As you may know, visitors to this site have received unexpected redirects. It’s frustrating because I can’t see them. I contacted the vendor on Saturday, who found a specific evil bug. That was fixed.
But shortly thereafter, my friend Catbird wrote: “This is where that latest link you sent goes; it’s a phishing page that spoofs Apple. There’s a blue banner across the top of the page saying ‘Safari Search Contest 2021’. This photo is a screenshot of the message, which is obviously some kind of phishing ploy.
“When I called Apple Support they immediately thought you were spamming me and it took a few tries to explain that you were a friend and not only wouldn’t spam me but probably didn’t know how to set up a computer scam.” This is very true, BTW.
So I contacted the host again.
Restoration
“After further review of the rogerogreen.com website, I am seeing that it’s been compromised since at least July 25th. I checked our oldest backup (dated from 7/30) but noticed the hacked files were present in the backups. Performing a restore via the DreamHost panel is no longer an option as we only keep backups for the preceding 7 to 10 days. Restoring the website from the oldest backup would restore a hacked file structure.”
Yes, that WOULD be unsatisfactory.
Earlier that day, my cousin Tom had looked at the workings of my blog via ZOOM – OK, ZOOM is not ALWAYS terrible. He was looking at my plugins, and somehow he was showing one more than I had installed, or had listed.
Dreamhost guy Matthew noted: “When I checked your /plugins directory within your /wp-content directory, I was able to find a directory named /zend-fonts-wp which looks to contain malware that would redirect the website. After further research, I was able to find it is NOT a valid WordPress plugin.
Like magic
Bottom line: “A full reinstall of WordPress will need to be done to return the site to a properly working, updated, and secure state. The following link has instructions on how to proceed with the installation in a way that will help ensure there is no data/content loss.”
This means this site will go offline for an hour or three, probably today or tomorrow. But as the former governor of California once said, “The more knowledge you have, the more you’re free to rely on your instincts.”
Many thanks to Catbird, fillyjonk, Alison, ADD, west coast Bill, Mary R, Tom the Mayor, Kevin, Darby, Jack, and especially cousin Tom.