Stupid HostGator

For those of you don’t run their own website, this post probably isn’t going to mean much to you, but for the rest of you, I think you’ll appreciate what I learned recently.

Last year during the Thanksgiving Black Friday sale, I was able to buy a year of web hosting for like $25 at HostGator. I put one of my smaller mainstream sites over there. I mean for a price like that, what can go wrong?

I know, famous last words.

Turns out, you really do get what you pay for.

The website I host with HostGator is a small WordPress website that gets less than 100 unique visitors a day.

This little website never really gives me any trouble. For the most part, it stays up, with an occasional 10 minutes down here and there — so I wouldn’t normally complain about the hosting.

But last week I got an email notifying me that my WordFence plugin was deactivated, by me. Now considering the fact that I didn’t deactivate it, I decided to log into my WordPress admin and see what was going on.

Turns out the site had gotten infected with Malware, so anytime anyone visited the website, a few of those pesky popups would appear.

I contacted tech support and they immediately redirected me to a third party company which they use and they require $150 to fix the problem for me.

I knew where the Malware was. I could FTP in and see where they had created a folder and were running a script. The only problem was, every time I tried to delete said folder it would come right back.

I wasn’t going to pay my hosting company for web hosting and an additional $150 to delete a damn folder for me. So this time I called in. Their support informed me, that they are not allowed to delete files from my server.

So I asked him, what exactly is it that you do then as tech support for host gator. He couldn’t really give me an answer.

But for $150 this 3rd party could clean up my website of the nasty Malware. They didn’t guarantee it wouldn’t come back, but at least, “for now” it would be gone. Now for $1440 they would protect me in case it did come back.

I explained to him that for a fraction of that price I could just take my website to a new hosting company and have it done for free. He didn’t seem to care.

Still, I was determined not to be defeated.

I knew I could pay WordFence $99. That would save me some money, but still, that seemed high. I just wonder if there was something else I could do myself.

Here is what I did ….

#1 I made sure there were no other users, other than myself.  If there are other users, and you know they don’t belong there, delete them at once.

#2 I delete my theme and re-uploaded a fresh copy of it so that just in case they have infected any of my theme files, I got rid of that issue.

#4 I made sure all my plugins were updated. I then deleted any plugins I didn’t absolutely need.

#5 I deleted WordPress completely –  I didn’t just install an update. I mean I actually FTP’d into my server, deleted all the WordPress files manually and then installed a fresh version of all the files that I had downloaded earlier from WordPress.com – obviously except my wp-config.php file. Make sure you don’t accidentally delete that.

PROBLEM SOLVED!

Turns out the hackers had inserted an extra file in my WordPress wp-includes directory that didn’t get deleted/updated when you updated WordPress because it wasn’t really part of the WP core files.

So next time you have an issue, don’t just give up and pay the money, try and fight it yourself first. With a little patience and persistence, you can get rid of the problem on your own.

Side note: Just to be safe I also deleted all my plugins and installed a fresh copy. I also updated the password to my WordPress database installed on that website, making it slightly longer and more complicated. I wasn’t sure if they had compromised my database but it’s always better to be safe than sorry.

 

 

Is your home router safe? It may not be!

WordFence the popular WordPress security plugin sent out a massive email blast today letting people know that their home router may be vulnerable.

Although the vulnerability was first disclosed in 2014, it wasn’t taken seriously by many and as a result, hackers are now using it to hack home routers.

As many as 41 million home routers worldwide have the vulnerability. Basically, you should not have port 7547 open to the public. If your router has it open, you should contact your internet service provider and ask them to close it at once.

To find out if you are vulnerable click here to run the test.

Contact your ISP and let them know that port 7547 on your home router is accessible from the public internet.

Let them know that port 7547 is used by your ISP to manage the router. It should not be publicly available. Suggest that they filter access to that port to prevent anyone on the public internet accessing it.

To now allow hackers to get access to your home computer or take over your WiFi.  Get your internet service provider to close off public access to port 7547 on your router today.

On a side note, if you call your ISP and they tell you “you don’t have any ports open” insist that you do (if you took the test and failed it).

Also try here and enter 7547 in the port area and then click check.

If they say otherwise, ask them to escalate your ticket. That’s what I did. It took awhile but finally was able to get to someone that knew what he was doing and help me.

It’s annoying I know, but that’s how some internet companies are.

How do you remove “NOFOLLOW” from WordPress Comment Links?

What the heck is “nofollow” and why should I care?  Well, “nofollow” is a value that can be assigned to a link to tell some search engines like google that a link should not influence the link target’s ranking.  Basically what you are saying is, please Google don’t let this link, whatever it may go to effect my own personal rankings in your search engine, I also don’t want to give that site in which the link goes to any credit (as a backlink).   The nofollow value was originally suggested to stop the insane amount of comment spam in blogs.   Removing the nofollow tag from your site might encourage others to participate in your site, posting comments and visiting your site more often since if they do their website will get a backlink credit.  As long as the comments posted aren’t blatant spam then it can also help your site by being updated more often and that improves your own SEO rankings.

A lot of time has passed since it was originally created and a lot of technology to get comment spammers in line.  But nowadays it is nearly impossible to remove the “nofollow” link in your wordpress blog.  Well not impossible but very hard.

WordPress has a few plugins that claim to remove the “nofollow” tag from comment links but most I found just flat out don’t work.  I have no idea why but rather than messing with a plugin and trying to figure out how to fix someone else’s work I found an easy way to get rid of that stupid “no follow” tag wordpress puts in all comment links by default.

Look in the wp-includes folder for a file called comment-template.php.

Search every reference of “nofollow” on that page and remove it.

For example you’ll find an entry that says something like

$return = “<a href=’$url’ rel=’external nofollow’ class=’url’>$author</a>”;

Fix it up and it now says

$return = “<a href=’$url’ class=’url’>$author</a>”;

In all you should find about 5 “nofollow” related entries that you will need to edit on that page.  Save it and now your blog no longer has the nofollow tag.  YAH!

 

 

Interesting Porn Blog Fact

Porn blogs are all the rage.  100s of new porn related blogs go up every single day and it’s understandable since if it’s done right, a good blog can earn you some nice pocket change each month.  But before you run out and start your own, you might want to stop for just a moment and read the fine print of the site you are thinking of blogging on.  Case in point … blogger.  While it’s a great blogging service, in that it’s free, easy to use and can give your other sites a SEO boost, did you know they don’t allow blogs for the purpose of financial gain?

In other words, any porn blog that is started on blogger can get deleted at any time, without warning so all of that hard work was for not.

WordPress.com hosted blogs, same thing only even more so since blogger will allow a limited amount of adult content within reason and as long as there is no clear intention of commercial gain, while wordpress apparently doesn’t like any sign of it for any reason on their free hosted blog service.

Now here is the thing …. this also means that any of your competitors or someone you’ve pissed off can also contact Google or WordPress and report your blog and chances are, it will get removed.   Trust me when I say, Google isn’t half as friendly as people tend to think they are when it comes to porn.

So just keep that in mind the next time you want to start an adult blog.