The Nightmare!

Hi everyone!

I have not been busy with my blog in the last couple of months because of other pressing priorities (that lasted longer than I expected).

I’m wondering if any of you used the MailPoet Newsletter plugin to collect subscribers info on your WP blog?

For those of you who did, here is a word of advice: EVEN IF you kept it up-to-date, you should immediately check your site for malware. I’ve used Anti-Malware and Sucuri plugins (both free on WordPress.org) and found malware in all of my WP installs that had the MailPoet Newsletter plugin installed…

Insidious, invisible, bad news.

The thing is there was a vulnerability that was found only in June and by the time they issued the updates, most sites were already infected. Excepts all sites were still running smoothly in the front-end. Late in July, they realized that and sent another update (the first one was not enough) and THEN told us to check our sites with anti-malware. So even if you had kept everything up-to-date (like I had) your sites could be infected without you knowing it because the front-end was still working fine.

If you’re lucky, it’ll be a very easy operation. I’ve been lucky. On my own sites, there were a few intrusions, all easily removed. On one of my clients’ site however, things were different. The client had given an administrator account to a supposed expert (!), and that site has been hit so badly I had to have my own hosting provider (I’m a hosting reseller) check the site thoroughly and they still found malware code after running checks & cleaning up with plugins (Anti-Malware plugin has been updated with that data afterwards).  I _strongly_ suspect my client’s so-called expert’s password was too weak and opened the door because it’s the only site that was so badly hit.

Secure passwords

I’m a hosting reseller and site developper, and I always ask my clients, in the contracts I have with them, to use secure passwords:

  • more than 8 characters
  • a mix of small and capital letters, figures and symbols
  • NO word that can be found in a dictionary (even in a foreign language – robots access ALL dictionaries)

This may not make the sites impenetrable, but looking at my other sites where passwords are secure, it certainly proved useful this time.

Don’t trust what you see

The other lesson for me here was that I couldn’t trust what I was seeing. All my sites kept running smoothly. NOTHING was visible on the front-end (visiting the site). Which means my sites (and hosting space) were most likely used to do spam or launch various attacks on other sites or maybe simply used as a space resource.

Loosing ranking

The bad thing about this, besides the fact it makes you an accomplice to bad stuff going on on the Web, is that you might endup with your site blacklisted and you will likely loose your ranking on Google. Why? Because if your site is infected, Google will pick up on it and until your site is cleaned up, forget ranking…

Bottom line lessons for me

  1. Keep everything up-to-date
  2. Don’t trust the fact that our site seems ok when you visit it.
  3. Install malware-checking plugins
  4. Install a plugin that will let you know when WordPress, your theme or your plugins need updating, so you don’t have to go check every day (I installed WP-Updates-Notifier – again free in wordpress.org)
  5. Make sure you and all your users have secure passwords
  6. Pray that life be good to you 🙂

I was keeping everything up-to-date and I had secure passwords, and I had faith in Life being good to me, but I neglected the other points.. It cost me a full week of work, when I didn’t really have time for that at all. I hope this post will spare you a bit of that.

 

 

Posted in Blog, Newbies, Real Life, Security | Tagged , | 6 Comments

Time goes SOoooo fast!

Thursday! OMG! It’s already Thursday, almost 10 days after the end of the QSC. So, in the spirit of posting regularly, here is what’s coming: I’m currently putting online one site for my pictures, one site for my IM activities, one site for self-employed and the realities of working in/from your home, one site on self healing and, if I can, one site on books that can make a difference in one’s life.

Gotta go ( I have tons of work to do if I want to deliver!)…

Have a great, no, a FANTASTIC! week 🙂

 

Posted in Blog, General, Internet Marketing, Real Life | 3 Comments

Week 3 – Here is your gift :-)

Week 3 of the Quick Start Challenge has been more challenging than I expected, especially since I had already done the “homework” in week 2 when I had put up a subscription link at the bottom of the page (not very handsome, but still, it was there) and I had told in the video what the gift would be to sent those who subscribed. And then time started running, so that we are again on Tuesday and I’m again rushing to finish eveything at the last minute.

The gift

Maries_5-Headers_2014The gift you will get as a new subscriber is a set of five (5) headers made from photos I took, accompanied with matching buttons (3, from 100 to 200 px wide), banners (4, from 250 to 500 px wide) and bullets (2 sizes), plus a favicon. The last bundle actually offers 3 headers (one with the full image, one with the top half and one with the bottom half).

All files are in .psd so that you can add your logo and name in layers. Headers are included in jpg format too for immediate use. They are 1200 pixels wide.

 

You might be interested to know that those pictures have not been photoshopped. Not even the stars in the water. They have been cropped to frame, of course, but there is no special effects of any kind in them.

Enjoy!

Marie

 

 

Posted in General, Quick Start Challenge | 7 Comments

My first video post!

Well, talk about getting out of our comfort zone!  But I did it. I’m pretty sure doing it at the last minute sort of defeats the purpose of generating traffic this week, but then it was Easter and we’ve been flooded – thanks Mother Nature.

Therefore, in order to compensate a bit, I created a subscription form (see at the bottom of Continue reading

Posted in General, Quick Start Challenge, Video post | Tagged , | 22 Comments

First Post – this is a landmark

First posts are just that, first posts, but to me this one is a landmark because I’ve meant to do this blog and website for years now. I bought the domain back in 2009 with one specific project in mind but never got around to do it.

That’s why, when I saw Craig’s and Dean’s The Quick Start Challenge, I jumped on Continue reading

Posted in Blog, Many Maries, Quick Start Challenge, Real Life | Tagged , , | 8 Comments