Security is Everything. Let’s Explain.

0

As many of you know, our website was brought to its knees several times by malicious malware. Many of you follow us on Facebook http://www.facebook.com/TheMadCacher and were aware of the problem, but for those who don’t, I have less hair on my head now. Our site (and a few others we manage) were crippled on multiple occasions by a vulnerability in the WordPress theme we use for the sites. This intrusion has affected thousand’s of websites, many of which were blacklisted by Google for containing the malware. Long story short – I’ve found new and colorful ways to use four letter words, I think George Carlin would be impressed :-)

After several hours of research and making a few phone calls we identified the source of the intrusion. A script used in many WordPress themes which allows images to be automatically resizes had a loophole exploited by hackers. The (TimThumb) resize script allowed hackers to insert a nasty bit of code into every site file resulting in any visitor to our site from Google to be redirected to a sales website or worse throw a malicious malware error.

It is important to note that MadCacher is not run by a large team. We are a two-man operation with demanding day jobs who also have a passion for Geocaching. The MadCacher is a labor of love and although our funding is limited, we are dedicated to securing the safety and continued growth of the blog. We love interacting with all of you and would like to continue to do so far into the future. With that, we would like to share with you the step we’re taking to make sure this doesn’t happen again…we hope.

Aside from adding Captcha code to the posts and administrative areas, we have done some (behind the scenes) work to lock down the sites even more and hired a company called Sucuri www.sucuri.net. In the interest of full disclosure the links to their website are affiliate links and if you sign up we get a small % of the sale. Sucuri monitors MadCacher every few hours and removes any intrusion that comes our way. They have been EXTREMELY helpful in getting us back on track and have given me the ability to sleep at night. When I wake up in the morning I would rather spend time writing about my latest adventure, not worrying about whether or not we are losing readership.

Sucuri.net has surpassed our expectations and even worked with us on a Sunday. The response time is exceptional and it’s a service we highly recommend to any of you that may have blogs. If you value your time as much as I do, this service can save you many hours in the unfortunate event of intrusion. We will be adding a badge to our site in the coming days if you would like to check it out.

So with that, we thank you for being a dedicated reader and we can now get back to adding great Geocaching content. We have another contest idea brewing we’re sure you’ll love and some new products to display from our friends at Cache Advance. This has been a learning experience for sure and since it didn’t kill us, we must be stronger :-)

If you have any questions or concerns please feel free to email us from the form on the contact us page. Thanks again and happy caching!

Leave a Reply