty happy with my server and hosting company. While I pay a lot of money, I do have a rather powerful VPS with a lot of space and power. I think one of the issues I have is that I do a lot of development, both for clients and for practice. Some of those WordPress installations went untended. It wasn’t recent, but at one point I had 15 different installations, some that were spun up in a few minutes and then forgotten. In the recent case, I found that was 5 releases old that was never updated. I suspect that was the vulnerability. I don’t do that way any more. These days I do a lot testing in Multisite (which is what Tea Trade is, infinite number of websites inside 1 installation of WordPress), or I go out to an on-demand service that lets me spin up a new WordPress install in less than a minute that I can turn off and on as I need for development. I suppose the only real issue is that I don’t keep my installations properly compartmentalized on my server and generally use just one directory (and into its subdirectories for many different websites)
Aside from Tea Trade,I have a lot of client work going on on my server. This is useful because it lets me work online, where they can see it, instead on fighting with web development on my PC. Those sites are generally not the vulnerabilities though. They are kept up to date because they are tied into a monitoring script that ensures I never go more than 2 hours with outdated software.
All in all, things are good. This malware attack really wasn’t that big of an issue. The issue was a mistake I made in the repair process.
February 5, 2015 at 22:55 #11030
February 14, 2015 at 02:07 #11032
Aaah, two updates. One: I can’t seem to read any posts on my site. I checked on the dashboard, and they’re still there and editable, but get “not found” when I try to click on them in my public site. Also: I keep getting “cheatin’ uh?” every time I try to click on any admin tools, like editing my layout, or previewing themes.
February 14, 2015 at 09:55 #11033
February 14, 2015 at 12:42 #11034
February 15, 2015 at 15:50 #11035
You must be logged in to reply to this topic.