To make a long story short:
Friday afternoon, ex-Romeo Void singer Debora Iyall had discovered my overview of It’s a Condition and posted the link to it on her Facebook page. Since I’ve been Facebook friends with her for awhile and had participated in her Kickstarter campaign for her new EP, I knew about it because she had linked to my personal Facebook page in her status update about the post. I hadn’t told her about the post (I didn’t want to be spamming her page or whatnot) so I was happy that she had found it and was giving me props right back for giving her old band props.
For whatever reason (a bit of ego, maybe?), I went to click through the link on my iPhone (I was at dinner with my mother at the time) and found myself getting rerouted to a .ru page that was basically dead. What?
Thinking it was some odd Facebook quirk, once I got home I got on my computer and checked the link. Through Chrome, I got the same dead page. Through Firefox, I got a fake virus scan site that (thankfully) Norton had cockblocked before any damage could be done.
Yep – some fuckers — probably Russian hackers — had somehow gotten into the account that holds all of my music blogs (The Groove Music Life, Music Is Like Oxygen, my Reina Tanaka worship blog So Hot She Shits Fire) as well as the blog for Resonant Blue and a blog for a friend’s charitable work (Sounds For Scoliosis, a series of benefit shows in the Wilkes-Barre/Scranton area booked and promoted by my friend Lucia Peregrim). Going directly to the main sites was fine… but anyone clicking through a link from just about anywhere (Google, Bing, Facebook, whatever) was getting redirected to some Russian pecker’s malware festival instead – and making me look bad. So bad that one of Debora Iyall’s friend had gotten hit with that shit, forcing the link to be removed.
So, after a few phone calls to my hosting provider, here’s what happened – the hackers had gotten into a file called .htaccess that, in the case of these blogs, works within WordPress installations and makes sure whoever visits one of my blogs is seeing one of my blogs. The hackers had replaced it with their own version that, within its hardly-complicated code, tricks links from search engines and social networking sites into taking people’s browsers into the Russian assholes’s virus playground instead.
Thankfully, a little Google research – a few seconds worth, more than most Tea Party members do – turned up how to fix this shit, using only Notepad and an FTP program. But I had to do it for every WordPress installation on my account – a minor pain in the ass, but it had to be done. Now all links should be fine.
Now, I don’t know if this kind of thing can affect the “free” WordPress blogs hosted on their own server farm, but if you’re independently hosting your own WordPress blog elsewhere, here’s what you should do to make sure these hacker motherfuckers aren’t messing with your hard work. With your FTP program (like Filezilla), check the size of the .htaccess file on your server. If it’s a little more than 200 bytes, you’re fine. If it’s bigger than that – the hacker’s version was over three thousand bytes – delete it immediately, Google for “.htaccess wordpress” and you’ll find a proper code to get your blog back to normal. Boot up Notepad, cut and paste (or type it up) it exact, and use your FTP program to upload it to your server. Note that you can’t simply just upload the clean version over the dirtied one – some of their code in the dirtied one prevents that, so you have to delete just that file.
My apologies to anyone who had been affect by visiting one of my blogs – in fact, at the time of this writing there was still a malware alert for So Hot She Shits Fire, which I’ve already applied for a correction on with Google. (Right now a direct search in Google warns that the site might harm people’s computers, especially if they don’t have something like Norton installed.) Everything on all of my blogs should be safe.