Slipstream

I didn’t think I’d be publishing a blog post anytime soon because my website had been recently hacked. Although the site itself seemed untouched, Google listed its title as Zithromax For Sale, rather than Slipstream: Writing the Backwash with R. H. Sheldon. Sure, the links back to my site still worked, but the disturbing title persisted.

For the record, I am not nor have I ever been a Zithromax dealer. In fact, until I stumbled upon the troubling Google search results, I did not know what Zithromax was. I figured it was the name of yet another techie start-up.

I was wrong. Zithromax is a macrolide antibiotic used to treat bacterial infections, such as bronchitis, pneumonia, and sexually transmitted diseases.

I don’t understand what the intent might have been for such a malicious act. I have a hard time believing that Pfizer, the Zithromax manufacturers, singled out my site as a potential marketing coup worthy of a few underhanded tactics. (And far be it from me to accuse a pharmaceutical company of less-than-ethical behavior.) Even an online drug retailer would have little to gain by such a strategy, given that no company was mentioned, nor were my pages being redirected to such an outlet.

Google results for my hacked website

It’s conceivable that the drug hack was a result of a failed all-out attack in which some criminal culprit was trying to take over my piddly site, in which case, anyone could be a suspect—from cyber-activist to teenage geek wannabe to professional hacker on the payroll of an international cyber-gang out to compromise websites across the globe.

In all likelihood, I’ll never know who carried out the attack or why. All I know is that I’m still trying to eradicate Zithromax from my horizons.

I started the cleanup process by messing with the WordPress files and database that support my site. I found nothing of significance, at least nothing I could point to that revealed a specific cause for my problem.

So I contacted GoDaddy, the company that hosts my site, the company that has for years taken my money in exchange for a safe and secure environment. I first contacted their online support, which promised a response in four hours. It was more like eight. When an email finally did arrive, it suggested that my database had been compromised—an injection attack, they said—and they would be happy to restore it to an earlier version for a mere $150. They offered no other suggestions or solutions.

Keep in mind that the reason I implemented WordPress a couple years back was because GoDaddy had announced its availability on their platform. What I don’t recall from that time were any details suggesting that GoDaddy would offer no support if I went this route. Perhaps it was buried in all the small print.

My next attempt to address the problem was to call GoDaddy directly. This time, I was not offered the $150 deal. Instead, I was told essentially that because the problem was related to WordPress, I was for the most part on my own. The guy on the phone did suggest I delete all my spam comments, which I did. But nothing changed.

So I gave up on GoDaddy, except to fill out the post-support survey sent to me via email. I took the opportunity to explain fully what I thought of their system.

Since then, I’ve been messing with the WordPress files and styles and using Google’s Fetch as Googlebot tool to see how my pages appear to the Google search engine. Prior to my changes, the returned pages included numerous instances of Zithromax For Sale. After my changes, they included none. Success, it would seem, was at hand.

Unfortunately, the search engine indexes have been slow to acknowledge this fact, and some of my pages are still listed with the dreaded drug-dredging title. But I’m seeing progress, and most of my links now show up correctly. And any progress is better than none at all.

I don’t really know whether I’ve solved the problem, but I believe I’ve at least come up with a temporary fix. In the meantime, I’ve turned off all comments (sorry, folks) and am now making regular backups of my WordPress files.

Unfortunately, Google still lists my home page with the dire warning that “this site may be compromised,” even though their tools suggest that everything is fine. I’m still working to resolve this issue.

I’m not sure how much luck I’ll have, however. We live in times of instant information and instant gratification. We can text, email, pay bills, find restaurants, check balances, and buy just about anything that’s for sale from just about anywhere in the world, all with a few clicks of the mouse or track pad or smartphone screen. That is, as long as there exist no glitches in the system.

Anyone who’s dealt with an improper phone charge or misplaced state tax form or bank that incorrectly records a mortgage payment (yep, all those have happened to me) knows what it’s like to go up against bureaucratically-controlled, electronically-entrenched systems in which common sense and the common good have long been removed from the equation.

Service providers of all sorts love to provide you service as long as that service involves no special requests that challenge their systems and, by extension, their accepted way of doing business. The notion of service is measured in numbers and dollars and swelling dividends—and rarely in customer satisfaction. The last thing any organization wants is to deal with customers who require special consideration or care. Customers who require service.

Time waits for no one in this age of digital wizardry and supersonic specialization, especially for those who gum up the works—whether intentionally or otherwise.

Tags: cybercrime, database injection, GoDaddy, Google, service provider, website hacking, WordPress, Zithromax