When the enemy visits your house, or in this case your website, you gotta fight.
And when your web hosting company tries to make you a victim of ransomware, you gotta end the conversation.
It has been awhile
I have not written on The Journey Victorious site since the start of the pandemic. There has not been a lot of activity at The Janet Channel either. There are times I just need a break from writing. This is also published on The Janet Channel.
When it began
Several months ago, I started getting messages from my web hosting company ipage. The notices kept saying there was suspicious script on The Journey Victorious. I pay another company, JetPack, to scan my site and I had not heard from that company about any issues.
My first thought was ipage was trying to get me to purchase another service from it. So, I ignored the messages.
A few days ago, I received an email from a guy who said he worked as a security consultant for ipage and that I should contact him. I did not contact him, but I went and inspected the back-end dashboard of the Journey website.
What I saw were 8,000 unauthorized users to my site. They were fake, from a bot.
Yes, 8,000
Of course, I freaked out a bit. My settings do not allow any user to register on his or her own. My default setting for a user is a subscriber, so thankfully they had no access to the back end of my site. But how were they getting in?
WordPress uses themes and plugins, and this is generally where all the problems start. In the past I have deleted unused themes and plugins for security reasons.
My first step was to contact both ipage and Jetpack Then I began the task of deleting 8,000 fake accounts.
Fast and furious
Even as I was deleting, the fake accounts kept pouring in. I was still waiting to hear back from Jetpack, and ipage was not offering any real solutions.
I added captcha to both my sites as well as email verification. The fake accounts were still coming. So, I went back on chat with ipage where I was treated like a dumb girl at a mechanic shop getting ready to be fleeced.
The so-called security expert on the other end started to lay out his case to make me his victim of ransomware. He started explaining how malware comes through themes and plugins. No duh Sherlock, I did not just fall off the turnip truck. All I wanted was help fixing it.
Then the real ransomware drama began
I figured at that point he was going to try to sell me some ridiculously expensive solution and I said, “Well, I may have to just reset the site to fix the issue.”
He then tells me, oh no, the bots will follow your domain forever even if you reset your site and it could lead to Google backlisting your domain.
“But I can guarantee you that we can stop it for $299 a year.”
Yeah, okay, we’re done.
I ended the chat, rated him as low as I could, bitched on Facebook messenger to whomever monitors that chat thread and then made dinner. My brain needed a rest.
There is always tomorrow
I woke up at around 3 a.m still a bit stressed. I mean, I would have deleted the entire site before I paid these people, and that was even if I could pay them. Unfortunately for ipage, the Lord blessed me with a brain and determination beyond normal determination.
And guess what else? I know how to use that brain and determination.
At 3 a.m. I finally heard from Jetpack. The rep told me there was no malware. He said the site was double scanned and nothing was found.
But the door was still open to the bot.
With a clear head a few hours later, I went back to my Journey dashboard. There were about 100 new unauthorized users. I made a couple of tweaks to the site, logged out and logged back in and knock-on-wood, the door appears to be closed.
Always a silver lining
Even through the stressful events of yesterday, I knew that whatever was going on, fixing it would make me more valuable. Knowledge is power.
It was obvious I was on my own unless I was willing to pay a ransom. Fortunately, the WordPress platform highlighted a plugin to delete. It appears that this plugin was associated with the bots and was the open door.
Having more than one website can really help to determine exactly which plugins are necessary. The deleted plugin was not installed on The Janet Channel so I went with the WordPress recommendation.
Would it have been so hard?
For the ipage so-called security expert to take a look and make that suggestion? But to do that was to risk commission on a $299 yearly ransom. Instead, he risked his reputation and became the enemy. A ransomware expert.
It is ironic that the issue took place on The Journey Victorious. All and any web issues I have had have been with the The Journey Victorious domain … the site where my Jesus heart lives.
Those visits
When the enemy visits your house, or in this case your website, you gotta fight.
And when your web hosting company tries to make you a victim of ransomware, you gotta end the conversation.
*Comments
Social media friends can comment on story links at Facebook or Twitter. You will find my email address posted on the top right side of this page or at the bottom of the page on your mobile device. Those of you who have my number can always text.
*Subscribe
Subscribe to my blog at the top right side of the page or at the bottom of the page on your mobile device.
*Polls
Answers to poll questions are anonymous. This site does not collect personal data and I do not know your answers.