Followup: I’ve been slashed!

Okay, truth be told I’m laughing at my own stupidity. Ipstenu.org’s been acting like a brat for a couple weeks, and I couldn’t figure out why. Turns out, I was hacked and infected with the Dark Mail virus. Dark Mail is basically a spammer script they put on your webpage that spams people. I found out becuase my grandmother called to bitch that her email to my dad was bouncing. She’s on my server, you see. After a late night help ticket to the fantastic LiquidWeb, it’s all been fixed and my lesson has been re-learned.

Here’s what happened.

Friday April 9th I was surfing the net while working from home, using my non-virus protected Windows PC. Yeah, I know. While visiting a friend’s site, I got a weird pop-up saying ‘Such and such.com says your PC is infected!’ I told my friend, assumed nothing untoward happened, and went on my day, which included some FTPing to my domain.

Of note, I ALWAYS use SSH and SFTP. The first S stands for Secure. Of course, it’s not actually all that secure. I mean, they’re better than Telnet and FTP, but they won’t protect you from everything.

On Monday the 12th, I post a new blog post here and things go pear shaped. Cache is weird, people are getting errors, I can’t sort it out. I thought it was WP-Super-Cache, but then it wasn’t. It was insane.

On Tuesday the 13th, emails from my office to my home were bouncing. I thought it was my mailserver blocking my office!

Finally, Sunday the 18th, Taffy bitches “I can’t mail your father!” Now I get hands in and look. What do I see? “Connections not accepted from IP addresses on Spamhaus XBL.” And it’s listing MY IP ADDRESS!

Thank goodness, LiquidWeb was able to find the vector point of infection, which once they gave me the details, I knew it had to go back to that Friday. And they got me off the black lists pretty fast so everything’s okay now. But let this be a lesson, everyone! You’re only as safe as you keep yourself!