WordPress hack fixed

Some automated bot added an extra PHP file and a redirect, so when Googling for this website you would have been redirected to a page selling drugs.

I’m still trying to think why looking for some Fedora package would trigger a compulsive Viagra purchase, but hey, not everyone is the same.

Page & redirects have been removed, everything is back to normal. The specific repository pages were not visible (404) due to a faulty WordPress plugin update, which I removed. A crawl from Google has been triggered to remove the drugs page from Google search.

I will move the GPG public key of the repositories somewhere else, so people can still check if they have any doubt.

Now, If I could figure out how to remove that Jetpack error about AMP….

Also, looking for a cheap hosting solution (hey, this has been running for free since 2013), ideally where I also manage the website (no more WordPress..) and not the hosting company managing it for me, so if you have any suggestion let me know.

19 thoughts to “WordPress hack fixed”

  1. Hey there! First off, great job for what you have done here. Have you thought about adding a page on here displaying the repo signing key details such as the ID, fingerprint, etc. for those who want to check it?

  2. Hello. Where can i find you dkms-xpad rpm package? Can’t find in your repositories. I’m using the one that comes with modules-extra on Fedora, but it’s not working with my gamepad (it’s a generic one that has a button to switch between xinput and dinput).

    1. Hello, sorry but I removed it. At one point it was lagging behind the mainline kernel module, all changes were directly being merged in.

  3. I believe static site generator would be the best for the blog part.

    One option is static site on Github Pages https://pages.github.com/
    Source is located in a special branch in the repository. It could be a source for github flavored jekyll generator – github will render and publish content with no extra steps from you. Or it can be a complete static content published by github as is.
    Alternative static site generators use latter option. Source for those generators is usually located in a different branch of the same repo. Simplest way to start with alternative generators is manual local builds and pushing to github pages enabled branch. More long term approach usually is to autotrigger builds on push via github notifications or new github pipelines feature. Cost efficient way to run builds with complete control is in serverless environment, like amazon lambda. Your own instance is an option too but needs more maintenance and needs instance to be up all the time. Best approach, used by most tech blogs, is to use CI services, which often provide free tier usage for open source repositories. Travis CI and Circle CI are the most notable.

    Comments are an obvious issue with static sites.
    They can be moved to github issues, see https://github.com/utterance/utterances But considering your audience is not a github audience, some 3rd party comments service run as js plugin could be preferable.

    Repositories are a bit different, they are not really suitable for git repository due to size. I would suggest to negotiate free of charge hosting with some cloud platform company. I know that https://platform.sh/ offered free services for some large OSS community recently. Try to contact them. Digital Ocean was very supportive of the OSS too.

  4. Hi,
    seems that there is something else to fix: each page begin with this message:

    Warning: Missing argument 2 for Jetpack_AMP_Support::render_sharing_html() in /home/content/15/11463415/html/site/wp-content/plugins/jetpack/3rd-party/class.jetpack-amp-support.php on line 302

  5. https://buyvm.net has some pretty fantastic prices for VPS systems. Starts at $2/mo for a 512MB KVM. And in their Vegas datacenter you can add infiniband backed block storage (1TB = $5/mo).

  6. Thank you for the update. I use your multimedia repo for all my laptops and desktops.

    Have you considered using an external service to monitor the state of your website including regular vulnerability scans? You could do it yourself with OpenVAS but it’s time and effort that you may not be inclined to spend.

    Not the question you asked, but food for thought.

    1. Unfortunately GoDaddy is horrible with hosting and my options are super limited. Wish I knew that 6 years ago.

  7. I’ve been using pcextreme.nl for many years to host my own servers (debian). Cheap and good service.

  8. I would use OVH. You can get a very cheap VPS and you can choose the Linux OS from a few options, which you have full root access to so you can install whatever you want. Unlimited traffic even on the cheapest option.

Leave a Reply