A handful of individuals reported to me, mostly via email, that their antivirus software had warned them of a blocked, but unspecified, malware infection when they attempted to visit Aiera today. To them, and to anyone else who got similar warnings, my apologies.
However, you’ll be happy to know that as of this evening, the site appears to be clean again:
So…where did this come from?
The short answer is: I don’t know. I have my suspicions, and have made a few edits to certain files and functions (timthumb, I am soooo looking at you!) to tighten their security.
The long answer is: Website malware isn’t significantly different from OS malware in terms of the design philosophy behind it. At a technical level, yes, very different, and yes, its attack vectors are different as well. But ultimately, website malware designers — like OS malware designers — look first at the big target. By virtue of the fact that I use WordPress, I’m a bigger target automatically.
I also use a number of plugins on the site, and while I am eternally grateful to the WordPress community for the development of all these little things that make the site operate just a little bit better, well…I think everyone here knows how easy it can be for a spare time developer to drift away from a really neat project he was once rather passionate about. Not all the plugins I use are kept up to date by their original developers, and I will probably have to cull some of the older ones in the near future here.
Finally, I use a pretty sweet template on the site, if I do say so myself, which offers a fair bit of functionality and style above and beyond just any basic WordPress template. But that comes at a cost too; the template has a handful of advanced scripts (like timthumb) running behind it which control some of its features. These, too, can contain vulnerabilities if they are not updated and maintained, as surely as any plugin.
The plan: Going forward, I’m going to look at moving the site to a better template, something which is a little more current and a little easier to manually tweak if the need should arise. As mentioned, I’m going to cull some old plugins, and either kiss their functionality goodbye or find a more current replacement that is still being actively maintained. And I think doing regular checks of the site using Sucuri SiteCheck will also become part of my online routine.
How you can help: If you see problems when visiting the site, let me know as soon as possible. If possible, hit up something like Sucuri SiteCheck and plug in Aiera’s domain name; grab a screenshot of the results and send that my way. Sending antivirus or anti-malware logs or screenshots that list which file(s) on the site are causing the issue is also a good idea.
Most of all, though, just be vigilant, and also patient. The success of the site still surprises and throws challenges at me from time to time.